@kelthos-x/dna 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +24 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +96 -0
- package/dist/index.js.map +1 -0
- package/package.json +32 -0
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { Request, Response, NextFunction } from "express";
|
|
2
|
+
export interface DNAConfig {
|
|
3
|
+
apiKey: string;
|
|
4
|
+
kelthosEndpoint: string;
|
|
5
|
+
enabled: boolean;
|
|
6
|
+
waf: {
|
|
7
|
+
enabled: boolean;
|
|
8
|
+
blockSQLi: boolean;
|
|
9
|
+
blockXSS: boolean;
|
|
10
|
+
blockPathTraversal: boolean;
|
|
11
|
+
};
|
|
12
|
+
monitor: {
|
|
13
|
+
endpoints: boolean;
|
|
14
|
+
responses: boolean;
|
|
15
|
+
dependencies: boolean;
|
|
16
|
+
};
|
|
17
|
+
selfHealing: {
|
|
18
|
+
enabled: boolean;
|
|
19
|
+
autoBlock: boolean;
|
|
20
|
+
};
|
|
21
|
+
}
|
|
22
|
+
export declare function kelthosDNA(userConfig?: Partial<DNAConfig>): (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
|
|
23
|
+
export declare function getDNAConfig(): DNAConfig;
|
|
24
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE1D,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,kBAAkB,EAAE,OAAO,CAAC;KAAE,CAAC;IAC/F,OAAO,EAAE;QAAE,SAAS,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;QAAC,YAAY,EAAE,OAAO,CAAC;KAAE,CAAC;IAC5E,WAAW,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,EAAE,OAAO,CAAC;KAAE,CAAC;CACxD;AAiDD,wBAAgB,UAAU,CAAC,UAAU,GAAE,OAAO,CAAC,SAAS,CAAM,IAG9B,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,+CA+C9E;AAED,wBAAgB,YAAY,IAAI,SAAS,CAExC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,96 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.kelthosDNA = kelthosDNA;
|
|
4
|
+
exports.getDNAConfig = getDNAConfig;
|
|
5
|
+
const DEFAULT_CONFIG = {
|
|
6
|
+
apiKey: "",
|
|
7
|
+
kelthosEndpoint: "https://kelthos-x.cfd/api/v1/dna/telemetry",
|
|
8
|
+
enabled: true,
|
|
9
|
+
waf: { enabled: true, blockSQLi: true, blockXSS: true, blockPathTraversal: true },
|
|
10
|
+
monitor: { endpoints: true, responses: true, dependencies: true },
|
|
11
|
+
selfHealing: { enabled: true, autoBlock: true },
|
|
12
|
+
};
|
|
13
|
+
let config = { ...DEFAULT_CONFIG };
|
|
14
|
+
const SQLI_PATTERNS = [
|
|
15
|
+
/(\bSELECT\b.*\bFROM\b)|(\bUNION\b.*\bSELECT\b)|(\bDROP\b.*\bTABLE\b)|(\bINSERT\b.*\bINTO\b)|('?\s*OR\s*'?\d+'?\s*=\s*'?\d)/i,
|
|
16
|
+
/(\bEXEC\b|\bEXECUTE\b).*/i,
|
|
17
|
+
/(\bWAITFOR\b\s+DELAY\b)/i,
|
|
18
|
+
];
|
|
19
|
+
const XSS_PATTERNS = [
|
|
20
|
+
/<script\b[^>]*>[\s\S]*?<\/script>/i,
|
|
21
|
+
/javascript\s*:/i,
|
|
22
|
+
/on\w+\s*=\s*"[^"]*"/i,
|
|
23
|
+
/<img[^>]+onerror\s*=/i,
|
|
24
|
+
];
|
|
25
|
+
const PATH_TRAVERSAL_PATTERNS = [
|
|
26
|
+
/\.\.\//,
|
|
27
|
+
/\.\.\\/,
|
|
28
|
+
/%2e%2e%2f/i,
|
|
29
|
+
/%252e%252e%252f/i,
|
|
30
|
+
];
|
|
31
|
+
function checkPayload(value, patterns) {
|
|
32
|
+
return patterns.some((p) => p.test(value));
|
|
33
|
+
}
|
|
34
|
+
function scanRequest(req) {
|
|
35
|
+
const values = [
|
|
36
|
+
req.url || "",
|
|
37
|
+
...Object.values(req.query || {}).map(String),
|
|
38
|
+
...Object.values(req.body || {}).flatMap((v) => (typeof v === "string" ? [v] : [])),
|
|
39
|
+
...Object.values(req.headers || {}).flatMap((v) => (typeof v === "string" ? [v] : [])),
|
|
40
|
+
];
|
|
41
|
+
if (config.waf.blockSQLi && checkPayload(values.join(" "), SQLI_PATTERNS))
|
|
42
|
+
return "SQL_INJECTION";
|
|
43
|
+
if (config.waf.blockXSS && checkPayload(values.join(" "), XSS_PATTERNS))
|
|
44
|
+
return "XSS";
|
|
45
|
+
if (config.waf.blockPathTraversal && checkPayload(values.join(" "), PATH_TRAVERSAL_PATTERNS))
|
|
46
|
+
return "PATH_TRAVERSAL";
|
|
47
|
+
return null;
|
|
48
|
+
}
|
|
49
|
+
function kelthosDNA(userConfig = {}) {
|
|
50
|
+
config = { ...DEFAULT_CONFIG, ...userConfig };
|
|
51
|
+
return function dnaMiddleware(req, res, next) {
|
|
52
|
+
if (!config.enabled)
|
|
53
|
+
return next();
|
|
54
|
+
const threat = scanRequest(req);
|
|
55
|
+
if (threat) {
|
|
56
|
+
console.warn(`[Kelthos-DNA] BLOCKED: ${threat} from ${req.ip} on ${req.path}`);
|
|
57
|
+
if (config.selfHealing.autoBlock) {
|
|
58
|
+
res.setHeader("X-Kelthos-Blocked", threat);
|
|
59
|
+
}
|
|
60
|
+
if (config.kelthosEndpoint && config.apiKey) {
|
|
61
|
+
fetch(config.kelthosEndpoint, {
|
|
62
|
+
method: "POST",
|
|
63
|
+
headers: { "Content-Type": "application/json", Authorization: `Bearer ${config.apiKey}` },
|
|
64
|
+
body: JSON.stringify({ event_type: "blocked_attack", threat, ip: req.ip, path: req.path, timestamp: new Date().toISOString() }),
|
|
65
|
+
}).catch(() => { });
|
|
66
|
+
}
|
|
67
|
+
return res.status(403).json({ error: "Request blocked by Kelthos-X DNA", code: threat });
|
|
68
|
+
}
|
|
69
|
+
const startTime = Date.now();
|
|
70
|
+
const originalJson = res.json.bind(res);
|
|
71
|
+
res.json = function (body) {
|
|
72
|
+
if (config.monitor.responses && typeof body === "string") {
|
|
73
|
+
const sensitivePatterns = /(password|secret|token|api[_-]?key|private[_-]?key)/i;
|
|
74
|
+
if (sensitivePatterns.test(body)) {
|
|
75
|
+
console.warn(`[Kelthos-DNA] Potential sensitive data in response from ${req.path}`);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
return originalJson(body);
|
|
79
|
+
};
|
|
80
|
+
res.on("finish", () => {
|
|
81
|
+
const duration = Date.now() - startTime;
|
|
82
|
+
if (config.kelthosEndpoint && config.apiKey) {
|
|
83
|
+
fetch(config.kelthosEndpoint, {
|
|
84
|
+
method: "POST",
|
|
85
|
+
headers: { "Content-Type": "application/json", Authorization: `Bearer ${config.apiKey}` },
|
|
86
|
+
body: JSON.stringify({ event_type: "request", method: req.method, path: req.path, status: res.statusCode, duration_ms: duration, timestamp: new Date().toISOString() }),
|
|
87
|
+
}).catch(() => { });
|
|
88
|
+
}
|
|
89
|
+
});
|
|
90
|
+
next();
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
function getDNAConfig() {
|
|
94
|
+
return { ...config };
|
|
95
|
+
}
|
|
96
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AA0DA,gCAkDC;AAED,oCAEC;AArGD,MAAM,cAAc,GAAc;IAChC,MAAM,EAAE,EAAE;IACV,eAAe,EAAE,4CAA4C;IAC7D,OAAO,EAAE,IAAI;IACb,GAAG,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE;IACjF,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE;IACjE,WAAW,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;CAChD,CAAC;AAEF,IAAI,MAAM,GAAc,EAAE,GAAG,cAAc,EAAE,CAAC;AAE9C,MAAM,aAAa,GAAG;IACpB,6HAA6H;IAC7H,2BAA2B;IAC3B,0BAA0B;CAC3B,CAAC;AACF,MAAM,YAAY,GAAG;IACnB,oCAAoC;IACpC,iBAAiB;IACjB,sBAAsB;IACtB,uBAAuB;CACxB,CAAC;AACF,MAAM,uBAAuB,GAAG;IAC9B,QAAQ;IACR,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACnB,CAAC;AAEF,SAAS,YAAY,CAAC,KAAa,EAAE,QAAkB;IACrD,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;IAC/B,MAAM,MAAM,GAAG;QACb,GAAG,CAAC,GAAG,IAAI,EAAE;QACb,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;QAC7C,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACnF,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;KACvF,CAAC;IAEF,IAAI,MAAM,CAAC,GAAG,CAAC,SAAS,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC;QAAE,OAAO,eAAe,CAAC;IAClG,IAAI,MAAM,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IACtF,IAAI,MAAM,CAAC,GAAG,CAAC,kBAAkB,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,uBAAuB,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACtH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,UAAU,CAAC,aAAiC,EAAE;IAC5D,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,UAAU,EAAE,CAAC;IAE9C,OAAO,SAAS,aAAa,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;QAC3E,IAAI,CAAC,MAAM,CAAC,OAAO;YAAE,OAAO,IAAI,EAAE,CAAC;QAEnC,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,0BAA0B,MAAM,SAAS,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;YAE/E,IAAI,MAAM,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;gBACjC,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;YAC7C,CAAC;YAED,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAC5C,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE;oBAC5B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE,EAAE;oBACzF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;iBAChI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxC,GAAG,CAAC,IAAI,GAAG,UAAU,IAAa;YAChC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACzD,MAAM,iBAAiB,GAAG,sDAAsD,CAAC;gBACjF,IAAI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACjC,OAAO,CAAC,IAAI,CAAC,2DAA2D,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;gBACtF,CAAC;YACH,CAAC;YACD,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;YACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YACxC,IAAI,MAAM,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAC5C,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE;oBAC5B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE,EAAE;oBACzF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;iBACxK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,EAAE,GAAG,MAAM,EAAE,CAAC;AACvB,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@kelthos-x/dna",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Kelthos-X DNA/Chromosome - Self-healing security package for Node.js applications",
|
|
5
|
+
"main": "dist/index.js",
|
|
6
|
+
"types": "dist/index.d.ts",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"build": "tsc",
|
|
9
|
+
"prepublishOnly": "npm run build",
|
|
10
|
+
"test": "jest"
|
|
11
|
+
},
|
|
12
|
+
"keywords": ["security", "waf", "self-healing", "kelthos", "dna", "chromosome"],
|
|
13
|
+
"author": "Kelthos-X",
|
|
14
|
+
"license": "MIT",
|
|
15
|
+
"repository": {
|
|
16
|
+
"type": "git",
|
|
17
|
+
"url": "https://github.com/kingtechies/kelthos-x.git",
|
|
18
|
+
"directory": "packages/dna"
|
|
19
|
+
},
|
|
20
|
+
"files": ["dist", "README.md"],
|
|
21
|
+
"dependencies": {
|
|
22
|
+
"express": "^4.18.0"
|
|
23
|
+
},
|
|
24
|
+
"devDependencies": {
|
|
25
|
+
"typescript": "^5.0.0",
|
|
26
|
+
"@types/node": "^20.0.0",
|
|
27
|
+
"@types/express": "^4.17.0",
|
|
28
|
+
"jest": "^29.0.0",
|
|
29
|
+
"@types/jest": "^29.0.0",
|
|
30
|
+
"ts-jest": "^29.0.0"
|
|
31
|
+
}
|
|
32
|
+
}
|