nehonix-uri-processor

import React from 'react'; import { Request as Request$1, Response as Response$1, NextFunction, Router } from 'express'; type MaliciousComponentType = "protocol" | "hostname" | "path" | "query" | "fragment"; /** * Interface defining detection result with detailed information */ interface MaliciousPatternResult { url?: string; isMalicious: boolean; detectedPatterns: DetectedPattern[]; score: number; confidence: "low" | "medium" | "high"; recommendation: string; contextAnalysis?: ContextAnalysisResult; } /** * New interface for contextual analysis results */ interface ContextAnalysisResult { relatedPatterns: RelatedPatternGroup[]; entropyScore: number; anomalyScore: number; encodingLayers: number; } /** * Interface for related pattern groups */ interface RelatedPatternGroup { patterns: MaliciousPatternType[]; description: string; riskMultiplier: number; } /** * Interface defining a detected malicious pattern */ interface DetectedPattern { type: MaliciousPatternType; pattern: string; location: string; severity: "low" | "medium" | "high"; confidence: "low" | "medium" | "high"; description: string; matchedValue?: string; contextScore?: number; } /** * Enum defining various malicious pattern types */ declare enum MaliciousPatternType { SQL_INJECTION = "sql_injection", XSS = "cross_site_scripting", COMMAND_INJECTION = "command_injection", PATH_TRAVERSAL = "path_traversal", OPEN_REDIRECT = "open_redirect", SSRF = "server_side_request_forgery", CRLF_INJECTION = "crlf_injection", ENCODED_PAYLOAD = "encoded_payload", SERIALIZATION = "serialization_payload", TEMPLATE_INJECTION = "template_injection", SUSPICIOUS_PARAMETER = "suspicious_parameter", DATA_URI = "data_uri", SUSPICIOUS_IP = "suspicious_ip", SUSPICIOUS_TLD = "suspicious_tld", SUSPICIOUS_DOMAIN = "suspicious_domain", PROTOCOL_CONFUSION = "protocol_confusion", HOMOGRAPH_ATTACK = "homograph_attack",// NEW: Domain spoofing using similar-looking chars MULTI_ENCODING = "multi_encoding",// NEW: Multiple encoding layers UNICODE_EVASION = "unicode_evasion",// NEW: Unicode character abuse FRAGMENT_PAYLOAD = "fragment_payload",// NEW: Payload split across parameters HEADER_INJECTION = "header_injection",// NEW: HTTP header injection NOSQL_INJECTION = "nosql_injection",// NEW: NoSQL injection patterns GRAPHQL_INJECTION = "graphql_injection",// NEW: GraphQL injection DOM_BASED_ATTACK = "dom_based_attack",// NEW: DOM-based attacks FILE_INCLUSION = "file_inclusion",// NEW: Remote/Local file inclusion RFI = "remote_file_inclusion", PHISHING = "phishing",//new PROTOTYPE_POLLUTION = "prototype_pollution", JWT_MANIPULATION = "jwt_manipulation", CSS_INJECTION = "css_injection", HOST_HEADER_INJECTION = "host_header_injection", DESERIALIZATION = "deserialization", DOM_CLOBBERING = "dom_clobbering", CLICKJACKING = "clickjacking", CORS_MISCONFIGURATION = "cors_misconfiguration", SUBDOMAIN_TAKEOVER = "subdomain_takeover", HTTP_PARAMETER_POLLUTION = "http_parameter_pollution", WEB_CACHE_POISONING = "web_cache_poisoning", ANOMALY = "anomaly", ZERO_DAY = "zero_day", RANSOMWARE = "ransomware", SUSPICIOUS_BEHAVIOR = "suspicious_behavior", PARAMETER_TAMPERING = "parameter_tampering", HIGH_ENTROPY = "high_entropy", KNOWN_THREAT = "known_threat", RCE = "rce", ANOMALY_DETECTED = "anomaly_detected", SUSPICIOUS_EXTENSION = "SUSPICIOUS_EXTENSION", KNOWN_MALICIOUS_URL = "known_malicious_url" } /** * Interface for malicious pattern detection options */ interface MaliciousPatternOptions { /** * Minimum score required to mark input as malicious (default: 50) */ minScore?: number; /** * Enable verbose logging for debugging */ debug?: boolean; /** * List of pattern types to ignore */ ignorePatterns?: MaliciousPatternType[]; /** * Adjust sensitivity for detections (0.1-2.0) * Lower values mean less sensitive, higher values mean more sensitive */ sensitivity?: number; /** * Custom patterns to include in detection */ customPatterns?: Array<{ pattern: RegExp; type: MaliciousPatternType; severity: "low" | "medium" | "high"; description: string; }>; /** * Enable contextual analysis for improved detection */ enableContextualAnalysis?: boolean; /** * Enable entropy analysis for obfuscated payloads */ enableEntropyAnalysis?: boolean; /** * Enable statistical analysis */ enableStatisticalAnalysis?: boolean; /** * Component-specific sensitivity multipliers */ componentSensitivity?: Record<MaliciousComponentType, number>; /** * Character set to focus on for pattern matching (default: latin) */ characterSet?: "latin" | "unicode" | "all"; } /** * Supported encoding types. This enumeration defines all the encoding schemes * that the NehonixURIProcessor can handle. Each type represents a distinct * method of representing characters or data in a string format, often used * in URLs, web applications, and data transmission. */ type ENC_TYPE = "percentEncoding" | "doublepercent" | "base64" | "hex" | "unicode" | "htmlEntity" | "punycode" | "asciihex" | "asciioct" | "rot13" | "base32" | "urlSafeBase64" | "jsEscape" | "cssEscape" | "utf7" | "quotedPrintable" | "decimalHtmlEntity" | "rawHexadecimal" | "jwt" | "url" | "rawHex"; type DEC_FEATURE_TYPE = "url" | "any"; interface PartialEncodingInfo { type: string; confidence: number; } /** * Result of encoding detection. This interface describes the outcome of an * attempt to identify the encoding scheme used in a given string. It provides * an array of all detected encoding types, the most likely type, and a * confidence score for that detection. */ interface EncodingDetectionResult { partialEncodings?: PartialEncodingInfo[]; /** * An array of all encoding types detected in the input string. */ types: string[]; /** * The encoding type that is considered the most likely based on analysis. */ mostLikely: ENC_TYPE | "plainText" | "mixedEncoding"; /** * A numerical value representing the confidence level of the most likely * encoding detection, usually between 0 and 1. */ confidence: number; /** * Indicates whether nested encoding was detected (i.e., one encoding within another). */ isNested?: boolean; /** * If nested encoding is detected, this array lists the inner encoding types. */ nestedTypes?: (ENC_TYPE | "mixedEncoding")[]; } /** * Result of URL analysis. This interface defines the structure of the output * from analyzing a URL, including the base URL, extracted parameters, and * any potential vulnerabilities detected. */ interface URLAnalysisResult { /** * The base URL without parameters. */ baseURL: string; /** * An object containing the extracted URL parameters and their values. */ parameters: { [key: string]: string; }; /** * An array of strings describing potential security vulnerabilities found in the URL. */ potentialVulnerabilities: string[]; vulnerabilitieDetails?: DetectedPattern[]; } /** * Result of WAF bypass variants generation. This interface represents the * various encoding variants generated for Web Application Firewall (WAF) * bypass testing. */ interface WAFBypassVariants { /** * Standard percent-encoded version of the input string. */ percentEncoding: string; /** * Double percent-encoded version of the input string. */ doublePercentEncoding: string; /** * A version with mixed encoding types. */ mixedEncoding: string; /** * A version with alternating character case. */ alternatingCase: string; /** * A fully hexadecimal-encoded version of the input string. */ fullHexEncoding: string; /** * A version with unicode character representations. */ unicodeVariant: string; /** * A version with HTML entity representations. */ htmlEntityVariant: string; } /** * Result of detectAndDecode operation. This interface describes the result of * automatically detecting and decoding a string, including the decoded value, * the detected encoding type, and the confidence level. */ interface DecodeResult { /** * The decoded string value. */ val: () => string; /** * The detected encoding type of the input string. */ encodingType: string; /** * A numerical value representing the confidence level of the encoding detection. */ confidence: number; /** * If nested encoding is detected, this array lists the inner encoding types. */ nestedTypes?: string[]; original?: string; attemptedDecode?: string; attemptedVal?: string | undefined; decodingHistory?: { result: string; type: string; confidence: number; }[]; } /** *Real-world application: Encoding user input for various contexts (RWA) * Defines the context in which user input will be used, * allowing for appropriate encoding selection */ type RWA_TYPES = "url" | "urlParam" | "html" | "htmlAttr" | "js" | "jsString" | "css" | "cssSelector" | "email" | "emailSubject" | "command" | "xml" | "json" | "obfuscate" | "idnDomain"; /** * Options for URI validation. */ interface UrlValidationOptions { /** * If `true`, requires a leading slash before paths or query parameters (e.g., `/path` or `/?query`). * If `false`, allows query parameters without a leading slash (e.g., `?query`). * @default false */ strictMode?: boolean; /** * If `true`, allows Unicode escape sequences (e.g., `\u0068`) in query parameters. * If `false`, rejects URIs containing Unicode escape sequences. * @default true */ allowUnicodeEscapes?: boolean; /** * If `true`, rejects URIs with duplicate query parameter keys (e.g., `?p1=a&p1=b`). * If `false`, allows duplicate keys. * @default true */ rejectDuplicateParams?: boolean; /** * If `true`, only allows https:// URLs (rejects http://). * If `false`, allows both http:// and https:// URLs. * @default false */ httpsOnly?: boolean; /** * Maximum allowed length for the entire URL. * Set to 0 to disable length checking. * @default 2048 */ maxUrlLength?: number | "NO_LIMIT"; /** * List of allowed top-level domains (e.g., ['com', 'org', 'net']). * If empty, all TLDs are allowed. * @default [] */ allowedTLDs?: string[]; /** * List of allowed protocols (e.g., ['https', 'http', 'ftp']). * Only relevant if requireProtocol is true. * @default ['http', 'https'] */ allowedProtocols?: string[]; /** * If `true`, requires the protocol to be explicitly specified in the URL. * If `false`, adds https:// if no protocol is specified. * @default false */ requireProtocol?: boolean; /** * If `true`, validates that the URL has a path or query string. * If `false`, allows bare domains like 'example.com'. * @default false */ requirePathOrQuery?: boolean; /** * If `true`, validates each parameter value against URI encoding standards. * If `false`, performs basic validation only. * @default false */ strictParamEncoding?: boolean; /** *If `true`, it will find keys in "parameters" that map to the same value (e.g., * { param1: "value1", param2: "value1", param3: "value2" }), * then group keys by their values and filter for values with multiple keys * @default false */ rejectDuplicatedValues?: boolean; /** * If `true`, allows localhost URLs (e.g., http://localhost:8080). * These would otherwise be rejected due to domain validation rules. * @default false */ allowLocalhost?: boolean; /** * An array of custom validation rules to apply to the URL. * Each rule specifies a URL component (e.g., 'hostname', 'pathname') or a literal string, * a comparison operator, and a value to compare against. If provided, the URL is validated * against each rule, and the results are reported in the UrlCheckResult. * @example * // Validate that the hostname is 'nehonix.space' and the pathname is '/api' * const options: UrlValidationOptions = { * customValidations: [ * ['hostname', '===', 'nehonix.space'], * ['pathname', '===', '/api'], * ['literal', '!=', 'nehonix.space'] // Compare a literal value (e.g., URL string) * ] * }; */ customValidations?: ComparisonRule[]; /** * The value to use as the left operand for 'literal' comparisons in customValidations. * Required if any rule uses 'literal' as the component. * @example * // Compare a custom string to 'nehonix.space' * literalValue: 'nehonix.space' // Used for ['literal', '==', 'nehonix.space'] * output: true * With "@this" option, use the URL string itself as the left operand for comparisons. * @example * input = "https://google.com" * literalValue: '@this' // Used for ['literal', '==', 'nehonix.space'] * output: false */ literalValue?: "@this" | string | number; /** * If true, enables debug logging for custom validations, printing the actual values * of components or literal inputs to aid in troubleshooting. * @default false */ debug?: boolean; fullCustomValidation?: Record<string, string | number>; allowInternationalChars?: boolean; allowIPAddresses?: boolean; ipv4Only?: boolean; allowFragments?: boolean; allowCredentials?: boolean; maxQueryParams?: number; maxPathSegments?: number; disallowedKeywords?: string[]; validationLevel?: UrlValidationLevel; disallowEmptyParameterValues?: boolean; requireSecureProtocolForNonLocalhost?: boolean; allowSubdomains?: boolean; allowedDomains?: string[]; minUrlLength?: number; allowDataUrl?: boolean; allowMailto?: boolean; } type UrlValidationLevel = "strict" | "moderate" | "relaxed"; type AsyncUrlValidationOptions = UrlValidationOptions & AsyncUrlValidationOptFeature; type AsyncUrlValidationOptFeature = { detectMaliciousPatterns?: boolean; maliciousPatternSensitivity?: number; maliciousPatternMinScore?: number; ignoreMaliciousPatternTypes?: MaliciousPatternType[]; customMaliciousPatterns?: MaliciousPatternOptions["customPatterns"]; }; /** * A custom validation rule for URLs, defining a comparison to perform. * @typedef {Array<keyof URL | 'literal', comparisonOperator, string>} customValidations * @property {keyof URL | 'literal'} 0 - The URL component to compare (e.g., 'hostname', 'pathname') or 'literal' for a direct string comparison. * @property {comparisonOperator} 1 - The operator to use for the comparison (e.g., '===', '=='). * @property {string} 2 - The value to compare against. * @example * // Rule to check if hostname is 'nehonix.space' * const rule: customValidations = ['hostname', '===', 'nehonix.space']; * @example * // Rule for literal comparison * const literalRule: customValidations = ['literal', '!=', 'nehonix.space']; */ type ComparisonRule = [ ValidUrlComponents | custumValidUriComponent, comparisonOperator, string | number ]; type ValidUrlComponents = "href" | "origin" | "protocol" | "username" | "password" | "host" | "hostname" | "port" | "pathname" | "search" | "hash" | `fullCustomValidation.${string}` | `fcv.${string}`; type custumValidUriComponent = "literal"; /** * Comparison operators for custom validation rules. * @type {'===' | '==' | '<=' | '>=' | '!=' | '!==' | '<' | '>'} comparisonOperator */ type comparisonOperator = "===" | "==" | "<=" | ">=" | "!=" | "!==" | "<" | ">"; /** * Represents the detailed result of a URL validation process. * This interface provides a comprehensive breakdown of the validation checks performed * on a URL, including overall validity and specific details for each validation step. * * @interface UrlCheckResult */ interface UrlCheckResult { /** * Indicates whether the URL is valid based on all validation checks. * `true` if all checks pass, `false` if any check fails. */ isValid: boolean; /** * Return the reason of failling */ cause?: string; /** * Contains detailed results for each validation check performed on the URL. * Each property corresponds to a specific validation aspect and is optional, * as not all validations may be relevant depending on the provided options. */ validationDetails: { /** * Results of custom validation rules applied to the URL. * @property {boolean} isValid - Whether all custom validation rules passed. * @property {string} message - A summary of the validation outcomes, combining messages for each rule. * @property {Array} results - Detailed results for each custom validation rule. * @property {boolean} results[].isValid - Whether the specific rule passed. * @property {string} results[].message - A message describing the rule's outcome (e.g., success or failure details). * @property {customValidations} results[].rule - The custom validation rule that was evaluated. * @example * // Example result for custom validations * { * isValid: true, * message: "Validation passed: hostname === nehonix.space; Validation passed: pathname === /api", * results: [ * { * isValid: true, * message: "Validation passed: hostname === nehonix.space", * rule: ["hostname", "===", "nehonix.space"] * }, * { * isValid: true, * message: "Validation passed: pathname === /api", * rule: ["pathname", "===", "/api"] * } * ] * } */ customValidations?: { isValid: boolean; message: string; results: { isValid: boolean; message: string; rule: ComparisonRule; }[]; }; /** * Validation result for the URL length check. */ length?: { /** Indicates if the URL length is within the specified limit. */ isValid: boolean; /** Descriptive message about the length validation result. */ message?: string; /** The actual length of the URL in characters. */ actualLength?: number; /** The maximum allowed length as specified in options. */ maxLength?: number | "NO_LIMIT"; minLength?: number; }; /** * Validation result for checking if the URL is empty or contains only whitespace. */ emptyCheck?: { /** Indicates if the URL is non-empty. */ isValid: boolean; /** Descriptive message about the empty check result. */ message?: string; }; /** * Validation result for the URL protocol check. */ protocol?: { /** Indicates if the protocol is valid and allowed. */ isValid: boolean; /** Descriptive message about the protocol validation result. */ message?: string; /** The detected protocol in the URL (e.g., 'http', 'https'). */ detectedProtocol?: string; /** The list of allowed protocols specified in options. */ allowedProtocols?: string[]; }; /** * Validation result for the HTTPS-only requirement. */ httpsOnly?: { /** Indicates if the URL uses HTTPS when required. */ isValid: boolean; /** Descriptive message about the HTTPS-only validation result. */ message?: string; }; /** * Validation result for the domain structure check. */ domain?: { /** Indicates if the domain structure is valid. */ isValid: boolean; /** Descriptive message about the domain validation result. */ message?: string; /** The hostname extracted from the URL. */ hostname?: string; error?: string; type?: "INV_DOMAIN_ERR" | "INV_STRUCTURE" | "ERR_UNKNOWN"; }; /** * Validation result for the top-level domain (TLD) check. */ tld?: { /** Indicates if the TLD is valid and allowed. */ isValid: boolean; /** Descriptive message about the TLD validation result. */ message?: string; /** The detected TLD in the URL (e.g., 'com', 'org'). */ detectedTld?: string; /** The list of allowed TLDs specified in options. */ allowedTlds?: string[]; }; /** * Validation result for the path or query string requirement. */ pathOrQuery?: { /** Indicates if the URL satisfies path or query requirements. */ isValid: boolean; /** Descriptive message about the path/query validation result. */ message?: string; }; /** * Validation result for strict mode path requirements. */ strictMode?: { /** Indicates if the URL satisfies strict mode path requirements. */ isValid: boolean; /** Descriptive message about the strict mode validation result. */ message?: string; }; /** * Validation result for checking unencoded spaces in the query string. */ querySpaces?: { /** Indicates if the query string is free of unencoded spaces. */ isValid: boolean; /** Descriptive message about the query spaces validation result. */ message?: string; }; /** * Validation result for strict parameter encoding check. */ paramEncoding?: { /** Indicates if query parameters are properly encoded. */ isValid: boolean; /** Descriptive message about the parameter encoding validation result. */ message?: string; /** List of parameters that failed encoding validation, if any. */ invalidParams?: string[]; }; /** * Validation result for duplicate query parameter keys check. */ duplicateParams?: { /** Indicates if there are no duplicate query parameter keys. */ isValid: boolean; /** Descriptive message about the duplicate parameters validation result. */ message?: string; /** List of query parameter keys that are duplicated, if any. */ duplicatedKeys?: string[]; }; /** * Validation result for duplicate query parameter values check. */ duplicateValues?: { /** Indicates if there are no duplicate query parameter values. */ isValid: boolean; /** Descriptive message about the duplicate values validation result. */ message?: string; /** List of query parameter values that are duplicated, if any. */ duplicatedValues?: string[]; }; /** * Validation result for Unicode escape sequences check. */ unicodeEscapes?: { /** Indicates if the URL is free of disallowed Unicode escape sequences. */ isValid: boolean; /** Descriptive message about the Unicode escapes validation result. */ message?: string; }; /** * Validation result for URL parsing. */ parsing?: { /** Indicates if the URL was parsed successfully. */ isValid: boolean; /** Descriptive message about the parsing validation result. */ message?: string; }; internationalChars?: { isValid: boolean; message: string; containsNonAscii?: boolean; containsPunycode?: boolean; }; dataUrl?: { isValid: boolean; message?: string; }; mailto?: { isValid: boolean; message?: string; }; disallowedKeywords?: { isValid: boolean; message?: string; foundKeywords?: string[]; }; secureNonLocalhost?: { isValid: boolean; message?: string; }; allowSubdomains?: { isValid: boolean; message?: string; }; credentials?: { isValid: boolean; message?: string; }; fragments?: { isValid: boolean; message?: string; }; allowedDomains?: { isValid: boolean; message?: string; hostname?: string; allowedDomains?: string[]; }; ipAddress?: { isValid: boolean; message?: string; ipAddress?: string; hostname?: string; isIPv4?: boolean; isIPv6?: boolean; }; pathSegments?: { isValid: boolean; segmentCount?: number; maxSegments?: number; message?: string; }; queryParamCount?: { isValid: boolean; paramCount?: number; maxParams?: number; message?: string; }; emptyParams?: { isValid: boolean; message: string; emptyParams?: string[]; }; }; } type AsyncUrlCheckResult = Omit<UrlCheckResult, "validationDetails"> & { validationDetails: UrlCheckResult["validationDetails"] & AsyncUrlCheckResComponent; }; type AsyncUrlCheckResComponent = { maliciousPatterns?: { isValid?: boolean; message?: string; error?: string; detectedPatterns?: DetectedPattern[]; score?: number; confidence?: string; recommendation?: string; }; }; interface UriHandlerInterface { maxIterations?: number; output?: { encodeUrl?: boolean; }; } type EncodingResult = { original: string; encoded: string; type: ENC_TYPE; }; type NestedEncodingOptions = { /** * If true, use each encoding's output as input for the next encoding */ sequential?: boolean; /** * If true, include all intermediate results in the response */ includeIntermediate?: boolean; }; type NestedEncodingResponse = { input: string; results: EncodingResult[]; finalResult?: string; }; declare class NES { /** * Encodes a string according to a specific encoding type * @param input The string to encode * @param encodingType The encoding type to use * @returns The encoded string */ static encode(input: string, encodingType: ENC_TYPE): string; /** * Encodes with percent encoding (URL) */ static encodePercentEncoding(input: string, encodeSpaces?: boolean): string; /** * Encodes with double percent encoding */ static encodeDoublePercentEncoding(input: string): string; /** * Encodes in base64 */ static encodeBase64(input: string): string; /** * Encodes in hexadecimal (format \xXX) */ static encodeHex(input: string): string; /** * Encodes in Unicode (format \uXXXX) */ static encodeUnicode(input: string): string; /** * Encodes HTML entities in a string */ static encodeHTMLEntities(input: string): string; /** * Encodes in punycode */ static encodePunycode(input: string): string; /** * Encodes in ASCII with hexadecimal representation */ static encodeASCIIWithHex(input: string): string; /** * Encodes in ASCII with octal representation */ static encodeASCIIWithOct(input: string): string; /** * Encodes all characters in percent encoding */ static encodeAllChars(input: string): string; /** * Calculates confidence level for base64 encoding */ static calculateBase64Confidence(input: string): number; /** * Encodes using ROT13 cipher */ static encodeROT13(input: string): string; /** * Encodes in Base32 */ static encodeBase32(input: string): string; /** * Encodes in URL-safe Base64 */ static encodeURLSafeBase64(input: string): string; /** * Encodes string with JavaScript escape sequences */ static encodeJavaScriptEscape(input: string): string; /** * Encodes string with CSS escape sequences */ static encodeCSSEscape(input: string): string; /** * Encodes in UTF-7 */ static encodeUTF7(input: string): string; /** * Encodes in Quoted-Printable */ static encodeQuotedPrintable(input: string): string; /** * Encodes in decimal HTML entity format */ static encodeDecimalHTMLEntities(input: string): string; /** * Encodes in raw hexadecimal (no prefixes) */ static encodeRawHex(input: string): string; /** * Encodes as a JWT with the input as the payload */ static encodeJWT(input: string): string; /** * Encodes as a URL (percent-encoding with spaces as %20) */ static encodeUrl(input: string): string; /** * Performs multiple encodings on an input string synchronously * @param input The string to encode * @param types Array of encoding types to apply * @param options Configuration options for nested encoding * @returns Object containing encoding results */ static encodeMultiple(input: string, types: ENC_TYPE[], options?: NestedEncodingOptions): NestedEncodingResponse; /** * Performs multiple encodings on an input string asynchronously * @param input The string to encode * @param types Array of encoding types to apply * @param options Configuration options for nested encoding * @returns Promise resolving to object containing encoding results */ static encodeMultipleAsync(input: string, types: ENC_TYPE[], options?: NestedEncodingOptions): Promise<NestedEncodingResponse>; } declare class SecurityRules { private static get enc(); static analyzeMaliciousPatterns(url: string, options?: MaliciousPatternOptions): Promise<MaliciousPatternResult>; static analyzeURL(...p: Parameters<typeof SecurityRules.analyzeMaliciousPatterns>): URLAnalysisResult; /** * Generates encoding variants of a string for WAF bypass testing * @param input The string to encode * @returns An object containing different encoding variants */ static generateWAFBypassVariants(input: string): WAFBypassVariants; /** * Generates mixed encoding (different types of encoding combined) */ private static generateMixedEncoding; /** * Generates a string with alternating upper and lower case * Useful for bypassing certain filters */ private static generateAlternatingCase; } declare class NDS { private static throwError; private static default_checkurl_opt; static detectMixedEncodings(input: string): string[]; /** * Automatically detects and decodes a URI based on the detected encoding type * @param input The URI string to decode * @returns The decoded string according to the most probable encoding type */ static detectAndDecode(input: string): DecodeResult; static decodeJWT(input: string): string; /** * Decodes percent encoding (URL) */ static decodePercentEncoding(input: string): string; /** // * Decodes double percent encoding // */ /** * Decodes hexadecimal encoding */ /** * Fix 1: Proper hex string decoding implementation */ static decodeHex(input: string): string; /** * Decodes Unicode encoding */ static decodeUnicode(input: string): string; /** * Decodes HTML entities */ static decodeHTMLEntities(input: string): string; /** * Decodes punycode * Note: Requires the 'punycode' library */ static decodePunycode(input: string): string; /** * Automatically detects the encoding type(s) of a string (URI or raw text) * @param input The string to analyze * @param depth Internal recursion depth (default: 0) * @returns An object with detected types, confidence scores and the most likely one */ static detectEncoding(input: string, depth?: number): EncodingDetectionResult; /** * Attempts to decode parts of a string that appear to be encoded * @param input The potentially partially encoded string * @param encodingType The encoding type to try * @returns Object indicating success and decoded parts */ static tryPartialDecode(input: string, encodingType: ENC_TYPE): { success: boolean; decoded?: string; }; /** * Helper function to detect nested encodings * @param input The string to analyze * @param depth Current recursion depth * @returns Information about detected nested encodings */ static detectNestedEncoding(input: string, depth?: number): { isNested: boolean; outerType?: ENC_TYPE | "mixedEncoding"; innerType?: ENC_TYPE | "mixedEncoding"; confidenceScore: number; }; /** * Decodes ROT13 encoded text */ static decodeRot13(input: string): string; /** * Decodes Base32 encoded text */ static decodeBase32(input: string): string; /** * Decodes URL-safe Base64 encoded text */ static decodeUrlSafeBase64(input: string): string; /** * Decodes JavaScript escape sequences */ static decodeJsEscape(input: string): string; static decodeCharacterEscapes(input: string): string; /** * Decodes CSS escape sequences */ static decodeCssEscape(input: string): string; /** * Decodes UTF-7 encoded text */ static decodeUtf7(input: string): string; /** * Decodes Quoted-Printable encoded text */ static decodeQuotedPrintable(input: string): string; /** * Decodes decimal HTML entity encoded text */ static decodeDecimalHtmlEntity(input: string): string; /** * Decodes ASCII hex encoded text (where ASCII values are represented as hex) */ static decodeAsciiHex(input: string): string; /** * Decodes ASCII octal encoded text */ static decodeAsciiOct(input: string): string; /** * Auto-detects encoding and recursively decodes until plaintext * @param input The encoded string * @param maxIterations Maximum number of decoding iterations to prevent infinite loops * @returns Fully decoded plaintext */ static decodeAnyToPlaintext(input: string, opt?: UriHandlerInterface): DecodeResult; private static handleUriParameters; /** * Decodes a string based on the specified encoding type * @param input The string to decode * @param encodingType The encoding type to use for decoding * @returns The decoded string */ static decodeSingle(input: string, encodingType: ENC_TYPE | "mixedEncoding" | "plainText"): string; /** * Decodes a partially encoded string, preserving non-encoded parts * @param input The partially encoded string * @param baseEncodingType The base encoding type (without "partial" prefix) * @returns The decoded string with non-encoded parts preserved */ static decodePartial(input: string, baseEncodingType: ENC_TYPE): string; /** * Attempts to decode a string with mixed encoding types * @param input The string with mixed encodings * @returns The decoded string */ static decodeMixed(input: string): string; /** * Decodes double percent encoding (e.g., %2520 -> %20 -> space) * @param input The double percent-encoded string * @returns The decoded string */ static decodeDoublePercentEncoding(input: string): string; /** * Tries various decoding strategies to find the best result * @param input The encoded string * @returns The best decoded result */ static smartDecode(input: string): string; /** * Enhanced URL parameter extraction and decoding * @param url The URL string to process * @returns URL with decoded parameters */ static decodeUrlParameters(url: string): string; static decodeMixedContent(input: string): string; static detectAndHandleRawHexUrl(input: string): string; /** * Decodes a raw hexadecimal string (without prefixes) * @param input The hexadecimal string to decode * @returns The decoded string */ static decodeRawHex(input: string): string; /** * Main decode method with improved error handling */ static decode(props: { input: string; encodingType: ENC_TYPE | DEC_FEATURE_TYPE; maxRecursionDepth?: number; opt?: { throwError?: boolean; }; }): string; /** * Asynchronously decodes any encoded text to plaintext * @param input The encoded string to decode * @param opt Optional configuration for the decoding process * @returns A Promise that resolves to the DecodeResult containing the decoded string */ static asyncDecodeAnyToPlainText(input: string, opt?: UriHandlerInterface): Promise<DecodeResult>; } /** * Shared utility methods for encoding detection and basic decoding operations */ declare class NehonixCommonUtils { /** * Checks if the string contains hexadecimal encoding */ static hasHexEncoding(input: string): boolean; /** * Checks if the string contains Unicode encoding */ static hasUnicodeEncoding(input: string): boolean; /** * Checks if the string contains HTML entities */ static hasHTMLEntityEncoding(input: string): boolean; /** * Checks if the string contains punycode */ static hasPunycode(input: string): boolean; /** * Checks if the string contains percent encoding (%) */ static hasPercentEncoding(input: string): boolean; /** * Checks if the string contains double percent encoding (%%XX) */ static hasDoublePercentEncoding(input: string): boolean; /** * Decodes raw hexadecimal string (without prefixes) */ static drwp(hexString: string): string; /** * Basic Base64 decoding */ /** * Decodes base64 encoding */ static decodeB64(input: string): string; /** * Enhanced encoding detection methods to accurately detect various encoding types */ /** * Checks if a string is likely to be plain text * @param s The string to check */ static isPlainText(s: string): boolean; /** * Enhanced ROT13 detection that avoids false positives * @param s The string to check */ static isRot13(s: string): boolean; /** * Improved Base64 detection * @param s The string to check */ static isBase64(input: string): boolean; static decodeBase64(input: string): string; /** * Base32 detection * @param s The string to check */ static isBase32(s: string): boolean; /** * Improved URL-safe Base64 detection * @param s The string to check */ static isUrlSafeBase64(s: string): boolean; /** * Improved percent encoding detection * @param s The string to check */ static isPercentEncoding(s: string): boolean; /** * Improved double percent encoding detection * @param s The string to check */ static isDoublePercent(s: string): boolean; /** * Improved hexadecimal encoding detection * @param s The string to check */ static isHex(s: string): boolean; /** * Improved raw hexadecimal string detection * @param s The string to check */ /** * Improved raw hexadecimal string detection * @param s The string to check */ static hasRawHexString(s: string): boolean; /** * Improved ASCII Hex detection * @param s The string to check */ static isAsciiHex(s: string): boolean; /** * Improved ASCII Octal detection * @param s The string to check */ static isAsciiOct(s: string): boolean; /** * Improved Unicode escape detection * @param s The string to check */ static isUnicode(s: string): boolean; /** * Improved HTML entity detection * @param s The string to check */ static isHtmlEntity(s: string): boolean; /** * Improved decimal HTML entity detection * @param s The string to check */ static isDecimalHtmlEntity(s: string): boolean; /** * Improved quoted-printable detection * @param s The string to check */ static isQuotedPrintable(s: string): boolean; /** * Improved Punycode detection * @param s The string to check */ static isPunycode(s: string): boolean; /** * Improved JWT format detection * @param s The string to check */ static hasJWTFormat(s: string): boolean; /** * Improved UTF-7 detection * @param s The string to check */ static isUtf7(s: string): boolean; /** * Improved JavaScript escape sequence detection * @param s The string to check */ static isJsEscape(s: string): boolean; /** * Improved CSS escape sequence detection * @param s The string to check */ static isCssEscape(s: string): boolean; } declare class NehonixCoreUtils extends NehonixCommonUtils { private static defautltValidationOpt; /** * Checks a URL string and returns detailed validation results. * @param url The URL string to check * @param options Validation options * @returns UrlCheckResult object with detailed validation information */ /** * Checks a URL string and returns detailed validation results. * @param url The URL string to check * @param options Validation options * @returns UrlCheckResult object with detailed validation information */ static checkUrl(url: string, options?: UrlValidationOptions): UrlCheckResult; /** * Validates a URL string according to specified options. * @param url The URL string to validate * @param options Validation options * @returns boolean indicating if the URL is valid */ static isValidUrl(url: string, options?: UrlValidationOptions): boolean; static asyncIsUrlValid(...args: Parameters<typeof this.asyncCheckUrl>): Promise<boolean>; static asyncCheckUrl(url: string, options?: AsyncUrlValidationOptions): Promise<AsyncUrlCheckResult>; /** * Analyzes a URL for potential security threats * @param url The URL to analyze * @param options Detection options * @returns Detailed analysis of security threats */ static analyzeMaliciousPatterns(url: string, options?: MaliciousPatternOptions): Promise<MaliciousPatternResult>; /** * Quick check if a URL contains malicious patterns * @param url The URL to check * @param options Detection options * @returns Boolean indicating if URL contains malicious patterns */ static hasMaliciousPatterns(url: string, options?: MaliciousPatternOptions): Promise<boolean>; static detectDuplicatedValues(url: string): { duplicatedKeys: string[]; duplicatedValues: string[]; params: Record<string, string[]>; }; /** * Checks if the string matches base64 pattern */ static hasBase64Pattern(input: string): boolean; /** * Raw hexadecimal detection * @param input * @returns */ static hasRawHexString(input: string): boolean; static hasJWTFormat(input: string): boolean; static getValidationOptionsByLevel(level: UrlValidationLevel, baseOptions?: Partial<UrlValidationOptions>): UrlValidationOptions; } /** * Enhanced service for detecting various malicious patterns in URLs and general input * Nehonix Malicious Parttens Service => NMPS * Nehonix Security Service => NSS */ declare class NSS { private static SQL_INJECTION_PATTERNS; private static XSS_PATTERNS; private static COMMAND_INJECTION_PATTERNS; private static OPEN_REDIRECT_PATTERNS; private static PATH_TRAVERSAL_PATTERNS; private static SSRF_PATTERNS; private static CRLF_INJECTION_PATTERNS; private static TEMPLATE_INJECTION_PATTERNS; private static NOSQL_INJECTION_PATTERNS; private static GRAPHQL_INJECTION_PATTERNS; private static ENCODED_PAYLOAD_PATTERNS; private static SUSPICIOUS_TLD_PATTERNS; private static HOMOGRAPH_ATTACK_PATTERNS; private static MULTI_ENCODING_PATTERNS; private static SUSPICIOUS_PARAMETER_NAMES; private static RFI_PATTERNS; private static resultCache; private static isSafeHighEntropy; /** * Analyzes input for malicious patterns and returns detailed detection results * * @param input - The string to analyze * @param options - Configuration options for detection * @returns Detailed analysis result */ static detectMaliciousPatterns(receivedInput: string, options?: MaliciousPatternOptions): MaliciousPatternResult; /** * Analyzes a URL for malicious patterns with specific sensitivity per URL component * * @param url - The URL to analyze * @param options - Configuration options for detection * @returns Detailed analysis result */ static analyzeUrl(url: string, options?: MaliciousPatternOptions): Promise<MaliciousPatternResult>; /** * Generates a recommendation specifically for URLs based on detected patterns */ private static generateUrlRecommendation; /** * Finds related patterns across different components that might indicate a sophisticated attack */ private static findRelatedPatternGroups; /** * Checks a string against a set of regex patterns for a specific attack type */ private static checkPatterns; /** * Checks for suspicious parameter names in a URL */ private static checkSuspiciousParameters; /** * Calculates confidence level for a pattern match based on match characteristics */ private static calculateConfidence; /** * Checks if a match is likely a false positive based on context */ private static isLikelyFalsePositive; /** * Calculates additional context score for pattern matches */ private static calculateContextScore; /** * Performs contextual analysis on detected patterns to improve detection accuracy */ private static performContextualAnalysis; /** * Calculates Shannon entropy of a string to detect random or encoded content * Higher entropy often indicates encryption or encoding */ private static calculateEntropy; /** * Detects number of potential encoding layers in a string */ private static detectEncodingLayers; /** * Calculates statistical anomaly score based on character distribution */ private static calculateAnomalyScore; /** * Calculates total risk score based on detected patterns */ private static calculateTotalScore; /** * Determines overall confidence level based on score and pattern count */ static determineConfidence(score: number, patternCount: number): "low" | "medium" | "high"; /** * Generates appropriate recommendation based on detected patterns */ static generateRecommendation(patterns: DetectedPattern[], score: number): string; /** * Analyzes input for a specific malicious pattern type * * @param input - The string to analyze * @param patternType - The specific pattern type to check for * @param options - Configuration options for detection * @returns Boolean indicating if pattern was detected */ static detectSpecificPatternType(input: string, patternType: MaliciousPatternType, options?: MaliciousPatternOptions): boolean; /** * Sanitizes input by removing potentially malicious patterns * * @param input - The string to sanitize * @param options - Additional sanitization options * @returns Sanitized string */ /** * Sanitizes input by removing potentially malicious patterns * * @param input - The string to sanitize * @param options - Additional sanitization options * @returns Sanitized string */ static sanitizeInput(input: string, options?: { allowHtml?: boolean; allowMarkdown?: boolean; strictMode?: boolean; preserveLength?: boolean; customPatterns?: Array<{ pattern: RegExp; replacement: string; }>; }): string; /** * Lightweight check to determine if string needs deep scanning * Use as a pre-filter before doing full pattern detection * * @param input - String to check * @returns Whether input needs further scanning */ static needsDeepScan(input: string): boole