UNPKG

fortify2-js

Version:

MOST POWERFUL JavaScript Security Library! Military-grade cryptography + 19 enhanced object methods + quantum-resistant algorithms + perfect TypeScript support. More powerful than Lodash with built-in security.

lab.nehonix.space/nehonix_viewer/_doc/Nehonix%20FortifyJs/readme.md

nehonix/FortifyJS

248 lines (244 loc) • 8.9 kB

JavaScript

'use strict'; var randomCore = require('../../core/random/random-core.js'); require('../../core/random/random-types.js'); require('crypto'); require('../../core/random/random-sources.js'); require('nehonix-uri-processor'); require('../memory/index.js'); require('../../types.js'); var hashCore = require('../../core/hash/hash-core.js'); require('../../core/hash/hash-types.js'); require('argon2'); require('../../algorithms/hash-algorithms.js'); require('child_process'); var secureMemory = require('../../security/secure-memory.js'); require('https'); require('../../security/runtime-verification.js'); require('../../security/tamper-evident-logging.js'); var secureStringCore = require('../../security/secure-string/core/secure-string-core.js'); require('../../security/secure-string/advanced/entropy-analyzer.js'); require('../../security/secure-string/advanced/quantum-safe.js'); require('../../security/secure-string/advanced/performance-monitor.js'); var nehoid = require('nehoid'); require('../../core/password/index.js'); /** * FortifyJS - Fortified Function Security Handler * Handles all security operations using existing FortifyJS components */ class SecurityHandler { constructor() { this.hashUtil = hashCore.Hash; this.randomUtil = randomCore.SecureRandom; } /** * Encrypt sensitive parameters using existing SecureString component */ async encryptParameters(context, args, options) { const { secureParameters } = options; for (let i = 0; i < args.length; i++) { const shouldEncrypt = secureParameters.includes(i) || secureParameters.includes(`param${i}`); if (shouldEncrypt && args[i] != null) { try { // Use existing SecureString component const secureString = new secureStringCore.SecureString(String(args[i])); const encrypted = await secureString.hash("SHA-256", "hex"); context.encryptedParameters.set(`param${i}`, encrypted); // Store in secure buffer for memory management using existing SecureBuffer const buffer = secureMemory.SecureBuffer.from(String(args[i])); context.secureBuffers.set(`param${i}`, buffer); context.auditEntry.securityFlags.push(`param${i}_encrypted`); } catch (error) { console.warn(`Failed to encrypt parameter ${i}:`, error); } } } } /** * Generate deterministic cache key using existing Hash component */ async generateCacheKey(args) { const serialized = this.safeStringify(args); // Use a fixed salt for deterministic cache keys const fixedSalt = "a99d0d44a7e59854473b3233fd5b2385e3f4be207c61f78beaa3a9d11836f57c"; return this.hashUtil.createSecureHash(serialized, fixedSalt, { algorithm: "sha256", outputFormat: "hex", }); } /** * Generate hash of parameters for audit logging using existing Hash component */ async hashParameters(args) { const serialized = this.safeStringify(args, (_, value) => { // Don't include actual sensitive values in hash if (typeof value === "string" && value.length > 50) { return `[REDACTED:${value.length}]`; } return value; }); return this.hashUtil.createSecureHash(serialized, undefined, { algorithm: "sha256", outputFormat: "hex", }); } /** * Generate secure execution ID using existing SecureRandom */ generateExecutionId() { // Use existing SecureRandom for secure ID generation return nehoid.NehoID.generate({ prefix: "func.nhx", size: 16 }); } /** * Safe JSON stringify that handles circular references and complex objects */ safeStringify(obj, replacer) { const seen = new WeakSet(); return JSON.stringify(obj, (key, value) => { // Handle circular references if (typeof value === "object" && value !== null) { if (seen.has(value)) { return "[Circular Reference]"; } seen.add(value); } // Handle Express.js specific objects if (this.isExpressObject(value)) { return this.serializeExpressObject(key, value); } // Handle functions if (typeof value === "function") { return `[Function: ${value.name || "anonymous"}]`; } // Handle undefined if (value === undefined) { return "[Undefined]"; } // Apply custom replacer if provided if (replacer) { return replacer(key, value); } return value; }); } /** * Check if object is an Express.js request/response object */ isExpressObject(obj) { if (!obj || typeof obj !== "object") return false; // Check for Express request object if (obj.method && obj.url && obj.headers && obj.params) { return true; } // Check for Express response object if (obj.statusCode !== undefined && obj.setHeader && obj.end) { return true; } return false; } /** * Serialize Express.js objects safely */ serializeExpressObject(key, obj) { // For Express request objects if (obj.method && obj.url) { return { type: "ExpressRequest", method: obj.method, url: obj.url, headers: this.sanitizeHeaders(obj.headers), params: obj.params, query: obj.query, body: this.sanitizeBody(obj.body), }; } // For Express response objects if (obj.statusCode !== undefined) { return { type: "ExpressResponse", statusCode: obj.statusCode, headersSent: obj.headersSent, }; } return `[Express Object: ${key}]`; } /** * Sanitize headers for safe serialization */ sanitizeHeaders(headers) { if (!headers || typeof headers !== "object") return {}; const sanitized = {}; for (const [key, value] of Object.entries(headers)) { // Redact sensitive headers if (key.toLowerCase().includes("authorization") || key.toLowerCase().includes("cookie") || key.toLowerCase().includes("token")) { sanitized[key] = "[REDACTED]"; } else { sanitized[key] = value; } } return sanitized; } /** * Sanitize request body for safe serialization */ sanitizeBody(body) { if (!body) return body; if (typeof body === "object") { const sanitized = {}; for (const [key, value] of Object.entries(body)) { // Redact sensitive fields if (key.toLowerCase().includes("password") || key.toLowerCase().includes("token") || key.toLowerCase().includes("secret")) { sanitized[key] = "[REDACTED]"; } else if (typeof value === "string" && value.length > 100) { sanitized[key] = `[TRUNCATED:${value.length}]`; } else { sanitized[key] = value; } } return sanitized; } return body; } /** * Sanitize stack trace to remove sensitive information */ sanitizeStackTrace(stack) { // Remove sensitive parameter information from stack traces return stack.replace(/\(.*?\)/g, "([REDACTED])"); } /** * Schedule secure cleanup of execution context using existing SecureBuffer */ scheduleCleanup(context, memoryWipeDelay, onCleanup) { const cleanup = () => { // Destroy secure buffers using existing SecureBuffer.destroy() for (const buffer of context.secureBuffers.values()) { buffer.destroy(); } // Clear encrypted parameters context.encryptedParameters.clear(); if (onCleanup) { onCleanup(context.executionId); } }; if (memoryWipeDelay > 0) { setTimeout(cleanup, memoryWipeDelay); } else { cleanup(); } } } exports.SecurityHandler = SecurityHandler; //# sourceMappingURL=security-handler.js.map