aimless-security
Version:
Enhanced Runtime Application Self-Protection (RASP) and API Fuzzing Engine with advanced threat detection, behavioral analysis, and intelligent response scoring for Node.js applications
126 lines • 4.02 kB
TypeScript
import { AimlessConfig } from './types';
import { FuzzTarget } from './fuzzing';
import { Logger } from './logger';
export declare class Aimless {
private rasp;
private fuzzer;
private logger;
private config;
constructor(config?: AimlessConfig);
/**
* Get Express middleware for RASP protection
*/
middleware(): (req: import("./middleware/express").AimlessRequest, res: import("express").Response, next: import("express").NextFunction) => void | import("express").Response<any, Record<string, any>>;
/**
* Get CSRF protection middleware
*/
csrf(): (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void;
/**
* Get loading screen middleware (place BEFORE main middleware)
*/
loading(): (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void;
/**
* Analyze a request for security threats
*/
analyze(request: {
method: string;
path: string;
query?: any;
body?: any;
headers?: Record<string, string | string[] | undefined>;
ip?: string;
}): import("./types").SecurityThreat[];
/**
* Generate a CSRF token for a session
*/
generateCSRFToken(sessionId: string): string;
/**
* Sanitize output to prevent XSS
*/
sanitize(output: string): string;
/**
* Fuzz test an API endpoint
*/
fuzz(target: FuzzTarget): Promise<import("./types").FuzzingResult>;
/**
* Get the logger instance
*/
getLogger(): Logger;
/**
* Quick validation helper - check if input is safe
*/
isSafe(input: any, context?: string): boolean;
/**
* Context-aware sanitization with multiple output contexts
*/
sanitizeFor(input: string, context?: 'html' | 'attribute' | 'javascript' | 'css' | 'url'): string;
/**
* Validate and sanitize in one call
*/
validateAndSanitize(input: string, context?: string): {
safe: boolean;
sanitized: string;
threats: any[];
};
/**
* Get IP reputation score (0-100)
*/
getIPReputation(ip: string): number;
/**
* Block or unblock an IP address
*/
setIPBlocked(ip: string, blocked: boolean): void;
/**
* Get security statistics
*/
getStats(): {
rasp: any;
fuzzing?: any;
};
/**
* Get security analytics (v1.3.4 feature)
*/
getAnalytics(): any;
/**
* Get analytics summary text (v1.3.4 feature)
*/
getAnalyticsSummary(): string;
/**
* Clear security history (for testing or privacy)
*/
clearHistory(ip?: string): void;
/**
* Quick-start method: protect an Express app with sensible defaults
*/
static quickProtect(trustedOrigins?: string[]): {
middleware: (req: import("./middleware/express").AimlessRequest, res: import("express").Response, next: import("express").NextFunction) => void | import("express").Response<any, Record<string, any>>;
csrf: (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void;
aimless: Aimless;
};
/**
* Create a validation chain for fluent API
*/
validate(input: any): {
against: (checks: ("sql" | "nosql" | "xss" | "command" | "path" | "xxe" | "ssrf" | "all")[]) => {
sanitize: () => {
result: () => {
safe: boolean;
sanitized: any;
threats: any[];
};
};
result: () => {
safe: boolean;
input: any;
threats: any[];
};
};
};
}
export * from './types';
export * from './rasp';
export * from './fuzzing';
export * from './middleware/express';
export { Logger } from './logger';
export default Aimless;
//# sourceMappingURL=index.d.ts.map