npm - @dimzxzzx07/file-watcher - Versions diffs - 1.0.0 - Mend

@dimzxzzx07/file-watcher 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/.env +13 -0
package/.eslintrc.json +128 -0
package/.prettierrc +18 -0
package/Dimzxzzx07.png +0 -0
package/README.md +1024 -0
package/dist/core/BackupManager.d.ts +25 -0
package/dist/core/BackupManager.d.ts.map +1 -0
package/dist/core/BackupManager.js +290 -0
package/dist/core/BackupManager.js.map +1 -0
package/dist/core/IntegrityValidator.d.ts +18 -0
package/dist/core/IntegrityValidator.d.ts.map +1 -0
package/dist/core/IntegrityValidator.js +212 -0
package/dist/core/IntegrityValidator.js.map +1 -0
package/dist/core/SecurityManager.d.ts +40 -0
package/dist/core/SecurityManager.d.ts.map +1 -0
package/dist/core/SecurityManager.js +320 -0
package/dist/core/SecurityManager.js.map +1 -0
package/dist/core/WatcherEngine.d.ts +44 -0
package/dist/core/WatcherEngine.d.ts.map +1 -0
package/dist/core/WatcherEngine.js +470 -0
package/dist/core/WatcherEngine.js.map +1 -0
package/dist/crypto/HashGenerator.d.ts +26 -0
package/dist/crypto/HashGenerator.d.ts.map +1 -0
package/dist/crypto/HashGenerator.js +220 -0
package/dist/crypto/HashGenerator.js.map +1 -0
package/dist/crypto/KeyManager.d.ts +30 -0
package/dist/crypto/KeyManager.d.ts.map +1 -0
package/dist/crypto/KeyManager.js +235 -0
package/dist/crypto/KeyManager.js.map +1 -0
package/dist/crypto/SignatureValidator.d.ts +11 -0
package/dist/crypto/SignatureValidator.d.ts.map +1 -0
package/dist/crypto/SignatureValidator.js +102 -0
package/dist/crypto/SignatureValidator.js.map +1 -0
package/dist/detectors/AnomalyDetector.d.ts +24 -0
package/dist/detectors/AnomalyDetector.d.ts.map +1 -0
package/dist/detectors/AnomalyDetector.js +209 -0
package/dist/detectors/AnomalyDetector.js.map +1 -0
package/dist/detectors/InjectionDetector.d.ts +14 -0
package/dist/detectors/InjectionDetector.d.ts.map +1 -0
package/dist/detectors/InjectionDetector.js +204 -0
package/dist/detectors/InjectionDetector.js.map +1 -0
package/dist/detectors/PatternMatcher.d.ts +28 -0
package/dist/detectors/PatternMatcher.d.ts.map +1 -0
package/dist/detectors/PatternMatcher.js +283 -0
package/dist/detectors/PatternMatcher.js.map +1 -0
package/dist/guards/FileGuard.d.ts +35 -0
package/dist/guards/FileGuard.d.ts.map +1 -0
package/dist/guards/FileGuard.js +357 -0
package/dist/guards/FileGuard.js.map +1 -0
package/dist/guards/MemoryGuard.d.ts +28 -0
package/dist/guards/MemoryGuard.d.ts.map +1 -0
package/dist/guards/MemoryGuard.js +256 -0
package/dist/guards/MemoryGuard.js.map +1 -0
package/dist/guards/ProcessGuard.d.ts +25 -0
package/dist/guards/ProcessGuard.d.ts.map +1 -0
package/dist/guards/ProcessGuard.js +221 -0
package/dist/guards/ProcessGuard.js.map +1 -0
package/dist/index.d.ts +19 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +186 -0
package/dist/index.js.map +1 -0
package/dist/types/index.d.ts +69 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +3 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/Constants.d.ts +407 -0
package/dist/utils/Constants.d.ts.map +1 -0
package/dist/utils/Constants.js +505 -0
package/dist/utils/Constants.js.map +1 -0
package/dist/utils/Logger.d.ts +45 -0
package/dist/utils/Logger.d.ts.map +1 -0
package/dist/utils/Logger.js +285 -0
package/dist/utils/Logger.js.map +1 -0
package/dist/utils/Validator.d.ts +27 -0
package/dist/utils/Validator.d.ts.map +1 -0
package/dist/utils/Validator.js +245 -0
package/dist/utils/Validator.js.map +1 -0
package/favicon.png +0 -0
package/jest.config.js +69 -0
package/package.json +69 -0
package/src/core/BackupManager.ts +305 -0
package/src/core/IntegrityValidator.ts +200 -0
package/src/core/SecurityManager.ts +348 -0
package/src/core/WatcherEngine.ts +537 -0
package/src/crypto/HashGenerator.ts +234 -0
package/src/crypto/KeyManager.ts +249 -0
package/src/crypto/SignatureValidator.ts +76 -0
package/src/detectors/AnomalyDetector.ts +247 -0
package/src/detectors/InjectionDetector.ts +233 -0
package/src/detectors/PatternMatcher.ts +319 -0
package/src/guards/FileGuard.ts +385 -0
package/src/guards/MemoryGuard.ts +263 -0
package/src/guards/ProcessGuard.ts +219 -0
package/src/index.ts +189 -0
package/src/types/index.ts +72 -0
package/src/utils/Constants.ts +532 -0
package/src/utils/Logger.ts +279 -0
package/src/utils/Validator.ts +248 -0
package/tests/setup.ts +80 -0
package/tsconfig.json +42 -0

package/dist/crypto/SignatureValidator.js ADDED Viewed

@@ -0,0 +1,102 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SignatureValidator = void 0;
+const crypto = __importStar(require("crypto"));
+const Logger_1 = require("../utils/Logger");
+class SignatureValidator {
+    logger;
+    keyPair;
+    constructor() {
+        this.logger = Logger_1.Logger.getInstance();
+        this.keyPair = this.generateKeyPair();
+    }
+    generateKeyPair() {
+        const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
+            modulusLength: 2048,
+            publicKeyEncoding: {
+                type: 'spki',
+                format: 'pem'
+            },
+            privateKeyEncoding: {
+                type: 'pkcs8',
+                format: 'pem'
+            }
+        });
+        return { publicKey, privateKey };
+    }
+    async generateSignature(data) {
+        try {
+            const hash = crypto.createHash('sha512')
+                .update(data)
+                .digest();
+            const sign = crypto.createSign('RSA-SHA512');
+            sign.update(hash);
+            const signature = sign.sign(this.keyPair.privateKey, 'base64');
+            return signature;
+        }
+        catch (error) {
+            this.logger.error('Failed to generate signature', { error });
+            throw error;
+        }
+    }
+    async validateSignature(data, signature) {
+        try {
+            const hash = crypto.createHash('sha512')
+                .update(data)
+                .digest();
+            const verify = crypto.createVerify('RSA-SHA512');
+            verify.update(hash);
+            return verify.verify(this.keyPair.publicKey, signature, 'base64');
+        }
+        catch (error) {
+            this.logger.error('Failed to validate signature', { error });
+            return false;
+        }
+    }
+    exportPublicKey() {
+        return this.keyPair.publicKey;
+    }
+    getStatus() {
+        return {
+            algorithm: 'RSA-SHA512',
+            keySize: 2048,
+            publicKeyAvailable: !!this.keyPair.publicKey,
+            privateKeyAvailable: !!this.keyPair.privateKey
+        };
+    }
+}
+exports.SignatureValidator = SignatureValidator;
+//# sourceMappingURL=SignatureValidator.js.map

package/dist/crypto/SignatureValidator.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"SignatureValidator.js","sourceRoot":"","sources":["../../src/crypto/SignatureValidator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,+CAAiC;AACjC,4CAAyC;AAEzC,MAAa,kBAAkB;IACV,MAAM,CAAS;IACf,OAAO,CAA4C;IAEpE;QACI,IAAI,CAAC,MAAM,GAAG,eAAM,CAAC,WAAW,EAAE,CAAC;QAEnC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IAC1C,CAAC;IAEO,eAAe;QACnB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,mBAAmB,CAAC,KAAK,EAAE;YAChE,aAAa,EAAE,IAAI;YACnB,iBAAiB,EAAE;gBACf,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,KAAK;aAChB;YACD,kBAAkB,EAAE;gBAChB,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,KAAK;aAChB;SACJ,CAAC,CAAC;QAEH,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,IAAY;QACvC,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;iBACnC,MAAM,CAAC,IAAI,CAAC;iBACZ,MAAM,EAAE,CAAC;YAEd,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAElB,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;YAE/D,OAAO,SAAS,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7D,MAAM,KAAK,CAAC;QAChB,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,iBAAiB,CAAC,IAAY,EAAE,SAAiB;QAC1D,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC;iBACnC,MAAM,CAAC,IAAI,CAAC;iBACZ,MAAM,EAAE,CAAC;YAEd,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;YACjD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAEpB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7D,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAEM,eAAe;QAClB,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAClC,CAAC;IAEM,SAAS;QACZ,OAAO;YACH,SAAS,EAAE,YAAY;YACvB,OAAO,EAAE,IAAI;YACb,kBAAkB,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS;YAC5C,mBAAmB,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU;SACjD,CAAC;IACN,CAAC;CACJ;AAxED,gDAwEC","sourcesContent":["import * as crypto from 'crypto';\nimport { Logger } from '../utils/Logger';\n\nexport class SignatureValidator {\n private readonly logger: Logger;\n private readonly keyPair: { publicKey: string; privateKey: string };\n\n constructor() {\n this.logger = Logger.getInstance();\n \n this.keyPair = this.generateKeyPair();\n }\n\n private generateKeyPair(): { publicKey: string; privateKey: string } {\n const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {\n modulusLength: 2048,\n publicKeyEncoding: {\n type: 'spki',\n format: 'pem'\n },\n privateKeyEncoding: {\n type: 'pkcs8',\n format: 'pem'\n }\n });\n\n return { publicKey, privateKey };\n }\n\n public async generateSignature(data: Buffer): Promise<string> {\n try {\n const hash = crypto.createHash('sha512')\n .update(data)\n .digest();\n \n const sign = crypto.createSign('RSA-SHA512');\n sign.update(hash);\n \n const signature = sign.sign(this.keyPair.privateKey, 'base64');\n \n return signature;\n } catch (error) {\n this.logger.error('Failed to generate signature', { error });\n throw error;\n }\n }\n\n public async validateSignature(data: Buffer, signature: string): Promise<boolean> {\n try {\n const hash = crypto.createHash('sha512')\n .update(data)\n .digest();\n \n const verify = crypto.createVerify('RSA-SHA512');\n verify.update(hash);\n \n return verify.verify(this.keyPair.publicKey, signature, 'base64');\n } catch (error) {\n this.logger.error('Failed to validate signature', { error });\n return false;\n }\n }\n\n public exportPublicKey(): string {\n return this.keyPair.publicKey;\n }\n\n public getStatus(): any {\n return {\n algorithm: 'RSA-SHA512',\n keySize: 2048,\n publicKeyAvailable: !!this.keyPair.publicKey,\n privateKeyAvailable: !!this.keyPair.privateKey\n };\n }\n}"]}

package/dist/detectors/AnomalyDetector.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+export declare class AnomalyDetector {
+    private readonly logger;
+    private readonly baseline;
+    private readonly anomalies;
+    private learningMode;
+    private readonly learningPeriod;
+    constructor();
+    private startLearning;
+    detectAnomalies(filePath: string, content: Buffer): Promise<boolean>;
+    private isSizeAnomaly;
+    private isTimingAnomaly;
+    private isContentPatternAnomaly;
+    private isFrequencyAnomaly;
+    private isStructuralAnomaly;
+    private getFileStats;
+    private getCharacterDistribution;
+    private getNormalDistribution;
+    private calculateStdDev;
+    private calculateSeverity;
+    updateBaseline(filePath: string, content: Buffer): void;
+    getAnomalies(): any[];
+    getStatus(): any;
+}
+//# sourceMappingURL=AnomalyDetector.d.ts.map

package/dist/detectors/AnomalyDetector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AnomalyDetector.d.ts","sourceRoot":"","sources":["../../src/detectors/AnomalyDetector.ts"],"names":[],"mappings":"AAEA,qBAAa,eAAe;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAmB;IAC5C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,YAAY,CAAiB;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAmB;;IAUlD,OAAO,CAAC,aAAa;IASR,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;YA2CnE,aAAa;YAUb,eAAe;YAgBf,uBAAuB;YAgBvB,kBAAkB;YAYlB,mBAAmB;YAoBnB,YAAY;IAa1B,OAAO,CAAC,wBAAwB;IAUhC,OAAO,CAAC,qBAAqB;IAgC7B,OAAO,CAAC,eAAe;IAMvB,OAAO,CAAC,iBAAiB;IAMlB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAwBvD,YAAY,IAAI,GAAG,EAAE;IAIrB,SAAS,IAAI,GAAG;CAQ1B"}

package/dist/detectors/AnomalyDetector.js ADDED Viewed

@@ -0,0 +1,209 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AnomalyDetector = void 0;
+const Logger_1 = require("../utils/Logger");
+class AnomalyDetector {
+    logger;
+    baseline;
+    anomalies;
+    learningMode = true;
+    learningPeriod = 3600000;
+    constructor() {
+        this.logger = Logger_1.Logger.getInstance();
+        this.baseline = new Map();
+        this.anomalies = [];
+        this.startLearning();
+    }
+    startLearning() {
+        this.logger.info('Anomaly detector starting learning mode');
+        setTimeout(() => {
+            this.learningMode = false;
+            this.logger.info('Anomaly detector learning complete');
+        }, this.learningPeriod);
+    }
+    async detectAnomalies(filePath, content) {
+        try {
+            const anomalies = [];
+            if (await this.isSizeAnomaly(filePath, content.length)) {
+                anomalies.push('size_anomaly');
+            }
+            if (await this.isTimingAnomaly(filePath)) {
+                anomalies.push('timing_anomaly');
+            }
+            if (await this.isContentPatternAnomaly(content)) {
+                anomalies.push('pattern_anomaly');
+            }
+            if (await this.isFrequencyAnomaly(filePath)) {
+                anomalies.push('frequency_anomaly');
+            }
+            if (await this.isStructuralAnomaly(content)) {
+                anomalies.push('structural_anomaly');
+            }
+            if (anomalies.length > 0) {
+                this.anomalies.push({
+                    filePath,
+                    timestamp: new Date(),
+                    anomalies,
+                    severity: this.calculateSeverity(anomalies.length)
+                });
+                this.logger.warning(`Anomalies detected in ${filePath}`, { anomalies });
+                return true;
+            }
+            return false;
+        }
+        catch (error) {
+            this.logger.error('Error detecting anomalies', { error });
+            return true;
+        }
+    }
+    async isSizeAnomaly(filePath, newSize) {
+        const stats = await this.getFileStats(filePath);
+        if (!stats)
+            return false;
+        const avgSize = stats.sizes.reduce((a, b) => a + b, 0) / stats.sizes.length;
+        const stdDev = this.calculateStdDev(stats.sizes, avgSize);
+        return Math.abs(newSize - avgSize) > (stdDev * 3);
+    }
+    async isTimingAnomaly(filePath) {
+        const stats = await this.getFileStats(filePath);
+        if (!stats)
+            return false;
+        const now = Date.now();
+        const lastAccess = stats.lastAccess || now;
+        const timeDiff = now - lastAccess;
+        const hour = new Date().getHours();
+        if (hour >= 1 && hour <= 4) {
+            return timeDiff < 300000;
+        }
+        return false;
+    }
+    async isContentPatternAnomaly(content) {
+        const contentStr = content.toString();
+        const charDistribution = this.getCharacterDistribution(contentStr);
+        const normalDistribution = this.getNormalDistribution();
+        let deviation = 0;
+        for (const [char, count] of charDistribution) {
+            const normalCount = normalDistribution.get(char) || 0;
+            deviation += Math.abs(count - normalCount);
+        }
+        return deviation > 100;
+    }
+    async isFrequencyAnomaly(filePath) {
+        const stats = await this.getFileStats(filePath);
+        if (!stats)
+            return false;
+        const now = Date.now();
+        const recentAccesses = stats.accessTimes.filter((time) => now - time < 60000);
+        return recentAccesses.length > 10;
+    }
+    async isStructuralAnomaly(content) {
+        if (content.length < 100)
+            return false;
+        const bytes = Array.from(content);
+        let maxRunLength = 0;
+        let currentRun = 1;
+        for (let i = 1; i < bytes.length; i++) {
+            if (bytes[i] === bytes[i - 1]) {
+                currentRun++;
+                maxRunLength = Math.max(maxRunLength, currentRun);
+            }
+            else {
+                currentRun = 1;
+            }
+        }
+        return maxRunLength > 100;
+    }
+    async getFileStats(filePath) {
+        if (!this.baseline.has(filePath)) {
+            this.baseline.set(filePath, {
+                sizes: [],
+                accessTimes: [],
+                lastAccess: null,
+                firstSeen: new Date()
+            });
+        }
+        return this.baseline.get(filePath);
+    }
+    getCharacterDistribution(text) {
+        const distribution = new Map();
+        for (const char of text) {
+            distribution.set(char, (distribution.get(char) || 0) + 1);
+        }
+        return distribution;
+    }
+    getNormalDistribution() {
+        const normal = new Map();
+        normal.set('e', 12.7);
+        normal.set('t', 9.1);
+        normal.set('a', 8.2);
+        normal.set('o', 7.5);
+        normal.set('i', 7.0);
+        normal.set('n', 6.7);
+        normal.set('s', 6.3);
+        normal.set('h', 6.1);
+        normal.set('r', 6.0);
+        normal.set('d', 4.3);
+        normal.set('l', 4.0);
+        normal.set('c', 2.8);
+        normal.set('u', 2.8);
+        normal.set('m', 2.4);
+        normal.set('w', 2.4);
+        normal.set('f', 2.2);
+        normal.set('g', 2.0);
+        normal.set('y', 2.0);
+        normal.set('p', 1.9);
+        normal.set('b', 1.5);
+        normal.set('v', 1.0);
+        normal.set('k', 0.8);
+        normal.set('j', 0.2);
+        normal.set('x', 0.2);
+        normal.set('q', 0.1);
+        normal.set('z', 0.1);
+        return normal;
+    }
+    calculateStdDev(values, mean) {
+        const squareDiffs = values.map(value => Math.pow(value - mean, 2));
+        const avgSquareDiff = squareDiffs.reduce((a, b) => a + b, 0) / squareDiffs.length;
+        return Math.sqrt(avgSquareDiff);
+    }
+    calculateSeverity(anomalyCount) {
+        if (anomalyCount >= 4)
+            return 'critical';
+        if (anomalyCount >= 2)
+            return 'high';
+        return 'medium';
+    }
+    updateBaseline(filePath, content) {
+        if (!this.learningMode)
+            return;
+        const stats = this.baseline.get(filePath) || {
+            sizes: [],
+            accessTimes: [],
+            lastAccess: null,
+            firstSeen: new Date()
+        };
+        stats.sizes.push(content.length);
+        stats.accessTimes.push(Date.now());
+        stats.lastAccess = Date.now();
+        if (stats.sizes.length > 100) {
+            stats.sizes.shift();
+        }
+        if (stats.accessTimes.length > 100) {
+            stats.accessTimes.shift();
+        }
+        this.baseline.set(filePath, stats);
+    }
+    getAnomalies() {
+        return [...this.anomalies];
+    }
+    getStatus() {
+        return {
+            learningMode: this.learningMode,
+            baselineCount: this.baseline.size,
+            anomaliesDetected: this.anomalies.length,
+            learningPeriod: this.learningPeriod
+        };
+    }
+}
+exports.AnomalyDetector = AnomalyDetector;
+//# sourceMappingURL=AnomalyDetector.js.map

package/dist/detectors/AnomalyDetector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"AnomalyDetector.js","sourceRoot":"","sources":["../../src/detectors/AnomalyDetector.ts"],"names":[],"mappings":";;;AAAA,4CAAyC;AAEzC,MAAa,eAAe;IACP,MAAM,CAAS;IACf,QAAQ,CAAmB;IAC3B,SAAS,CAAQ;IAC1B,YAAY,GAAY,IAAI,CAAC;IACpB,cAAc,GAAW,OAAO,CAAC;IAElD;QACI,IAAI,CAAC,MAAM,GAAG,eAAM,CAAC,WAAW,EAAE,CAAC;QACnC,IAAI,CAAC,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;QAEpB,IAAI,CAAC,aAAa,EAAE,CAAC;IACzB,CAAC;IAEO,aAAa;QACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QAE5D,UAAU,CAAC,GAAG,EAAE;YACZ,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAC3D,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;IAC5B,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,OAAe;QAC1D,IAAI,CAAC;YACD,MAAM,SAAS,GAAa,EAAE,CAAC;YAE/B,IAAI,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACrD,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACnC,CAAC;YAED,IAAI,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACvC,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9C,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACtC,CAAC;YAED,IAAI,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1C,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACxC,CAAC;YAED,IAAI,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,SAAS,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAChB,QAAQ;oBACR,SAAS,EAAE,IAAI,IAAI,EAAE;oBACrB,SAAS;oBACT,QAAQ,EAAE,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,MAAM,CAAC;iBACrD,CAAC,CAAC;gBAEH,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,yBAAyB,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;gBACxE,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,OAAO,KAAK,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,OAAe;QACzD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;QAC5F,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE1D,OAAO,IAAI,CAAC,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,QAAgB;QAC1C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,GAAG,CAAC;QAC3C,MAAM,QAAQ,GAAG,GAAG,GAAG,UAAU,CAAC;QAElC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,QAAQ,EAAE,CAAC;QACnC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,QAAQ,GAAG,MAAM,CAAC;QAC7B,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,uBAAuB,CAAC,OAAe;QACjD,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;QAEtC,MAAM,gBAAgB,GAAG,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;QAEnE,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAExD,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,gBAAgB,EAAE,CAAC;YAC3C,MAAM,WAAW,GAAG,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,SAAS,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,WAAW,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,SAAS,GAAG,GAAG,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,QAAgB;QAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QAEzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,CAC3C,CAAC,IAAY,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,GAAG,KAAK,CACvC,CAAC;QAEF,OAAO,cAAc,CAAC,MAAM,GAAG,EAAE,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,OAAe;QAC7C,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QAEvC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAElC,IAAI,YAAY,GAAG,CAAC,CAAC;QACrB,IAAI,UAAU,GAAG,CAAC,CAAC;QAEnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC5B,UAAU,EAAE,CAAC;gBACb,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACJ,UAAU,GAAG,CAAC,CAAC;YACnB,CAAC;QACL,CAAC;QAED,OAAO,YAAY,GAAG,GAAG,CAAC;IAC9B,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,QAAgB;QACvC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACxB,KAAK,EAAE,EAAE;gBACT,WAAW,EAAE,EAAE;gBACf,UAAU,EAAE,IAAI;gBAChB,SAAS,EAAE,IAAI,IAAI,EAAE;aACxB,CAAC,CAAC;QACP,CAAC;QAED,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAEO,wBAAwB,CAAC,IAAY;QACzC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAE/C,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACtB,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAEO,qBAAqB;QACzB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;QACzC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACtB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAErB,OAAO,MAAM,CAAC;IAClB,CAAC;IAEO,eAAe,CAAC,MAAgB,EAAE,IAAY;QAClD,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,MAAM,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC;QAClF,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACpC,CAAC;IAEO,iBAAiB,CAAC,YAAoB;QAC1C,IAAI,YAAY,IAAI,CAAC;YAAE,OAAO,UAAU,CAAC;QACzC,IAAI,YAAY,IAAI,CAAC;YAAE,OAAO,MAAM,CAAC;QACrC,OAAO,QAAQ,CAAC;IACpB,CAAC;IAEM,cAAc,CAAC,QAAgB,EAAE,OAAe;QACnD,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO;QAE/B,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI;YACzC,KAAK,EAAE,EAAE;YACT,WAAW,EAAE,EAAE;YACf,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE;SACxB,CAAC;QAEF,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACnC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE9B,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC3B,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;QACD,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACjC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QAC9B,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACvC,CAAC;IAEM,YAAY;QACf,OAAO,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAEM,SAAS;QACZ,OAAO;YACH,YAAY,EAAE,IAAI,CAAC,YAAY;YAC/B,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YACjC,iBAAiB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;YACxC,cAAc,EAAE,IAAI,CAAC,cAAc;SACtC,CAAC;IACN,CAAC;CACJ;AApPD,0CAoPC","sourcesContent":["import { Logger } from '../utils/Logger';\n\nexport class AnomalyDetector {\n private readonly logger: Logger;\n private readonly baseline: Map<string, any>;\n private readonly anomalies: any[];\n private learningMode: boolean = true;\n private readonly learningPeriod: number = 3600000;\n\n constructor() {\n this.logger = Logger.getInstance();\n this.baseline = new Map();\n this.anomalies = [];\n \n this.startLearning();\n }\n\n private startLearning(): void {\n this.logger.info('Anomaly detector starting learning mode');\n \n setTimeout(() => {\n this.learningMode = false;\n this.logger.info('Anomaly detector learning complete');\n }, this.learningPeriod);\n }\n\n public async detectAnomalies(filePath: string, content: Buffer): Promise<boolean> {\n try {\n const anomalies: string[] = [];\n\n if (await this.isSizeAnomaly(filePath, content.length)) {\n anomalies.push('size_anomaly');\n }\n\n if (await this.isTimingAnomaly(filePath)) {\n anomalies.push('timing_anomaly');\n }\n\n if (await this.isContentPatternAnomaly(content)) {\n anomalies.push('pattern_anomaly');\n }\n\n if (await this.isFrequencyAnomaly(filePath)) {\n anomalies.push('frequency_anomaly');\n }\n\n if (await this.isStructuralAnomaly(content)) {\n anomalies.push('structural_anomaly');\n }\n\n if (anomalies.length > 0) {\n this.anomalies.push({\n filePath,\n timestamp: new Date(),\n anomalies,\n severity: this.calculateSeverity(anomalies.length)\n });\n\n this.logger.warning(`Anomalies detected in ${filePath}`, { anomalies });\n return true;\n }\n\n return false;\n } catch (error) {\n this.logger.error('Error detecting anomalies', { error });\n return true;\n }\n }\n\n private async isSizeAnomaly(filePath: string, newSize: number): Promise<boolean> {\n const stats = await this.getFileStats(filePath);\n if (!stats) return false;\n\n const avgSize = stats.sizes.reduce((a: number, b: number) => a + b, 0) / stats.sizes.length;\n const stdDev = this.calculateStdDev(stats.sizes, avgSize);\n\n return Math.abs(newSize - avgSize) > (stdDev * 3);\n }\n\n private async isTimingAnomaly(filePath: string): Promise<boolean> {\n const stats = await this.getFileStats(filePath);\n if (!stats) return false;\n\n const now = Date.now();\n const lastAccess = stats.lastAccess || now;\n const timeDiff = now - lastAccess;\n\n const hour = new Date().getHours();\n if (hour >= 1 && hour <= 4) {\n return timeDiff < 300000;\n }\n\n return false;\n }\n\n private async isContentPatternAnomaly(content: Buffer): Promise<boolean> {\n const contentStr = content.toString();\n \n const charDistribution = this.getCharacterDistribution(contentStr);\n \n const normalDistribution = this.getNormalDistribution();\n \n let deviation = 0;\n for (const [char, count] of charDistribution) {\n const normalCount = normalDistribution.get(char) || 0;\n deviation += Math.abs(count - normalCount);\n }\n\n return deviation > 100;\n }\n\n private async isFrequencyAnomaly(filePath: string): Promise<boolean> {\n const stats = await this.getFileStats(filePath);\n if (!stats) return false;\n\n const now = Date.now();\n const recentAccesses = stats.accessTimes.filter(\n (time: number) => now - time < 60000\n );\n\n return recentAccesses.length > 10;\n }\n\n private async isStructuralAnomaly(content: Buffer): Promise<boolean> {\n if (content.length < 100) return false;\n\n const bytes = Array.from(content);\n \n let maxRunLength = 0;\n let currentRun = 1;\n \n for (let i = 1; i < bytes.length; i++) {\n if (bytes[i] === bytes[i - 1]) {\n currentRun++;\n maxRunLength = Math.max(maxRunLength, currentRun);\n } else {\n currentRun = 1;\n }\n }\n\n return maxRunLength > 100;\n }\n\n private async getFileStats(filePath: string): Promise<any> {\n if (!this.baseline.has(filePath)) {\n this.baseline.set(filePath, {\n sizes: [],\n accessTimes: [],\n lastAccess: null,\n firstSeen: new Date()\n });\n }\n\n return this.baseline.get(filePath);\n }\n\n private getCharacterDistribution(text: string): Map<string, number> {\n const distribution = new Map<string, number>();\n \n for (const char of text) {\n distribution.set(char, (distribution.get(char) || 0) + 1);\n }\n \n return distribution;\n }\n\n private getNormalDistribution(): Map<string, number> {\n const normal = new Map<string, number>();\n normal.set('e', 12.7);\n normal.set('t', 9.1);\n normal.set('a', 8.2);\n normal.set('o', 7.5);\n normal.set('i', 7.0);\n normal.set('n', 6.7);\n normal.set('s', 6.3);\n normal.set('h', 6.1);\n normal.set('r', 6.0);\n normal.set('d', 4.3);\n normal.set('l', 4.0);\n normal.set('c', 2.8);\n normal.set('u', 2.8);\n normal.set('m', 2.4);\n normal.set('w', 2.4);\n normal.set('f', 2.2);\n normal.set('g', 2.0);\n normal.set('y', 2.0);\n normal.set('p', 1.9);\n normal.set('b', 1.5);\n normal.set('v', 1.0);\n normal.set('k', 0.8);\n normal.set('j', 0.2);\n normal.set('x', 0.2);\n normal.set('q', 0.1);\n normal.set('z', 0.1);\n \n return normal;\n }\n\n private calculateStdDev(values: number[], mean: number): number {\n const squareDiffs = values.map(value => Math.pow(value - mean, 2));\n const avgSquareDiff = squareDiffs.reduce((a, b) => a + b, 0) / squareDiffs.length;\n return Math.sqrt(avgSquareDiff);\n }\n\n private calculateSeverity(anomalyCount: number): string {\n if (anomalyCount >= 4) return 'critical';\n if (anomalyCount >= 2) return 'high';\n return 'medium';\n }\n\n public updateBaseline(filePath: string, content: Buffer): void {\n if (!this.learningMode) return;\n\n const stats = this.baseline.get(filePath) || {\n sizes: [],\n accessTimes: [],\n lastAccess: null,\n firstSeen: new Date()\n };\n\n stats.sizes.push(content.length);\n stats.accessTimes.push(Date.now());\n stats.lastAccess = Date.now();\n\n if (stats.sizes.length > 100) {\n stats.sizes.shift();\n }\n if (stats.accessTimes.length > 100) {\n stats.accessTimes.shift();\n }\n\n this.baseline.set(filePath, stats);\n }\n\n public getAnomalies(): any[] {\n return [...this.anomalies];\n }\n\n public getStatus(): any {\n return {\n learningMode: this.learningMode,\n baselineCount: this.baseline.size,\n anomaliesDetected: this.anomalies.length,\n learningPeriod: this.learningPeriod\n };\n }\n}"]}

package/dist/detectors/InjectionDetector.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export declare class InjectionDetector {
+    private readonly logger;
+    private readonly suspiciousPatterns;
+    private readonly malwareSignatures;
+    constructor();
+    detectInjection(content: string): Promise<boolean>;
+    private hasMalwareSignature;
+    private hasSuspiciousPatterns;
+    private hasEncodedContent;
+    private isObfuscated;
+    private isSelfModifying;
+    private calculateEntropy;
+}
+//# sourceMappingURL=InjectionDetector.d.ts.map

package/dist/detectors/InjectionDetector.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"InjectionDetector.d.ts","sourceRoot":"","sources":["../../src/detectors/InjectionDetector.ts"],"names":[],"mappings":"AAEA,qBAAa,iBAAiB;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAEhC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CA4CjC;IAEF,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAShC;;IAMW,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkC/D,OAAO,CAAC,mBAAmB;IAM3B,OAAO,CAAC,qBAAqB;IAe7B,OAAO,CAAC,iBAAiB;IA2CzB,OAAO,CAAC,YAAY;IAmCpB,OAAO,CAAC,eAAe;IAgBvB,OAAO,CAAC,gBAAgB;CAiB3B"}

package/dist/detectors/InjectionDetector.js ADDED Viewed

@@ -0,0 +1,204 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InjectionDetector = void 0;
+const Logger_1 = require("../utils/Logger");
+class InjectionDetector {
+    logger;
+    suspiciousPatterns = [
+        /eval\s*\(/i,
+        /Function\s*\(/i,
+        /setTimeout\s*\(\s*['"`]/i,
+        /setInterval\s*\(\s*['"`]/i,
+        /new\s+Function\s*\(/i,
+        /require\(['"][^'"]+['"]\)/i,
+        /process\.(binding|dlopen|kill)/i,
+        /child_process/,
+        /exec(File)?(Sync)?\s*\(/i,
+        /spawn(Sync)?\s*\(/i,
+        /fork\s*\(/i,
+        /vm\.(runIn|create)/i,
+        /\[\s*[\s\S]{100,}\s*\]/,
+        /String\.fromCharCode/,
+        /unescape\s*\(/i,
+        /escape\s*\(/i,
+        /decodeURI(Component)?\s*\(/i,
+        /atob\s*\(/i,
+        /btoa\s*\(/i,
+        /Buffer\.from\s*\(/i,
+        /new\s+Buffer\s*\(/i,
+        /__defineGetter__/,
+        /__defineSetter__/,
+        /__lookupGetter__/,
+        /__lookupSetter__/,
+        /Object\.(defineProperty|defineProperties)\s*\([^)]*(?:writable:\s*true|configurable:\s*true)/i,
+        /Reflect\.(set|defineProperty)/i,
+        /Proxy\s*\(/i,
+        /WeakMap|WeakSet/,
+        /FinalizationRegistry/,
+        /WebAssembly/,
+        /SharedArrayBuffer/,
+        /Atomics\./,
+        /globalThis/,
+        /global\s*\[/,
+        /this\.constructor/,
+        /\[\s*['"`]__proto__['"`]\s*\]/i,
+        /Object\.setPrototypeOf/,
+        /module\.constructor\._load/,
+        /process\.mainModule/,
+        /require\.cache/,
+        /module\.children/,
+        /\[\s*['"`]length['"`]\s*\]/
+    ];
+    malwareSignatures = [
+        'Injection by',
+        'Bypass',
+        'bypass',
+        'Injeksi',
+        'injeksi',
+        'Ultra-Audit V80',
+        'Ghost-FS',
+        'b64'
+    ];
+    constructor() {
+        this.logger = Logger_1.Logger.getInstance();
+    }
+    async detectInjection(content) {
+        try {
+            if (this.hasMalwareSignature(content)) {
+                this.logger.warning('Malware signature detected');
+                return true;
+            }
+            if (this.hasSuspiciousPatterns(content)) {
+                this.logger.warning('Suspicious pattern detected');
+                return true;
+            }
+            if (this.hasEncodedContent(content)) {
+                this.logger.warning('Encoded content detected');
+                return true;
+            }
+            if (this.isObfuscated(content)) {
+                this.logger.warning('Obfuscated code detected');
+                return true;
+            }
+            if (this.isSelfModifying(content)) {
+                this.logger.warning('Self-modifying code detected');
+                return true;
+            }
+            return false;
+        }
+        catch (error) {
+            this.logger.error('Injection detection error', { error });
+            return true;
+        }
+    }
+    hasMalwareSignature(content) {
+        return this.malwareSignatures.some(signature => content.includes(signature));
+    }
+    hasSuspiciousPatterns(content) {
+        let suspiciousCount = 0;
+        for (const pattern of this.suspiciousPatterns) {
+            const matches = content.match(new RegExp(pattern.source, 'g')) || [];
+            suspiciousCount += matches.length;
+            if (suspiciousCount > 5) {
+                return true;
+            }
+        }
+        return false;
+    }
+    hasEncodedContent(content) {
+        const base64Pattern = /[A-Za-z0-9+/]{50,}={0,2}/g;
+        const base64Matches = content.match(base64Pattern) || [];
+        for (const match of base64Matches) {
+            try {
+                const decoded = Buffer.from(match, 'base64').toString();
+                if (this.hasSuspiciousPatterns(decoded)) {
+                    return true;
+                }
+            }
+            catch {
+            }
+        }
+        const hexPattern = /[0-9a-fA-F]{50,}/g;
+        const hexMatches = content.match(hexPattern) || [];
+        for (const match of hexMatches) {
+            try {
+                const decoded = Buffer.from(match, 'hex').toString();
+                if (this.hasSuspiciousPatterns(decoded)) {
+                    return true;
+                }
+            }
+            catch {
+            }
+        }
+        const urlEncodedPattern = /%[0-9a-fA-F]{2}/g;
+        const urlMatches = content.match(urlEncodedPattern) || [];
+        if (urlMatches.length > 20) {
+            try {
+                const decoded = decodeURIComponent(content);
+                if (this.hasSuspiciousPatterns(decoded)) {
+                    return true;
+                }
+            }
+            catch {
+            }
+        }
+        return false;
+    }
+    isObfuscated(content) {
+        const entropy = this.calculateEntropy(content);
+        if (entropy > 6.5) {
+            return true;
+        }
+        const varNamePattern = /(?:var|let|const)\s+([a-zA-Z_$][0-9a-zA-Z_$]*)/g;
+        const varNames = [];
+        let match;
+        while ((match = varNamePattern.exec(content)) !== null) {
+            if (match[1]) {
+                varNames.push(match[1]);
+            }
+        }
+        const avgVarLength = varNames.reduce((sum, name) => sum + name.length, 0) / varNames.length;
+        if (avgVarLength > 15) {
+            return true;
+        }
+        const lines = content.split('\n');
+        if (lines.length === 1 && content.length > 1000) {
+            return true;
+        }
+        const bracketCount = (content.match(/[{}()[\]]/g) || []).length;
+        const bracketRatio = bracketCount / content.length;
+        if (bracketRatio > 0.3) {
+            return true;
+        }
+        return false;
+    }
+    isSelfModifying(content) {
+        const selfModifyingPatterns = [
+            /Function\s*\(['"`][^)]*['"`]\s*\)/,
+            /eval\s*\(/,
+            /new\s+Function/,
+            /writeFileSync.*__filename/,
+            /unlinkSync.*__filename/,
+            /require\(['"`]fs['"`]\)/,
+            /process\.argv/,
+            /module\.exports\s*=/,
+            /exports\.[a-zA-Z_]+\s*=/
+        ];
+        return selfModifyingPatterns.some(pattern => pattern.test(content));
+    }
+    calculateEntropy(content) {
+        const frequencies = {};
+        for (const char of content) {
+            frequencies[char] = (frequencies[char] || 0) + 1;
+        }
+        let entropy = 0;
+        const length = content.length;
+        for (const freq of Object.values(frequencies)) {
+            const probability = freq / length;
+            entropy -= probability * Math.log2(probability);
+        }
+        return entropy;
+    }
+}
+exports.InjectionDetector = InjectionDetector;
+//# sourceMappingURL=InjectionDetector.js.map

package/dist/detectors/InjectionDetector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"InjectionDetector.js","sourceRoot":"","sources":["../../src/detectors/InjectionDetector.ts"],"names":[],"mappings":";;;AAAA,4CAAyC;AAEzC,MAAa,iBAAiB;IACT,MAAM,CAAS;IAEf,kBAAkB,GAAG;QAClC,YAAY;QACZ,gBAAgB;QAChB,0BAA0B;QAC1B,2BAA2B;QAC3B,sBAAsB;QACtB,4BAA4B;QAC5B,iCAAiC;QACjC,eAAe;QACf,0BAA0B;QAC1B,oBAAoB;QACpB,YAAY;QACZ,qBAAqB;QACrB,wBAAwB;QACxB,sBAAsB;QACtB,gBAAgB;QAChB,cAAc;QACd,6BAA6B;QAC7B,YAAY;QACZ,YAAY;QACZ,oBAAoB;QACpB,oBAAoB;QACpB,kBAAkB;QAClB,kBAAkB;QAClB,kBAAkB;QAClB,kBAAkB;QAClB,+FAA+F;QAC/F,gCAAgC;QAChC,aAAa;QACb,iBAAiB;QACjB,sBAAsB;QACtB,aAAa;QACb,mBAAmB;QACnB,WAAW;QACX,YAAY;QACZ,aAAa;QACb,mBAAmB;QACnB,gCAAgC;QAChC,wBAAwB;QACxB,4BAA4B;QAC5B,qBAAqB;QACrB,gBAAgB;QAChB,kBAAkB;QAClB,4BAA4B;KAC/B,CAAC;IAEe,iBAAiB,GAAG;QACjC,cAAc;QACd,QAAQ;QACR,QAAQ;QACR,SAAS;QACT,SAAS;QACT,iBAAiB;QACjB,UAAU;QACV,KAAK;KACR,CAAC;IAEF;QACI,IAAI,CAAC,MAAM,GAAG,eAAM,CAAC,WAAW,EAAE,CAAC;IACvC,CAAC;IAEM,KAAK,CAAC,eAAe,CAAC,OAAe;QACxC,IAAI,CAAC;YACD,IAAI,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;gBAClD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,IAAI,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;gBACnD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,IAAI,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;gBAChD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7B,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;gBAChD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;gBACpD,OAAO,IAAI,CAAC;YAChB,CAAC;YAED,OAAO,KAAK,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEO,mBAAmB,CAAC,OAAe;QACvC,OAAO,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAC3C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAC9B,CAAC;IACN,CAAC;IAEO,qBAAqB,CAAC,OAAe;QACzC,IAAI,eAAe,GAAG,CAAC,CAAC;QAExB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACrE,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;YAElC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YAChB,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAEO,iBAAiB,CAAC,OAAe;QACrC,MAAM,aAAa,GAAG,2BAA2B,CAAC;QAClD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QAEzD,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAChC,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACxD,IAAI,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtC,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;YACT,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAG,mBAAmB,CAAC;QACvC,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QAEnD,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACrD,IAAI,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtC,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;YACT,CAAC;QACL,CAAC;QAED,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;QAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;QAE1D,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACzB,IAAI,CAAC;gBACD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC5C,IAAI,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtC,OAAO,IAAI,CAAC;gBAChB,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;YACT,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAEO,YAAY,CAAC,OAAe;QAChC,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC/C,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,cAAc,GAAG,iDAAiD,CAAC;QACzE,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,IAAI,KAAK,CAAC;QAEV,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACrD,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACX,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5B,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC;QAC5F,IAAI,YAAY,GAAG,EAAE,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;QAChE,MAAM,YAAY,GAAG,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;QACnD,IAAI,YAAY,GAAG,GAAG,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,OAAO,KAAK,CAAC;IACjB,CAAC;IAEO,eAAe,CAAC,OAAe;QACnC,MAAM,qBAAqB,GAAG;YAC1B,mCAAmC;YACnC,WAAW;YACX,gBAAgB;YAChB,2BAA2B;YAC3B,wBAAwB;YACxB,yBAAyB;YACzB,eAAe;YACf,qBAAqB;YACrB,yBAAyB;SAC5B,CAAC;QAEF,OAAO,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACxE,CAAC;IAEO,gBAAgB,CAAC,OAAe;QACpC,MAAM,WAAW,GAA8B,EAAE,CAAC;QAElD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YACzB,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5C,MAAM,WAAW,GAAG,IAAI,GAAG,MAAM,CAAC;YAClC,OAAO,IAAI,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,OAAO,CAAC;IACnB,CAAC;CACJ;AAtOD,8CAsOC","sourcesContent":["import { Logger } from '../utils/Logger';\n\nexport class InjectionDetector {\n private readonly logger: Logger;\n \n private readonly suspiciousPatterns = [\n /eval\\s*\$/i,\n /Function\\s*\\(/i,\n /setTimeout\\s*\\(\\s*['\"`]/i,\n /setInterval\\s*\\(\\s*['\"`]/i,\n /new\\s+Function\\s*\\(/i,\n /require\\(['\"][^'\"]+['\"]\$/i,\n /process\\.(binding|dlopen|kill)/i,\n /child_process/,\n /exec(File)?(Sync)?\\s*\\(/i,\n /spawn(Sync)?\\s*\\(/i,\n /fork\\s*\\(/i,\n /vm\\.(runIn|create)/i,\n /\\[\\s*[\\s\\S]{100,}\\s*\\]/,\n /String\\.fromCharCode/,\n /unescape\\s*\\(/i,\n /escape\\s*\\(/i,\n /decodeURI(Component)?\\s*\\(/i,\n /atob\\s*\\(/i,\n /btoa\\s*\\(/i,\n /Buffer\\.from\\s*\\(/i,\n /new\\s+Buffer\\s*\\(/i,\n /__defineGetter__/,\n /__defineSetter__/,\n /__lookupGetter__/,\n /__lookupSetter__/,\n /Object\\.(defineProperty|defineProperties)\\s*\\([^)]*(?:writable:\\s*true|configurable:\\s*true)/i,\n /Reflect\\.(set|defineProperty)/i,\n /Proxy\\s*\\(/i,\n /WeakMap|WeakSet/,\n /FinalizationRegistry/,\n /WebAssembly/,\n /SharedArrayBuffer/,\n /Atomics\\./,\n /globalThis/,\n /global\\s*\\[/,\n /this\\.constructor/,\n /\\[\\s*['\"`]__proto__['\"`]\\s*\\]/i,\n /Object\\.setPrototypeOf/,\n /module\\.constructor\\._load/,\n /process\\.mainModule/,\n /require\\.cache/,\n /module\\.children/,\n /\\[\\s*['\"`]length['\"`]\\s*\\]/\n ];\n\n private readonly malwareSignatures = [\n 'Injection by',\n 'Bypass',\n 'bypass',\n 'Injeksi',\n 'injeksi',\n 'Ultra-Audit V80',\n 'Ghost-FS',\n 'b64'\n ];\n\n constructor() {\n this.logger = Logger.getInstance();\n }\n\n public async detectInjection(content: string): Promise<boolean> {\n try {\n if (this.hasMalwareSignature(content)) {\n this.logger.warning('Malware signature detected');\n return true;\n }\n\n if (this.hasSuspiciousPatterns(content)) {\n this.logger.warning('Suspicious pattern detected');\n return true;\n }\n\n if (this.hasEncodedContent(content)) {\n this.logger.warning('Encoded content detected');\n return true;\n }\n\n if (this.isObfuscated(content)) {\n this.logger.warning('Obfuscated code detected');\n return true;\n }\n\n if (this.isSelfModifying(content)) {\n this.logger.warning('Self-modifying code detected');\n return true;\n }\n\n return false;\n } catch (error) {\n this.logger.error('Injection detection error', { error });\n return true;\n }\n }\n\n private hasMalwareSignature(content: string): boolean {\n return this.malwareSignatures.some(signature => \n content.includes(signature)\n );\n }\n\n private hasSuspiciousPatterns(content: string): boolean {\n let suspiciousCount = 0;\n \n for (const pattern of this.suspiciousPatterns) {\n const matches = content.match(new RegExp(pattern.source, 'g')) || [];\n suspiciousCount += matches.length;\n \n if (suspiciousCount > 5) {\n return true;\n }\n }\n \n return false;\n }\n\n private hasEncodedContent(content: string): boolean {\n const base64Pattern = /[A-Za-z0-9+/]{50,}={0,2}/g;\n const base64Matches = content.match(base64Pattern) || [];\n \n for (const match of base64Matches) {\n try {\n const decoded = Buffer.from(match, 'base64').toString();\n if (this.hasSuspiciousPatterns(decoded)) {\n return true;\n }\n } catch {\n }\n }\n \n const hexPattern = /[0-9a-fA-F]{50,}/g;\n const hexMatches = content.match(hexPattern) || [];\n \n for (const match of hexMatches) {\n try {\n const decoded = Buffer.from(match, 'hex').toString();\n if (this.hasSuspiciousPatterns(decoded)) {\n return true;\n }\n } catch {\n }\n }\n \n const urlEncodedPattern = /%[0-9a-fA-F]{2}/g;\n const urlMatches = content.match(urlEncodedPattern) || [];\n \n if (urlMatches.length > 20) {\n try {\n const decoded = decodeURIComponent(content);\n if (this.hasSuspiciousPatterns(decoded)) {\n return true;\n }\n } catch {\n }\n }\n \n return false;\n }\n\n private isObfuscated(content: string): boolean {\n const entropy = this.calculateEntropy(content);\n if (entropy > 6.5) {\n return true;\n }\n \n const varNamePattern = /(?:var|let|const)\\s+([a-zA-Z_$][0-9a-zA-Z_$]*)/g;\n const varNames: string[] = [];\n let match;\n \n while ((match = varNamePattern.exec(content)) !== null) {\n if (match[1]) {\n varNames.push(match[1]);\n }\n }\n \n const avgVarLength = varNames.reduce((sum, name) => sum + name.length, 0) / varNames.length;\n if (avgVarLength > 15) {\n return true;\n }\n \n const lines = content.split('\\n');\n if (lines.length === 1 && content.length > 1000) {\n return true;\n }\n \n const bracketCount = (content.match(/[{}()[\\]]/g) || []).length;\n const bracketRatio = bracketCount / content.length;\n if (bracketRatio > 0.3) {\n return true;\n }\n \n return false;\n }\n\n private isSelfModifying(content: string): boolean {\n const selfModifyingPatterns = [\n /Function\\s*\$['\"`][^)]*['\"`]\\s*\$/,\n /eval\\s*\$/,\n /new\\s+Function/,\n /writeFileSync.*__filename/,\n /unlinkSync.*__filename/,\n /require\\(['\"`]fs['\"`]\$/,\n /process\\.argv/,\n /module\\.exports\\s*=/,\n /exports\\.[a-zA-Z_]+\\s*=/\n ];\n \n return selfModifyingPatterns.some(pattern => pattern.test(content));\n }\n\n private calculateEntropy(content: string): number {\n const frequencies: { [key: string]: number } = {};\n \n for (const char of content) {\n frequencies[char] = (frequencies[char] || 0) + 1;\n }\n \n let entropy = 0;\n const length = content.length;\n \n for (const freq of Object.values(frequencies)) {\n const probability = freq / length;\n entropy -= probability * Math.log2(probability);\n }\n \n return entropy;\n }\n}"]}

package/dist/detectors/PatternMatcher.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+export declare class PatternMatcher {
+    private readonly logger;
+    private readonly patterns;
+    private readonly signatures;
+    private readonly heuristics;
+    constructor();
+    private initializePatterns;
+    private initializeSignatures;
+    private initializeHeuristics;
+    matchPatterns(content: string, type: string): boolean;
+    matchSignatures(content: string, type: string): boolean;
+    applyHeuristics(content: string): Map<string, boolean>;
+    comprehensiveScan(content: string): {
+        matched: boolean;
+        findings: Array<{
+            type: string;
+            pattern: string;
+            severity: string;
+        }>;
+        score: number;
+    };
+    private getSeverity;
+    private getWeight;
+    getPatterns(): string[];
+    getSignatures(): string[];
+    getHeuristics(): string[];
+}
+//# sourceMappingURL=PatternMatcher.d.ts.map