endpoint-sentinel/dist/utils/consent.js

User-friendly security scanner with interactive setup that scales from beginner to expert

"use strict";
/**
 * Consent Manager for Ethical Security Scanning
 * Handles consent requirements and legal boundaries
 */
Object.defineProperty(exports, "__esModule", { value: true });
exports.ConsentManager = void 0;
class ConsentManager {
    /**
     * Gets the complete consent text for ethical scanning
     */
    getConsentText() {
        return `
🛡️  ENDPOINT SENTINEL - CONSENT AND TERMS OF USE

📋 IMPORTANT: Read carefully before proceeding

By using Endpoint Sentinel, you acknowledge and agree to the following:

1. AUTHORIZATION REQUIRED
   ✅ You have explicit written permission to test the target system
   ✅ You are authorized by the system owner or are the system owner
   ✅ You will not scan systems without proper authorization

2. ETHICAL SCANNING PRINCIPLES
   ✅ Respectful rate limiting (default: 2 requests/second)
   ✅ No destructive or intrusive testing
   ✅ Immediate cessation if requested by system administrators
   ✅ Responsible disclosure of any vulnerabilities found

3. LEGAL COMPLIANCE
   ✅ You will comply with all applicable laws and regulations
   ✅ You understand that unauthorized scanning may be illegal
   ✅ You accept full responsibility for your use of this tool

4. LIABILITY
   ✅ Use of this tool is at your own risk
   ✅ The authors are not responsible for any misuse or consequences
   ✅ You will not hold the developers liable for any damages

5. AUDIT AND LOGGING
   ✅ All scan activities are logged for security and compliance
   ✅ Logs may be retained for audit purposes
   ✅ You consent to activity monitoring and logging

⚠️  WARNING: Unauthorized scanning is illegal and unethical
⚠️  Only scan systems you own or have explicit permission to test
⚠️  When in doubt, obtain written authorization first

By proceeding with the --consent flag, you confirm:
• You have read and understood these terms
• You have proper authorization for the target system
• You will use this tool ethically and responsibly
• You accept all terms and conditions above

📞 Questions? Concerns? Stop and consult with legal counsel first.
`;
    }
    /**
     * Validates that proper consent has been obtained
     */
    validateConsent(consentGiven) {
        if (!consentGiven) {
            return {
                isValid: false,
                message: 'Explicit consent is required. Use --consent flag after reading terms.'
            };
        }
        return { isValid: true };
    }
    /**
     * Logs consent event for audit purposes
     */
    logConsentEvent(target, timestamp = new Date()) {
        const auditEntry = {
            event: 'consent_granted',
            target,
            timestamp: timestamp.toISOString(),
            userAgent: 'Endpoint-Sentinel/1.0.0',
            sessionId: this.generateSessionId()
        };
        // In production, this would write to a secure audit log
        console.log(`[AUDIT] ${JSON.stringify(auditEntry)}`);
    }
    /**
     * Generates a unique session ID for tracking
     */
    generateSessionId() {
        return `es_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
    }
    /**
     * Gets consent banner for display
     */
    getConsentBanner() {
        return `
🛡️  ETHICAL SECURITY SCANNING TOOL

⚠️  AUTHORIZATION REQUIRED ⚠️
Only scan systems you own or have explicit permission to test.
Unauthorized scanning may be illegal in your jurisdiction.

Use --consent flag to acknowledge terms and proceed.
Run 'endpoint-sentinel consent' to review full terms.
`;
    }
    /**
     * Checks if target requires special consent (e.g., government, critical infrastructure)
     */
    requiresSpecialConsent(target) {
        const url = new URL(target);
        const hostname = url.hostname.toLowerCase();
        // Government domains
        if (hostname.endsWith('.gov') || hostname.endsWith('.mil')) {
            return {
                required: true,
                reason: 'Government domains require special authorization'
            };
        }
        // Critical infrastructure patterns
        const criticalInfraPatterns = [
            /power/i,
            /electric/i,
            /utility/i,
            /water/i,
            /hospital/i,
            /medical/i,
            /bank/i,
            /financial/i,
            /emergency/i
        ];
        for (const pattern of criticalInfraPatterns) {
            if (pattern.test(hostname)) {
                return {
                    required: true,
                    reason: 'Critical infrastructure domains require special authorization'
                };
            }
        }
        return { required: false };
    }
}
exports.ConsentManager = ConsentManager;
//# sourceMappingURL=consent.js.map