UNPKG

autotel

Version:

Write Once, Observe Anywhere

github.com/jagreehal/autotel

jagreehal/autotel

78 lines (77 loc) 2.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
//#region src/security-schema.ts /** All severities, lowest first. */ const SECURITY_SEVERITIES = [ "info", "warning", "error", "critical" ]; /** Numeric rank per severity for threshold comparisons. */ const SECURITY_SEVERITY_RANK = { info: 0, warning: 1, error: 2, critical: 3 }; /** * Parse an untrusted value (span attribute, event payload field) into a * severity, falling back when it is missing or malformed. */ function parseSecuritySeverity(value, fallback = "info") { return typeof value === "string" && value in SECURITY_SEVERITY_RANK ? value : fallback; } /** `true` when `severity` meets or exceeds `min`. */ function securitySeverityAtLeast(severity, min) { return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[min]; } /** The higher-ranked of two severities (e.g. escalate failures to ≥ error). */ function escalateSecuritySeverity(severity, floor) { return SECURITY_SEVERITY_RANK[severity] >= SECURITY_SEVERITY_RANK[floor] ? severity : floor; } /** * Span attribute keys of the security schema. Emitters and consumers must * reference these instead of re-typing the strings. */ const SECURITY_ATTR = { /** Marker set on every span carrying a security event. */ marker: "autotel.security", /** Set when the event was force-kept through tail sampling. */ forceKeep: "autotel.security.force_keep", event: "security.event", category: "security.category", outcome: "security.outcome", severity: "security.severity", actorId: "security.actor_id", targetType: "security.target_type", targetId: "security.target_id", tenantId: "security.tenant_id", reason: "security.reason", /** Custom metadata keys dropped because they looked credential-shaped. */ droppedKeys: "security.dropped_keys", /** Set by the signal processor on suspicious request paths. */ suspiciousRequest: "security.suspicious_request", /** Pattern name that flagged a suspicious request, e.g. `path_traversal`. */ signal: "security.signal" }; /** Metric names emitted by the security instrumentation. */ const SECURITY_METRICS = { events: "autotel.security.events", httpSuspicious: "autotel.security.http.suspicious", httpDenied: "autotel.security.http.denied", anomaly: "autotel.security.anomaly", heartbeat: "autotel.security.heartbeat" }; /** HTTP statuses counted as denied responses by default. */ const SECURITY_DENIED_STATUSES = [ 401, 403, 429 ]; /** * Span attributes carrying the HTTP response status, current semconv * first, legacy fallback second. */ const HTTP_STATUS_ATTRIBUTES = ["http.response.status_code", "http.status_code"]; //#endregion export { HTTP_STATUS_ATTRIBUTES, SECURITY_ATTR, SECURITY_DENIED_STATUSES, SECURITY_METRICS, SECURITY_SEVERITIES, SECURITY_SEVERITY_RANK, escalateSecuritySeverity, parseSecuritySeverity, securitySeverityAtLeast }; //# sourceMappingURL=security-schema.js.map