@dimzxzzx07/file-watcher 1.0.0

package/src/core/SecurityManager.ts

@@ -0,0 +1,348 @@
+import * as crypto from 'crypto';
+import { SecurityConfig, FileMetadata, SecurityAlert } from '../types';
+import { Logger } from '../utils/Logger';
+
+export class SecurityManager {
+    private static instance: SecurityManager;
+    private readonly config: SecurityConfig;
+    private readonly logger: Logger;
+    private readonly secureChannel: Map<string, any>;
+    private readonly alertHistory: SecurityAlert[];
+    private readonly memoryLocks: Set<string>;
+    private isInitialized: boolean = false;
+    private encryptionKey: Buffer | null = null;
+
+    private constructor(config: SecurityConfig) {
+        this.config = config;
+        this.logger = Logger.getInstance();
+        this.secureChannel = new Map();
+        this.alertHistory = [];
+        this.memoryLocks = new Set();
+        
+        this.initialize();
+    }
+
+    public static getInstance(config?: SecurityConfig): SecurityManager {
+        if (!SecurityManager.instance && config) {
+            SecurityManager.instance = new SecurityManager(config);
+        }
+        return SecurityManager.instance;
+    }
+
+    private async initialize(): Promise<void> {
+        try {
+            await this.generateEncryptionKey();
+            await this.initializeSecureMemory();
+            await this.setupSecurityPolicies();
+            
+            this.isInitialized = true;
+            this.logger.info('SecurityManager initialized successfully');
+        } catch (error) {
+            this.logger.error('Failed to initialize SecurityManager', { error });
+            throw error;
+        }
+    }
+
+    private async generateEncryptionKey(): Promise<void> {
+        this.encryptionKey = crypto.randomBytes(32);
+        Object.freeze(this.encryptionKey);
+    }
+
+    private async initializeSecureMemory(): Promise<void> {
+        const secureMemorySize = 1024 * 1024;
+        const secureBuffer = Buffer.alloc(secureMemorySize);
+        
+        crypto.randomFillSync(secureBuffer);
+        
+        this.memoryLocks.add('secure_buffer');
+    }
+
+    private async setupSecurityPolicies(): Promise<void> {
+        switch (this.config.integrityLevel) {
+            case 'paranoid':
+                this.enableParanoidMode();
+                break;
+            case 'advanced':
+                this.enableAdvancedMode();
+                break;
+            default:
+                this.enableBasicMode();
+        }
+    }
+
+    private enableParanoidMode(): void {
+        this.logger.info('Enabling PARANOID security mode');
+        
+        setInterval(() => {
+            this.checkForRootkits();
+            this.validateSystemIntegrity();
+            this.scanForMalware();
+        }, 10000);
+    }
+
+    private enableAdvancedMode(): void {
+        this.logger.info('Enabling ADVANCED security mode');
+        
+        setInterval(() => {
+            this.validateSystemIntegrity();
+        }, 30000);
+    }
+
+    private enableBasicMode(): void {
+        this.logger.info('Enabling BASIC security mode');
+    }
+
+    public async createSecureChannel(): Promise<any> {
+        const channelId = crypto.randomBytes(16).toString('hex');
+        
+        const channel = {
+            id: channelId,
+            created: new Date(),
+            encryptionKey: crypto.randomBytes(32),
+            iv: crypto.randomBytes(16),
+            lastActivity: new Date()
+        };
+        
+        this.secureChannel.set(channelId, channel);
+        
+        setTimeout(() => {
+            this.secureChannel.delete(channelId);
+        }, 3600000);
+        
+        return channel;
+    }
+
+    public setDebugMode(enabled: boolean): void {
+        if (enabled) {
+            this.logger.warning('Debug mode enabled - reduced security');
+        }
+    }
+
+    public async scanFile(filePath: string): Promise<boolean> {
+        try {
+            const stats = await require('fs').promises.stat(filePath);
+            if (stats.size > this.config.maxFileSize) {
+                this.logger.warning(`File too large: ${filePath}`);
+                return false;
+            }
+
+            const hasMalware = await this.detectMalware(filePath);
+            if (hasMalware) {
+                this.logger.warning(`Malware detected in: ${filePath}`);
+                return false;
+            }
+
+            if (stats.mode & 0o7777) {
+                this.logger.warning(`Suspicious permissions on: ${filePath}`);
+                return false;
+            }
+
+            return true;
+        } catch (error) {
+            this.logger.error(`Error scanning file: ${filePath}`, { error });
+            return false;
+        }
+    }
+
+    private async detectMalware(filePath: string): Promise<boolean> {
+        const malwareSignatures = [
+            'eval(atob(',
+            'new Function(atob(',
+            'Buffer.from(',
+            'process.binding',
+            'Reflect.construct'
+        ];
+
+        try {
+            const content = await require('fs').promises.readFile(filePath, 'utf8');
+            const contentStr = content.toString().toLowerCase();
+            
+            for (const signature of malwareSignatures) {
+                if (contentStr.includes(signature.toLowerCase())) {
+                    return true;
+                }
+            }
+
+            const base64Pattern = /[A-Za-z0-9+/]{100,}={0,2}/g;
+            const matches = contentStr.match(base64Pattern);
+            
+            if (matches) {
+                for (const match of matches) {
+                    try {
+                        const decoded = Buffer.from(match, 'base64').toString();
+                        if (decoded.includes('eval') || decoded.includes('require')) {
+                            return true;
+                        }
+                    } catch {
+                    }
+                }
+            }
+        } catch {
+        }
+
+        return false;
+    }
+
+    public async isAuthorizedChange(
+        filePath: string,
+        oldMetadata: FileMetadata,
+        newMetadata: FileMetadata
+    ): Promise<boolean> {
+        const callerStack = new Error().stack;
+        
+        if (callerStack?.includes('node_modules')) {
+            this.logger.warning('Change from node_modules', { filePath });
+            return false;
+        }
+
+        const oldHash = oldMetadata.hash.substring(0, 8);
+        const newHash = newMetadata.hash.substring(0, 8);
+        
+        if (oldHash !== newHash) {
+            return false;
+        }
+
+        const timeDiff = newMetadata.modified.getTime() - oldMetadata.modified.getTime();
+        if (timeDiff < 100) {
+            this.logger.warning('Suspiciously fast modification', { filePath, timeDiff });
+            return false;
+        }
+
+        return true;
+    }
+
+    public async encryptFile(filePath: string): Promise<void> {
+        if (!this.encryptionKey) {
+            throw new Error('Encryption key not initialized');
+        }
+
+        try {
+            const content = await require('fs').promises.readFile(filePath);
+            
+            const iv = crypto.randomBytes(16);
+            
+            const cipher = crypto.createCipheriv('aes-256-cbc', this.encryptionKey, iv);
+            
+            const encrypted = Buffer.concat([
+                cipher.update(content),
+                cipher.final()
+            ]);
+            
+            const output = Buffer.concat([iv, encrypted]);
+            await require('fs').promises.writeFile(filePath + '.encrypted', output);
+            
+            this.logger.info(`File encrypted: ${filePath}`);
+        } catch (error) {
+            this.logger.error(`Failed to encrypt file: ${filePath}`, { error });
+            throw error;
+        }
+    }
+
+    public async encryptSensitiveData(): Promise<void> {
+        this.logger.info('Encrypting sensitive data...');
+        
+        this.secureChannel.clear();
+        this.alertHistory.length = 0;
+        
+        if (global.gc) {
+            global.gc();
+        }
+    }
+
+    public validateMemoryIntegrity(): void {
+        const memoryUsage = process.memoryUsage();
+        
+        if (memoryUsage.heapUsed > memoryUsage.heapTotal * 0.9) {
+            this.logger.warning('High heap usage detected', memoryUsage);
+        }
+
+        if (this.secureChannel.size > 100) {
+            this.logger.warning('Large number of secure channels', { count: this.secureChannel.size });
+        }
+    }
+
+    private async checkForRootkits(): Promise<void> {
+        const rootkitChecks = [
+            this.checkHiddenProcesses(),
+            this.checkFileSystemHooks(),
+            this.checkKernelModules()
+        ];
+
+        await Promise.all(rootkitChecks);
+    }
+
+    private async checkHiddenProcesses(): Promise<boolean> {
+        return false;
+    }
+
+    private async checkFileSystemHooks(): Promise<boolean> {
+        return false;
+    }
+
+    private async checkKernelModules(): Promise<boolean> {
+        return false;
+    }
+
+    private async validateSystemIntegrity(): Promise<void> {
+        const criticalFiles = [
+            '/etc/passwd',
+            '/etc/shadow',
+            process.execPath
+        ];
+
+        for (const file of criticalFiles) {
+            try {
+                await require('fs').promises.access(file);
+                const stats = await require('fs').promises.stat(file);
+                
+                const age = Date.now() - stats.mtimeMs;
+                if (age < 60000) {
+                    this.logger.critical(`Critical file modified: ${file}`);
+                }
+            } catch {
+            }
+        }
+    }
+
+    private async scanForMalware(): Promise<void> {
+        const processes = await this.getRunningProcesses();
+        
+        for (const proc of processes) {
+            if (this.isSuspiciousProcess(proc)) {
+                this.logger.critical(`Suspicious process detected: ${proc.name}`);
+            }
+        }
+    }
+
+    private async getRunningProcesses(): Promise<any[]> {
+        return [];
+    }
+
+    private isSuspiciousProcess(proc: any): boolean {
+        const suspiciousNames = ['miner', 'xmr', 'crypt', 'unknown'];
+        return suspiciousNames.some(name => proc.name?.includes(name));
+    }
+
+    public logAlert(alert: SecurityAlert): void {
+        this.alertHistory.push(alert);
+        
+        if (this.alertHistory.length > 100) {
+            this.alertHistory.shift();
+        }
+    }
+
+    public getAlerts(): SecurityAlert[] {
+        return [...this.alertHistory];
+    }
+
+    public getStatus(): any {
+        return {
+            initialized: this.isInitialized,
+            secureChannels: this.secureChannel.size,
+            memoryLocks: Array.from(this.memoryLocks),
+            alertCount: this.alertHistory.length,
+            mode: this.config.integrityLevel,
+            keyInitialized: this.encryptionKey !== null
+        };
+    }
+}