@dimzxzzx07/file-watcher 1.0.0

package/src/guards/MemoryGuard.ts

@@ -0,0 +1,263 @@
+import * as crypto from 'crypto';
+import * as v8 from 'v8';
+import { Logger } from '../utils/Logger';
+
+export class MemoryGuard {
+    private static instance: MemoryGuard;
+    private readonly logger: Logger;
+    private readonly memorySnapshots: Map<string, Buffer>;
+    private readonly secureHeap: Map<string, Buffer>;
+    private isCompromised: boolean = false;
+    private readonly encryptionKey: Buffer;
+
+    private constructor() {
+        this.logger = Logger.getInstance();
+        this.memorySnapshots = new Map();
+        this.secureHeap = new Map();
+        this.encryptionKey = crypto.randomBytes(32);
+        
+        this.initializeSecureHeap();
+        this.startMemoryMonitoring();
+    }
+
+    public static getInstance(): MemoryGuard {
+        if (!MemoryGuard.instance) {
+            MemoryGuard.instance = new MemoryGuard();
+        }
+        return MemoryGuard.instance;
+    }
+
+    private initializeSecureHeap(): void {
+        const secureSize = 64 * 1024 * 1024;
+        const secureBuffer = Buffer.alloc(secureSize);
+        
+        crypto.randomFillSync(secureBuffer);
+        
+        this.secureHeap.set('secure_region', secureBuffer);
+        
+        this.lockMemory(secureBuffer);
+    }
+
+    private lockMemory(buffer: Buffer): void {
+        try {
+            if (process.platform === 'linux') {
+                const mlock = require('mlock');
+                mlock(buffer);
+            }
+        } catch (error) {
+            this.logger.warning('Failed to lock memory', { error });
+        }
+    }
+
+    private startMemoryMonitoring(): void {
+        this.takeMemorySnapshot('baseline');
+        
+        setInterval(() => {
+            this.checkMemoryIntegrity();
+        }, 30000);
+    }
+
+    public takeMemorySnapshot(name: string): void {
+        try {
+            const snapshot = v8.getHeapSnapshot();
+            const chunks: Buffer[] = [];
+            
+            snapshot.on('data', (chunk) => chunks.push(chunk));
+            snapshot.on('end', () => {
+                const fullSnapshot = Buffer.concat(chunks);
+                
+                const encrypted = this.encryptSnapshot(fullSnapshot);
+                this.memorySnapshots.set(name, encrypted);
+                
+                if (this.memorySnapshots.size > 5) {
+                    const oldest = Array.from(this.memorySnapshots.keys())[0];
+                    if (oldest) {
+                        this.memorySnapshots.delete(oldest);
+                    }
+                }
+            });
+            
+            snapshot.on('error', (error) => {
+                this.logger.error('Failed to take memory snapshot', { error });
+            });
+        } catch (error) {
+            this.logger.error('Error taking memory snapshot', { error });
+        }
+    }
+
+    private encryptSnapshot(snapshot: Buffer): Buffer {
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
+        
+        const encrypted = Buffer.concat([
+            cipher.update(snapshot),
+            cipher.final()
+        ]);
+        
+        const authTag = cipher.getAuthTag();
+        
+        return Buffer.concat([iv, authTag, encrypted]);
+    }
+
+    private checkMemoryIntegrity(): void {
+        const currentMemory = process.memoryUsage();
+        
+        this.checkHeapAnomalies(currentMemory);
+        this.checkStackIntegrity();
+        this.checkSecureHeap();
+        this.checkForDebugger();
+    }
+
+    private checkHeapAnomalies(memory: NodeJS.MemoryUsage): void {
+        const heapUsed = memory.heapUsed;
+        const heapTotal = memory.heapTotal;
+        const ratio = heapUsed / heapTotal;
+
+        if (ratio > 0.95) {
+            this.logger.warning('Critical heap usage detected', {
+                used: heapUsed,
+                total: heapTotal,
+                ratio
+            });
+        }
+    }
+
+    private checkStackIntegrity(): void {
+        try {
+            const stack = new Error().stack;
+            
+            if (!stack) {
+                this.logger.warning('Stack trace unavailable');
+                return;
+            }
+
+            const frames = stack.split('\n');
+            
+            const hasEval = frames.some(frame => frame.includes('eval'));
+            if (hasEval) {
+                this.logger.warning('Eval detected in stack trace');
+            }
+
+            if (frames.length > 100) {
+                this.logger.warning('Excessive stack depth', { depth: frames.length });
+            }
+        } catch (error) {
+            this.logger.error('Stack integrity check failed', { error });
+        }
+    }
+
+    private checkSecureHeap(): void {
+        const secureRegion = this.secureHeap.get('secure_region');
+        if (!secureRegion) {
+            this.logger.critical('Secure heap region missing!');
+            this.terminateCompromised();
+            return;
+        }
+
+        const checksum = this.calculateChecksum(secureRegion);
+        const storedChecksum = this.secureHeap.get('secure_checksum')?.toString();
+        
+        if (storedChecksum && checksum !== storedChecksum) {
+            this.logger.critical('Secure heap tampering detected!');
+            this.terminateCompromised();
+        } else {
+            this.secureHeap.set('secure_checksum', Buffer.from(checksum));
+        }
+    }
+
+    private checkForDebugger(): void {
+        const debugIndicators = [
+            process.execArgv.some(arg => arg.includes('--inspect')),
+            process.execArgv.some(arg => arg.includes('--debug')),
+            process.env.NODE_OPTIONS?.includes('--inspect'),
+            process.env.NODE_OPTIONS?.includes('--debug'),
+            process.argv.some(arg => arg.includes('--inspect')),
+            process.argv.some(arg => arg.includes('--debug'))
+        ];
+
+        if (debugIndicators.some(Boolean)) {
+            this.logger.warning('Debugger detected in memory check');
+        }
+    }
+
+    public protectSensitiveData(data: Buffer): Buffer {
+        const id = crypto.randomBytes(16).toString('hex');
+        const iv = crypto.randomBytes(16);
+        
+        const cipher = crypto.createCipheriv('aes-256-gcm', this.encryptionKey, iv);
+        const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+        const authTag = cipher.getAuthTag();
+        
+        const protectedData = Buffer.concat([iv, authTag, encrypted]);
+        this.secureHeap.set(id, protectedData);
+        
+        return Buffer.from(id);
+    }
+
+    public retrieveSensitiveData(id: Buffer): Buffer | null {
+        const protectedData = this.secureHeap.get(id.toString());
+        if (!protectedData) return null;
+
+        const iv = protectedData.subarray(0, 16);
+        const authTag = protectedData.subarray(16, 32);
+        const encrypted = protectedData.subarray(32);
+
+        try {
+            const decipher = crypto.createDecipheriv('aes-256-gcm', this.encryptionKey, iv);
+            decipher.setAuthTag(authTag);
+            
+            return Buffer.concat([
+                decipher.update(encrypted),
+                decipher.final()
+            ]);
+        } catch {
+            return null;
+        }
+    }
+
+    public wipeSensitiveData(id: Buffer): void {
+        const key = id.toString();
+        const data = this.secureHeap.get(key);
+        
+        if (data) {
+            crypto.randomFillSync(data);
+            this.secureHeap.delete(key);
+        }
+    }
+
+    public forceGarbageCollection(): void {
+        if (global.gc) {
+            global.gc();
+            this.logger.debug('Garbage collection forced');
+        }
+    }
+
+    private calculateChecksum(data: Buffer): string {
+        return crypto.createHash('sha256')
+            .update(data)
+            .digest('hex');
+    }
+
+    private terminateCompromised(): void {
+        if (this.isCompromised) return;
+        
+        this.isCompromised = true;
+        this.logger.emergency('Memory compromised - terminating process');
+        
+        this.secureHeap.clear();
+        
+        this.forceGarbageCollection();
+        
+        process.kill(process.pid, 'SIGKILL');
+    }
+
+    public getStatus(): any {
+        return {
+            isCompromised: this.isCompromised,
+            secureHeapSize: this.secureHeap.size,
+            snapshotsCount: this.memorySnapshots.size,
+            memoryUsage: process.memoryUsage(),
+            heapStats: v8.getHeapStatistics()
+        };
+    }
+}

package/src/guards/ProcessGuard.ts

@@ -0,0 +1,219 @@
+import * as process from 'process';
+import { Logger } from '../utils/Logger';
+
+export class ProcessGuard {
+    private static instance: ProcessGuard;
+    private readonly logger: Logger;
+    private readonly originalEnv: NodeJS.ProcessEnv;
+    private readonly protectedProperties: Set<string>;
+    private memorySnapshots: Map<string, Buffer>;
+    private isCompromised: boolean = false;
+
+    private constructor() {
+        this.logger = Logger.getInstance();
+        this.originalEnv = { ...process.env };
+        this.protectedProperties = new Set([
+            'argv', 'execPath', 'execArgv', 'pid', 'ppid',
+            'title', 'version', 'versions', 'arch', 'platform',
+            'release', 'features', 'moduleLoadList'
+        ]);
+        this.memorySnapshots = new Map();
+        
+        this.freezeProcess();
+        this.monitorMemory();
+        this.hookSystemCalls();
+    }
+
+    public static getInstance(): ProcessGuard {
+        if (!ProcessGuard.instance) {
+            ProcessGuard.instance = new ProcessGuard();
+        }
+        return ProcessGuard.instance;
+    }
+
+    public protectProcess(): void {
+        this.logger.info('ProcessGuard initialized');
+        
+        this.preventDebugger();
+        
+        this.protectEnvironment();
+        
+        this.monitorAnomalies();
+    }
+
+    private freezeProcess(): void {
+        Object.keys(process).forEach(key => {
+            if (this.protectedProperties.has(key)) {
+                try {
+                    Object.defineProperty(process, key, {
+                        configurable: false,
+                        enumerable: true,
+                        writable: false
+                    });
+                } catch (error) {
+                    this.logger.warning(`Failed to freeze process.${key}`, { error });
+                }
+            }
+        });
+
+        Object.seal(process);
+    }
+
+    private preventDebugger(): void {
+        const checkDebugger = () => {
+            if (this.detectDebugger()) {
+                this.logger.critical('Debugger detected!');
+                this.terminateCompromised();
+            }
+        };
+
+        setInterval(checkDebugger, 1000);
+        checkDebugger();
+    }
+
+    public detectDebugger(): boolean {
+        const debugIndicators = [
+            process.execArgv.some(arg => arg.includes('--inspect')),
+            process.execArgv.some(arg => arg.includes('--debug')),
+            process.env.NODE_OPTIONS?.includes('--inspect'),
+            process.env.NODE_OPTIONS?.includes('--debug'),
+            process.argv.some(arg => arg.includes('--inspect')),
+            process.argv.some(arg => arg.includes('--debug')),
+            process.argv.some(arg => arg.includes('debug'))
+        ];
+
+        return debugIndicators.some(Boolean);
+    }
+
+    private protectEnvironment(): void {
+        Object.keys(process.env).forEach(key => {
+            try {
+                Object.defineProperty(process.env, key, {
+                    configurable: false,
+                    writable: false
+                });
+            } catch (error) {
+            }
+        });
+
+        setInterval(() => {
+            const currentEnv = { ...process.env };
+            
+            for (const [key, value] of Object.entries(currentEnv)) {
+                if (this.originalEnv[key] !== value) {
+                    this.logger.critical('Environment variable modified!', { key });
+                    this.terminateCompromised();
+                }
+            }
+            
+            for (const key of Object.keys(currentEnv)) {
+                if (!this.originalEnv.hasOwnProperty(key)) {
+                    this.logger.critical('New environment variable detected!', { key });
+                    this.terminateCompromised();
+                }
+            }
+        }, 5000);
+    }
+
+    private monitorMemory(): void {
+        setInterval(() => {
+            this.takeMemorySnapshot();
+        }, 60000);
+
+        setInterval(() => {
+            this.validateMemoryIntegrity();
+        }, 10000);
+    }
+
+    private takeMemorySnapshot(): void {
+        return;
+    }
+
+    public validateMemoryIntegrity(): void {
+        const memoryUsage = process.memoryUsage();
+        
+        const heapUsed = memoryUsage.heapUsed;
+        const heapTotal = memoryUsage.heapTotal;
+        const ratio = heapUsed / heapTotal;
+        
+        if (ratio > 0.95) {
+            this.logger.warning('High memory usage detected', { ratio });
+        }
+    }
+
+    private hookSystemCalls(): void {
+        const fs = require('fs');
+        const originalReadFile = fs.readFile;
+        const originalWriteFile = fs.writeFile;
+        
+        fs.readFile = function(...args: any[]) {
+            Logger.getInstance().debug('File read', { file: args[0] });
+            return originalReadFile.apply(this, args);
+        };
+        
+        fs.writeFile = function(...args: any[]) {
+            Logger.getInstance().debug('File write', { file: args[0] });
+            
+            const filePath = args[0];
+            if (filePath.includes(__filename) || filePath.includes('node_modules')) {
+                Logger.getInstance().critical('Critical file modification attempt!', { filePath });
+                throw new Error('Critical file modification blocked');
+            }
+            
+            return originalWriteFile.apply(this, args);
+        };
+    }
+
+    private async monitorAnomalies(): Promise<void> {
+        setInterval(async () => {
+            try {
+                const stats = await this.getProcessStats();
+                if (stats.cpu > 80) {
+                    this.logger.warning('High CPU usage detected', { cpu: stats.cpu });
+                }
+                
+                const processes = await this.getProcesses();
+                const nodeProcesses = processes.length || 0;
+                
+                if (nodeProcesses > 10) {
+                    this.logger.critical('Too many Node.js processes detected!', { count: nodeProcesses });
+                    this.terminateCompromised();
+                }
+                
+            } catch (error) {
+                this.logger.error('Anomaly monitoring error', { error });
+            }
+        }, 30000);
+    }
+
+    private async getProcessStats(): Promise<any> {
+        return { cpu: 0 };
+    }
+
+    private async getProcesses(): Promise<any[]> {
+        return [];
+    }
+
+    private terminateCompromised(): void {
+        if (this.isCompromised) return;
+        
+        this.isCompromised = true;
+        this.logger.emergency('Process compromised - terminating');
+        
+        this.memorySnapshots.clear();
+        
+        process.kill(process.pid, 'SIGKILL');
+    }
+
+    public getStatus(): any {
+        return {
+            pid: process.pid,
+            uptime: process.uptime(),
+            memoryUsage: process.memoryUsage(),
+            cpuUsage: process.cpuUsage(),
+            debuggerDetected: this.detectDebugger(),
+            isCompromised: this.isCompromised,
+            protectedProperties: Array.from(this.protectedProperties)
+        };
+    }
+}

package/src/index.ts

@@ -0,0 +1,189 @@
+#!/usr/bin/env node
+
+import * as path from 'path';
+import { WatcherEngine } from './core/WatcherEngine';
+import { SecurityConfig } from './types';
+import { Logger } from './utils/Logger';
+import { ProcessGuard } from './guards/ProcessGuard';
+import { SecurityManager } from './core/SecurityManager';
+
+class SecureFileWatcher {
+    private watcher: WatcherEngine | null = null;
+    private readonly logger: Logger;
+    private readonly processGuard: ProcessGuard;
+
+    constructor() {
+        this.logger = Logger.getInstance();
+        this.processGuard = ProcessGuard.getInstance();
+        
+        this.initialize();
+    }
+
+    private async initialize(): Promise<void> {
+        try {
+            this.displayBanner();
+            
+            await this.validateEnvironment();
+            
+            const config = this.loadConfiguration();
+            
+            SecurityManager.getInstance(config);
+            
+            this.processGuard.protectProcess();
+            
+            this.watcher = new WatcherEngine(config);
+            
+            this.setupEventHandlers();
+            
+            this.watcher.startWatching();
+            
+            this.logger.info('Secure File Watcher started successfully');
+            
+        } catch (error) {
+            this.logger.emergency('Failed to start Secure File Watcher', { error });
+            process.exit(1);
+        }
+    }
+
+    private displayBanner(): void {
+        const banner = `
+Secure file security - Powered By Dimzxzzx07
+        `;
+        
+        console.log('\x1b[36m%s\x1b[0m', banner);
+    }
+
+    private async validateEnvironment(): Promise<void> {
+        const nodeVersion = process.versions.node;
+        const majorVersion = parseInt(nodeVersion.split('.')[0] || '0');
+        
+        if (majorVersion < 18) {
+            throw new Error(`Node.js 18+ required (current: ${nodeVersion})`);
+        }
+
+        const requiredEnvVars = ['NODE_ENV'];
+        for (const envVar of requiredEnvVars) {
+            if (!process.env[envVar]) {
+                this.logger.warning(`Environment variable ${envVar} not set`);
+            }
+        }
+
+        if (process.getuid && process.getuid() === 0) {
+            this.logger.warning('Running as root - this is not recommended');
+        }
+    }
+
+    private loadConfiguration(): SecurityConfig {
+        const watchDir = process.env.WATCH_DIR || process.cwd();
+        
+        return {
+            watchDir,
+            hashAlgorithm: (process.env.HASH_ALGORITHM as any) || 'sha512',
+            backupDir: path.join(watchDir, '.secure_backup'),
+            quarantineDir: path.join(watchDir, '.secure_quarantine'),
+            maxFileSize: parseInt(process.env.MAX_FILE_SIZE || '10485760'),
+            scanInterval: parseInt(process.env.SCAN_INTERVAL || '60'),
+            realtimeMonitoring: process.env.REALTIME_MONITORING !== 'false',
+            autoRollback: process.env.AUTO_ROLLBACK !== 'false',
+            quarantineEnabled: process.env.QUARANTINE_ENABLED !== 'false',
+            signatureVerification: process.env.SIGNATURE_VERIFICATION === 'true',
+            integrityLevel: (process.env.INTEGRITY_LEVEL as any) || 'advanced',
+            alertThreshold: (process.env.ALERT_THRESHOLD as any) || 'medium',
+            allowedExtensions: (process.env.ALLOWED_EXTENSIONS || '.js,.ts,.json,.txt').split(','),
+            blockedPatterns: [
+                /eval\s*\(/i,
+                /Function\s*\(/i,
+                /child_process/,
+                /exec(File)?/i
+            ],
+            trustedSigners: (process.env.TRUSTED_SIGNERS || '').split(',')
+        };
+    }
+
+    private setupEventHandlers(): void {
+        if (!this.watcher) return;
+
+        this.watcher.on('file:added', (data) => {
+            this.logger.info(`File added: ${data.filePath}`);
+        });
+
+        this.watcher.on('file:changed', (data) => {
+            this.logger.info(`File changed: ${data.filePath}`);
+        });
+
+        this.watcher.on('file:deleted', (data) => {
+            this.logger.warning(`File deleted: ${data.filePath}`);
+        });
+
+        this.watcher.on('file:restored', (data) => {
+            this.logger.info(`File restored: ${data.filePath}`);
+        });
+
+        this.watcher.on('integrity:violation', (violation) => {
+            this.logger.critical('Integrity violation!', violation);
+            
+            if (violation.severity === 'critical') {
+                this.handleCriticalViolation(violation);
+            }
+        });
+
+        this.watcher.on('security:alert', (alert) => {
+            this.logger.warning('Security alert', alert);
+        });
+
+        this.watcher.on('security:critical', (alert) => {
+            this.logger.emergency('Critical security event!', alert);
+            this.handleCriticalEvent();
+        });
+
+        this.watcher.on('error', (error) => {
+            this.logger.error('Watcher error', { error });
+        });
+    }
+
+    private handleCriticalViolation(violation: any): void {
+        this.logger.emergency('Handling critical violation', violation);
+    }
+
+    private handleCriticalEvent(): void {
+        this.logger.emergency('Critical event detected - initiating emergency protocol');
+    }
+
+    public getStatus(): any {
+        if (!this.watcher) {
+            return { status: 'not initialized' };
+        }
+        
+        return {
+            watcher: this.watcher.getStatus(),
+            process: this.processGuard.getStatus(),
+            uptime: process.uptime(),
+            memoryUsage: process.memoryUsage(),
+            timestamp: new Date().toISOString()
+        };
+    }
+}
+
+new SecureFileWatcher();
+
+process.on('SIGINT', () => {
+    Logger.getInstance().info('Received SIGINT - shutting down gracefully');
+    process.exit(0);
+});
+
+process.on('SIGTERM', () => {
+    Logger.getInstance().info('Received SIGTERM - shutting down gracefully');
+    process.exit(0);
+});
+
+process.on('uncaughtException', (error) => {
+    Logger.getInstance().emergency('Uncaught exception', { error });
+    process.exit(1);
+});
+
+process.on('unhandledRejection', (reason) => {
+    Logger.getInstance().emergency('Unhandled rejection', { reason });
+    process.exit(1);
+});
+
+export { SecureFileWatcher, WatcherEngine, SecurityConfig };