@arcjet/analyze 1.0.0-alpha.21 → 1.0.0-alpha.23

package/wasm/interfaces/arcjet-js-req-sensitive-information-identifier.d.ts

@@ -0,0 +1,20 @@
+export namespace ArcjetJsReqSensitiveInformationIdentifier {
+  export function detect(tokens: Array<string>): Array<SensitiveInfoEntity | undefined>;
+}
+export type SensitiveInfoEntity = SensitiveInfoEntityEmail | SensitiveInfoEntityPhoneNumber | SensitiveInfoEntityIpAddress | SensitiveInfoEntityCreditCardNumber | SensitiveInfoEntityCustom;
+export interface SensitiveInfoEntityEmail {
+  tag: 'email',
+}
+export interface SensitiveInfoEntityPhoneNumber {
+  tag: 'phone-number',
+}
+export interface SensitiveInfoEntityIpAddress {
+  tag: 'ip-address',
+}
+export interface SensitiveInfoEntityCreditCardNumber {
+  tag: 'credit-card-number',
+}
+export interface SensitiveInfoEntityCustom {
+  tag: 'custom',
+  val: string,
+}

package/workerd.d.ts

@@ -1,9 +1,22 @@
-import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
-import type { EmailValidationConfig, BotDetectionResult, BotType, EmailValidationResult } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetLogger } from "@arcjet/protocol";
+import type { EmailValidationConfig, BotDetectionResult, BotType, EmailValidationResult, DetectedSensitiveInfoEntity, SensitiveInfoEntities, SensitiveInfoEntity, SensitiveInfoResult } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetJsReqSensitiveInformationIdentifier } from "./wasm/interfaces/arcjet-js-req-sensitive-information-identifier.js";
+type AnalyzeRequest = {
+    ip?: string;
+    method?: string;
+    protocol?: string;
+    host?: string;
+    path?: string;
+    headers?: Record<string, string>;
+    cookies?: string;
+    query?: string;
+    extra?: Record<string, string>;
+};
 interface AnalyzeContext {
     log: ArcjetLogger;
     characteristics: string[];
 }
+type DetectSensitiveInfoFunction = typeof ArcjetJsReqSensitiveInformationIdentifier.detect;
 export { type EmailValidationConfig, type BotType, 
 /**
  * Represents the result of the bot detection.
@@ -17,7 +30,7 @@ export { type EmailValidationConfig, type BotType,
  * confidence level. `BotType.LikelyNotABot` with a score of 99 means we are
  * almost certain this request was not a bot.
  */
-type BotDetectionResult, };
+type BotDetectionResult, type DetectedSensitiveInfoEntity, type SensitiveInfoEntity, type DetectSensitiveInfoFunction, };
 /**
  * Generate a fingerprint for the client. This is used to identify the client
  * across multiple requests.
@@ -25,6 +38,7 @@ type BotDetectionResult, };
  * @param request - The request to fingerprint.
  * @returns A SHA-256 string fingerprint.
  */
-export declare function generateFingerprint(context: AnalyzeContext, request: Partial<ArcjetRequestDetails>): Promise<string>;
+export declare function generateFingerprint(context: AnalyzeContext, request: AnalyzeRequest): Promise<string>;
 export declare function isValidEmail(context: AnalyzeContext, candidate: string, options?: EmailValidationConfig): Promise<EmailValidationResult>;
 export declare function detectBot(context: AnalyzeContext, headers: string, patterns_add: string, patterns_remove: string): Promise<BotDetectionResult>;
+export declare function detectSensitiveInfo(context: AnalyzeContext, candidate: string, entities: SensitiveInfoEntities, contextWindowSize: number, detect?: DetectSensitiveInfoFunction): Promise<SensitiveInfoResult>;

package/workerd.js

@@ -22,8 +22,14 @@ async function moduleFromPath(path) {
     }
     throw new Error(`Unknown path: ${path}`);
 }
-async function init(context) {
+function noOpDetect() {
+    return [];
+}
+async function init(context, detectSensitiveInfo) {
     const { log } = context;
+    if (typeof detectSensitiveInfo !== "function") {
+        detectSensitiveInfo = noOpDetect;
+    }
     const coreImports = {
         "arcjet:js-req/logger": {
             debug(msg) {
@@ -50,9 +56,13 @@ async function init(context) {
                 return "unknown";
             },
         },
+        "arcjet:js-req/sensitive-information-identifier": {
+            detect: detectSensitiveInfo,
+        },
     };
     try {
-        return instantiate(moduleFromPath, coreImports);
+        // Await the instantiation to catch the failure
+        return await instantiate(moduleFromPath, coreImports);
     }
     catch {
         log.debug("WebAssembly is not supported in this runtime");
@@ -104,5 +114,19 @@ async function detectBot(context, headers, patterns_add, patterns_remove) {
         };
     }
 }
+async function detectSensitiveInfo(context, candidate, entities, contextWindowSize, detect) {
+    const analyze = await init(context, detect);
+    if (typeof analyze !== "undefined") {
+        const skipCustomDetect = typeof detect !== "function";
+        return analyze.detectSensitiveInfo(candidate, {
+            entities,
+            contextWindowSize,
+            skipCustomDetect,
+        });
+    }
+    else {
+        throw new Error("SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.");
+    }
+}
 
-export { detectBot, generateFingerprint, isValidEmail };
+export { detectBot, detectSensitiveInfo, generateFingerprint, isValidEmail };

package/workerd.ts

@@ -1,18 +1,35 @@
-import type { ArcjetLogger, ArcjetRequestDetails } from "@arcjet/protocol";
+import type { ArcjetLogger } from "@arcjet/protocol";
 
-import * as core from "./wasm/arcjet_analyze_js_req.component.js";
+import { instantiate } from "./wasm/arcjet_analyze_js_req.component.js";
 import type {
   ImportObject,
   EmailValidationConfig,
   BotDetectionResult,
   BotType,
   EmailValidationResult,
+  DetectedSensitiveInfoEntity,
+  SensitiveInfoEntities,
+  SensitiveInfoEntity,
+  SensitiveInfoResult,
 } from "./wasm/arcjet_analyze_js_req.component.js";
+import type { ArcjetJsReqSensitiveInformationIdentifier } from "./wasm/interfaces/arcjet-js-req-sensitive-information-identifier.js";
 
 import componentCoreWasm from "./wasm/arcjet_analyze_js_req.component.core.wasm";
 import componentCore2Wasm from "./wasm/arcjet_analyze_js_req.component.core2.wasm";
 import componentCore3Wasm from "./wasm/arcjet_analyze_js_req.component.core3.wasm";
 
+type AnalyzeRequest = {
+  ip?: string;
+  method?: string;
+  protocol?: string;
+  host?: string;
+  path?: string;
+  headers?: Record<string, string>;
+  cookies?: string;
+  query?: string;
+  extra?: Record<string, string>;
+};
+
 const FREE_EMAIL_PROVIDERS = [
   "gmail.com",
   "yahoo.com",
@@ -26,6 +43,9 @@ interface AnalyzeContext {
   characteristics: string[];
 }
 
+type DetectSensitiveInfoFunction =
+  typeof ArcjetJsReqSensitiveInformationIdentifier.detect;
+
 async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
   if (path === "arcjet_analyze_js_req.component.core.wasm") {
     return componentCoreWasm;
@@ -40,9 +60,20 @@ async function moduleFromPath(path: string): Promise<WebAssembly.Module> {
   throw new Error(`Unknown path: ${path}`);
 }
 
-async function init(context: AnalyzeContext) {
+function noOpDetect(): SensitiveInfoEntity[] {
+  return [];
+}
+
+async function init(
+  context: AnalyzeContext,
+  detectSensitiveInfo?: DetectSensitiveInfoFunction,
+) {
   const { log } = context;
 
+  if (typeof detectSensitiveInfo !== "function") {
+    detectSensitiveInfo = noOpDetect;
+  }
+
   const coreImports: ImportObject = {
     "arcjet:js-req/logger": {
       debug(msg) {
@@ -69,10 +100,14 @@ async function init(context: AnalyzeContext) {
         return "unknown";
       },
     },
+    "arcjet:js-req/sensitive-information-identifier": {
+      detect: detectSensitiveInfo,
+    },
   };
 
   try {
-    return core.instantiate(moduleFromPath, coreImports);
+    // Await the instantiation to catch the failure
+    return await instantiate(moduleFromPath, coreImports);
   } catch {
     log.debug("WebAssembly is not supported in this runtime");
   }
@@ -94,6 +129,9 @@ export {
    * almost certain this request was not a bot.
    */
   type BotDetectionResult,
+  type DetectedSensitiveInfoEntity,
+  type SensitiveInfoEntity,
+  type DetectSensitiveInfoFunction,
 };
 
 /**
@@ -105,7 +143,7 @@ export {
  */
 export async function generateFingerprint(
   context: AnalyzeContext,
-  request: Partial<ArcjetRequestDetails>,
+  request: AnalyzeRequest,
 ): Promise<string> {
   const analyze = await init(context);
 
@@ -161,3 +199,26 @@ export async function detectBot(
     };
   }
 }
+
+export async function detectSensitiveInfo(
+  context: AnalyzeContext,
+  candidate: string,
+  entities: SensitiveInfoEntities,
+  contextWindowSize: number,
+  detect?: DetectSensitiveInfoFunction,
+): Promise<SensitiveInfoResult> {
+  const analyze = await init(context, detect);
+
+  if (typeof analyze !== "undefined") {
+    const skipCustomDetect = typeof detect !== "function";
+    return analyze.detectSensitiveInfo(candidate, {
+      entities,
+      contextWindowSize,
+      skipCustomDetect,
+    });
+  } else {
+    throw new Error(
+      "SENSITIVE_INFO rule failed to run because Wasm is not supported in this environment.",
+    );
+  }
+}