UNPKG

aimless-security

Version:

Enhanced Runtime Application Self-Protection (RASP) and API Fuzzing Engine with advanced threat detection, behavioral analysis, and intelligent response scoring for Node.js applications

github.com/CamozDevelopment/Aimless-Security

CamozDevelopment/Aimless-Security

203 lines (176 loc) โ€ข 6.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
/** * Serverless Compatibility Test Suite * Tests that Aimless Security works in serverless environments */ const { Aimless } = require('./dist/index.js'); console.log('๐Ÿงช Testing Aimless Security for Serverless Compatibility\n'); let testsPassed = 0; let testsFailed = 0; function test(name, fn) { try { fn(); console.log(`โœ… ${name}`); testsPassed++; } catch (error) { console.error(`โŒ ${name}`); console.error(` Error: ${error.message}`); testsFailed++; } } // Test 1: Module loads correctly test('Module loads without errors', () => { if (!Aimless) throw new Error('Aimless not exported'); if (typeof Aimless !== 'function') throw new Error('Aimless is not a constructor'); }); // Test 2: Basic instantiation test('Can create Aimless instance', () => { const aimless = new Aimless(); if (!aimless) throw new Error('Instance not created'); }); // Test 3: Configuration works test('Accepts configuration object', () => { const aimless = new Aimless({ rasp: { enabled: true, blockMode: false } }); if (!aimless) throw new Error('Instance with config not created'); }); // Test 4: Quick protect helper test('Quick protect helper works', () => { const result = Aimless.quickProtect(['http://localhost:3000']); if (!result.middleware) throw new Error('No middleware returned'); if (!result.csrf) throw new Error('No CSRF returned'); if (!result.aimless) throw new Error('No aimless instance returned'); }); // Test 5: Validation API test('Validate method exists and works', () => { const aimless = new Aimless(); const result = aimless.isSafe("test input"); if (typeof result !== 'boolean') throw new Error('Invalid result format'); }); // Test 6: Fluent API test('Fluent API chains correctly', () => { const aimless = new Aimless(); const safe = aimless.isSafe("test"); if (typeof safe !== 'boolean') throw new Error('Invalid result'); }); // Test 7: SQL Injection Detection test('SQL injection detection works', () => { const aimless = new Aimless(); const safe = aimless.isSafe("' OR 1=1--"); if (safe) throw new Error('Failed to detect SQL injection'); }); // Test 8: XSS Detection test('XSS detection works', () => { const aimless = new Aimless(); const safe = aimless.isSafe("<script>alert('xss')</script>"); if (safe) throw new Error('Failed to detect XSS'); }); // Test 9: Sanitization test('Sanitization removes threats', () => { const aimless = new Aimless(); const input = "<script>alert('xss')</script>"; const sanitized = aimless.sanitizeFor(input, 'html'); if (!sanitized) throw new Error('Sanitization failed'); if (sanitized.includes('<script>')) throw new Error('Sanitization incomplete'); }); // Test 10: Context-aware sanitization test('Context-aware sanitization works', () => { const aimless = new Aimless(); const htmlSafe = aimless.sanitizeFor("<script>test</script>", 'html'); if (!htmlSafe) throw new Error('HTML sanitization failed'); const jsSafe = aimless.sanitizeFor("test'test", 'javascript'); if (!jsSafe) throw new Error('JS sanitization failed'); }); // Test 11: isSafe helper test('isSafe helper works', () => { const aimless = new Aimless(); const safe = aimless.isSafe("normal input"); if (!safe) throw new Error('Safe input marked as unsafe'); const unsafe = aimless.isSafe("' OR 1=1--"); if (unsafe) throw new Error('Unsafe input marked as safe'); }); // Test 12: IP reputation test('IP reputation system works', () => { const aimless = new Aimless(); const score = aimless.getIPReputation('127.0.0.1'); if (typeof score !== 'number') throw new Error('Invalid reputation score'); if (score < 0 || score > 100) throw new Error('Score out of range'); }); // Test 13: Statistics test('Statistics method works', () => { const aimless = new Aimless(); const stats = aimless.getStats(); if (!stats) throw new Error('No stats returned'); if (!stats.rasp) throw new Error('No RASP stats'); }); // Test 14: Direct detector access test('Direct detector access works', () => { const aimless = new Aimless(); const injectionDetector = aimless.rasp.getInjectionDetector(); if (!injectionDetector) throw new Error('No injection detector'); const xssDetector = aimless.rasp.getXSSDetector(); if (!xssDetector) throw new Error('No XSS detector'); }); // Test 15: Confidence scoring test('Confidence scoring works', () => { const aimless = new Aimless(); const safe = aimless.isSafe("' UNION SELECT * FROM users--"); // Just verify it doesn't crash - confidence is internal if (typeof safe !== 'boolean') throw new Error('Invalid result type'); }); // Test 16: Memory safety (no crashes) test('Handles large inputs without crashing', () => { const aimless = new Aimless(); const largeInput = 'a'.repeat(10000); const result = aimless.isSafe(largeInput); if (typeof result !== 'boolean') throw new Error('Failed to handle large input'); }); // Test 17: Handles null/undefined test('Handles null and undefined gracefully', () => { const aimless = new Aimless(); try { const r1 = aimless.isSafe(null); const r2 = aimless.isSafe(undefined); const r3 = aimless.isSafe(''); if (typeof r1 !== 'boolean' || typeof r2 !== 'boolean' || typeof r3 !== 'boolean') { throw new Error('Invalid result type'); } } catch (e) { throw new Error('Failed to handle null/undefined: ' + e.message); } }); // Test 18: No global pollution test('Does not pollute global scope', () => { const before = Object.keys(global).length; const aimless = new Aimless(); const after = Object.keys(global).length; if (after > before) throw new Error('Global scope polluted'); }); // Test 19: Multiple instances work independently test('Multiple instances work independently', () => { const aimless1 = new Aimless({ rasp: { blockMode: true } }); const aimless2 = new Aimless({ rasp: { blockMode: false } }); if (!aimless1 || !aimless2) throw new Error('Failed to create multiple instances'); }); // Test 20: crypto module is available test('Uses Node.js crypto module correctly', () => { const aimless = new Aimless(); const csrfDetector = aimless.rasp.getCSRFDetector(); const token = csrfDetector.generateToken('session123'); if (!token || token.length < 10) throw new Error('Token generation failed'); }); // Results console.log('\n' + '='.repeat(50)); console.log(`โœ… Tests Passed: ${testsPassed}`); console.log(`โŒ Tests Failed: ${testsFailed}`); console.log('='.repeat(50)); if (testsFailed > 0) { console.log('\nโš ๏ธ Some tests failed. Package may not work correctly in serverless environments.'); process.exit(1); } else { console.log('\n๐ŸŽ‰ All tests passed! Package is serverless-ready.'); process.exit(0); }