@neurosec/sentry 1.0.19 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/dist/api-auth.d.ts +31 -0
- package/dist/api-auth.d.ts.map +1 -0
- package/dist/api-auth.js +105 -0
- package/dist/api-auth.js.map +1 -0
- package/dist/api-auth.test.d.ts +2 -0
- package/dist/api-auth.test.d.ts.map +1 -0
- package/dist/api-auth.test.js +89 -0
- package/dist/api-auth.test.js.map +1 -0
- package/dist/api.d.ts +8 -7
- package/dist/api.d.ts.map +1 -1
- package/dist/api.js +141 -134
- package/dist/api.js.map +1 -1
- package/dist/cli.d.ts +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +107 -14
- package/dist/cli.js.map +1 -1
- package/dist/cli.test.d.ts +2 -0
- package/dist/cli.test.d.ts.map +1 -0
- package/dist/cli.test.js +68 -0
- package/dist/cli.test.js.map +1 -0
- package/dist/config.d.ts +30 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +50 -1
- package/dist/config.js.map +1 -1
- package/dist/discovery-win.d.ts +4 -0
- package/dist/discovery-win.d.ts.map +1 -0
- package/dist/discovery-win.js +153 -0
- package/dist/discovery-win.js.map +1 -0
- package/dist/discovery.d.ts.map +1 -1
- package/dist/discovery.js +23 -97
- package/dist/discovery.js.map +1 -1
- package/dist/discovery.test.js +18 -109
- package/dist/discovery.test.js.map +1 -1
- package/dist/enforcement/file-monitor.d.ts +9 -0
- package/dist/enforcement/file-monitor.d.ts.map +1 -1
- package/dist/enforcement/file-monitor.js +9 -2
- package/dist/enforcement/file-monitor.js.map +1 -1
- package/dist/enforcement/network-monitor.d.ts.map +1 -1
- package/dist/enforcement/network-monitor.js +350 -9
- package/dist/enforcement/network-monitor.js.map +1 -1
- package/dist/enforcement/network-monitor.test.d.ts +2 -0
- package/dist/enforcement/network-monitor.test.d.ts.map +1 -0
- package/dist/enforcement/network-monitor.test.js +52 -0
- package/dist/enforcement/network-monitor.test.js.map +1 -0
- package/dist/enforcement/policy-executor.d.ts +24 -1
- package/dist/enforcement/policy-executor.d.ts.map +1 -1
- package/dist/enforcement/policy-executor.js +213 -69
- package/dist/enforcement/policy-executor.js.map +1 -1
- package/dist/enforcement/policy-executor.test.d.ts +2 -0
- package/dist/enforcement/policy-executor.test.d.ts.map +1 -0
- package/dist/enforcement/policy-executor.test.js +46 -0
- package/dist/enforcement/policy-executor.test.js.map +1 -0
- package/dist/enforcement/target-validator.d.ts +37 -0
- package/dist/enforcement/target-validator.d.ts.map +1 -0
- package/dist/enforcement/target-validator.js +0 -0
- package/dist/enforcement/target-validator.js.map +1 -0
- package/dist/enforcement/target-validator.test.d.ts +2 -0
- package/dist/enforcement/target-validator.test.d.ts.map +1 -0
- package/dist/enforcement/target-validator.test.js +103 -0
- package/dist/enforcement/target-validator.test.js.map +1 -0
- package/dist/http-client.d.ts +35 -0
- package/dist/http-client.d.ts.map +1 -0
- package/dist/http-client.js +168 -0
- package/dist/http-client.js.map +1 -0
- package/dist/http-client.test.d.ts +2 -0
- package/dist/http-client.test.d.ts.map +1 -0
- package/dist/http-client.test.js +172 -0
- package/dist/http-client.test.js.map +1 -0
- package/dist/index.js +189 -113
- package/dist/index.js.map +1 -1
- package/dist/launcher.d.ts +33 -0
- package/dist/launcher.d.ts.map +1 -0
- package/dist/launcher.js +425 -0
- package/dist/launcher.js.map +1 -0
- package/dist/launcher.test.d.ts +2 -0
- package/dist/launcher.test.d.ts.map +1 -0
- package/dist/launcher.test.js +109 -0
- package/dist/launcher.test.js.map +1 -0
- package/dist/proxy/cert-manager.d.ts +24 -0
- package/dist/proxy/cert-manager.d.ts.map +1 -0
- package/dist/proxy/cert-manager.js +117 -0
- package/dist/proxy/cert-manager.js.map +1 -0
- package/dist/proxy/cert-manager.test.d.ts +2 -0
- package/dist/proxy/cert-manager.test.d.ts.map +1 -0
- package/dist/proxy/cert-manager.test.js +70 -0
- package/dist/proxy/cert-manager.test.js.map +1 -0
- package/dist/proxy/index.d.ts +61 -0
- package/dist/proxy/index.d.ts.map +1 -0
- package/dist/proxy/index.js +74 -0
- package/dist/proxy/index.js.map +1 -0
- package/dist/proxy/policy-enforcer.d.ts +30 -0
- package/dist/proxy/policy-enforcer.d.ts.map +1 -0
- package/dist/proxy/policy-enforcer.js +143 -0
- package/dist/proxy/policy-enforcer.js.map +1 -0
- package/dist/proxy/proxy-server.d.ts +42 -0
- package/dist/proxy/proxy-server.d.ts.map +1 -0
- package/dist/proxy/proxy-server.js +652 -0
- package/dist/proxy/proxy-server.js.map +1 -0
- package/dist/proxy/redaction-engine.d.ts +4 -0
- package/dist/proxy/redaction-engine.d.ts.map +1 -0
- package/dist/proxy/redaction-engine.js +50 -0
- package/dist/proxy/redaction-engine.js.map +1 -0
- package/dist/proxy/response-redaction.test.d.ts +2 -0
- package/dist/proxy/response-redaction.test.d.ts.map +1 -0
- package/dist/proxy/response-redaction.test.js +125 -0
- package/dist/proxy/response-redaction.test.js.map +1 -0
- package/dist/proxy/threat-engine.d.ts +22 -0
- package/dist/proxy/threat-engine.d.ts.map +1 -0
- package/dist/proxy/threat-engine.js +291 -0
- package/dist/proxy/threat-engine.js.map +1 -0
- package/dist/proxy/threat-engine.test.d.ts +2 -0
- package/dist/proxy/threat-engine.test.d.ts.map +1 -0
- package/dist/proxy/threat-engine.test.js +27 -0
- package/dist/proxy/threat-engine.test.js.map +1 -0
- package/dist/redirect/env-injector.d.ts +72 -0
- package/dist/redirect/env-injector.d.ts.map +1 -0
- package/dist/redirect/env-injector.js +177 -0
- package/dist/redirect/env-injector.js.map +1 -0
- package/dist/redirect/env-injector.test.d.ts +2 -0
- package/dist/redirect/env-injector.test.d.ts.map +1 -0
- package/dist/redirect/env-injector.test.js +91 -0
- package/dist/redirect/env-injector.test.js.map +1 -0
- package/dist/redirect/index.d.ts +3 -0
- package/dist/redirect/index.d.ts.map +1 -0
- package/dist/redirect/index.js +8 -0
- package/dist/redirect/index.js.map +1 -0
- package/dist/redirect/platform-redirect.d.ts +42 -0
- package/dist/redirect/platform-redirect.d.ts.map +1 -0
- package/dist/redirect/platform-redirect.js +229 -0
- package/dist/redirect/platform-redirect.js.map +1 -0
- package/dist/redirect/platform-redirect.test.d.ts +2 -0
- package/dist/redirect/platform-redirect.test.d.ts.map +1 -0
- package/dist/redirect/platform-redirect.test.js +76 -0
- package/dist/redirect/platform-redirect.test.js.map +1 -0
- package/dist/sandbox/index.d.ts +23 -2
- package/dist/sandbox/index.d.ts.map +1 -1
- package/dist/sandbox/index.js +24 -7
- package/dist/sandbox/index.js.map +1 -1
- package/dist/sandbox/linux-sandbox.d.ts +13 -2
- package/dist/sandbox/linux-sandbox.d.ts.map +1 -1
- package/dist/sandbox/linux-sandbox.js +61 -27
- package/dist/sandbox/linux-sandbox.js.map +1 -1
- package/dist/sandbox/macos-sandbox.d.ts +15 -4
- package/dist/sandbox/macos-sandbox.d.ts.map +1 -1
- package/dist/sandbox/macos-sandbox.js +36 -18
- package/dist/sandbox/macos-sandbox.js.map +1 -1
- package/dist/sandbox/sandbox-result.test.d.ts +2 -0
- package/dist/sandbox/sandbox-result.test.d.ts.map +1 -0
- package/dist/sandbox/sandbox-result.test.js +87 -0
- package/dist/sandbox/sandbox-result.test.js.map +1 -0
- package/dist/sandbox/windows-sandbox.d.ts +34 -0
- package/dist/sandbox/windows-sandbox.d.ts.map +1 -0
- package/dist/sandbox/windows-sandbox.js +161 -0
- package/dist/sandbox/windows-sandbox.js.map +1 -0
- package/dist/setup.d.ts.map +1 -1
- package/dist/setup.js +33 -43
- package/dist/setup.js.map +1 -1
- package/dist/skill-authz/skill-evaluator.d.ts +30 -0
- package/dist/skill-authz/skill-evaluator.d.ts.map +1 -1
- package/dist/skill-authz/skill-evaluator.js +161 -30
- package/dist/skill-authz/skill-evaluator.js.map +1 -1
- package/dist/skill-authz/skill-evaluator.test.d.ts +2 -0
- package/dist/skill-authz/skill-evaluator.test.d.ts.map +1 -0
- package/dist/skill-authz/skill-evaluator.test.js +127 -0
- package/dist/skill-authz/skill-evaluator.test.js.map +1 -0
- package/dist/telemetry.d.ts.map +1 -1
- package/dist/telemetry.js +16 -44
- package/dist/telemetry.js.map +1 -1
- package/dist/types.d.ts +48 -105
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +34 -1
- package/dist/types.js.map +1 -1
- package/package.json +7 -3
- package/scripts/install-sentry-windows.ps1 +217 -0
|
@@ -6,23 +6,28 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.scanLLMConnections = scanLLMConnections;
|
|
7
7
|
const dns_1 = __importDefault(require("dns"));
|
|
8
8
|
const util_1 = require("util");
|
|
9
|
+
const fs_1 = __importDefault(require("fs"));
|
|
10
|
+
const child_process_1 = require("child_process");
|
|
9
11
|
const types_1 = require("../types");
|
|
10
12
|
const logger_1 = require("../logger");
|
|
11
13
|
const dnsReverse = (0, util_1.promisify)(dns_1.default.reverse);
|
|
12
|
-
const fs = require('fs');
|
|
13
14
|
function parseProcNetTcp(filePath) {
|
|
14
15
|
try {
|
|
15
|
-
const content =
|
|
16
|
+
const content = fs_1.default.readFileSync(filePath, 'utf8');
|
|
16
17
|
const lines = content.split('\n').slice(1);
|
|
17
18
|
const entries = [];
|
|
18
19
|
for (const line of lines) {
|
|
19
20
|
const parts = line.trim().split(/\s+/);
|
|
20
|
-
if (parts.length <
|
|
21
|
+
if (parts.length < 10)
|
|
21
22
|
continue;
|
|
22
23
|
entries.push({
|
|
23
24
|
localAddress: parts[1] ?? '',
|
|
24
25
|
remoteAddress: parts[2] ?? '',
|
|
25
26
|
state: parts[3] ?? '',
|
|
27
|
+
// Column index varies slightly per kernel — column 9 (0-indexed) is the inode
|
|
28
|
+
// on most modern kernels. Safer: search for the first all-digit token after
|
|
29
|
+
// column 3 that isn't 0.
|
|
30
|
+
inode: parts.slice(4).find((p) => /^\d+$/.test(p) && p !== '0') ?? '',
|
|
26
31
|
});
|
|
27
32
|
}
|
|
28
33
|
return entries;
|
|
@@ -31,6 +36,67 @@ function parseProcNetTcp(filePath) {
|
|
|
31
36
|
return [];
|
|
32
37
|
}
|
|
33
38
|
}
|
|
39
|
+
function parseWindowsNetstat(output) {
|
|
40
|
+
const entries = [];
|
|
41
|
+
for (const line of output.split('\n')) {
|
|
42
|
+
const trimmed = line.trim();
|
|
43
|
+
if (!trimmed.startsWith('TCP')) {
|
|
44
|
+
continue;
|
|
45
|
+
}
|
|
46
|
+
const parts = trimmed.split(/\s+/);
|
|
47
|
+
if (parts.length < 5) {
|
|
48
|
+
continue;
|
|
49
|
+
}
|
|
50
|
+
const pid = parseInt(parts[4], 10);
|
|
51
|
+
if (!Number.isFinite(pid)) {
|
|
52
|
+
continue;
|
|
53
|
+
}
|
|
54
|
+
entries.push({
|
|
55
|
+
protocol: parts[0],
|
|
56
|
+
localAddress: parts[1],
|
|
57
|
+
remoteAddress: parts[2],
|
|
58
|
+
state: parts[3],
|
|
59
|
+
pid,
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
return entries;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Build a map of socket-inode -> PID by walking /proc/<pid>/fd symlinks.
|
|
66
|
+
* Linux exposes socket fds as symlinks of the form `socket:[12345]`. Iterating
|
|
67
|
+
* /proc on a busy host can be expensive; we restrict to the PIDs the daemon
|
|
68
|
+
* already cares about (tagged agent processes) to keep this cheap.
|
|
69
|
+
*
|
|
70
|
+
* Fixes S-C17: prior code hardcoded `pid: 0` on every connection record so
|
|
71
|
+
* the dashboard could not attribute network activity to a specific agent.
|
|
72
|
+
*/
|
|
73
|
+
function buildInodeToPidMap(pids) {
|
|
74
|
+
const map = new Map();
|
|
75
|
+
for (const pid of pids) {
|
|
76
|
+
let fds = [];
|
|
77
|
+
try {
|
|
78
|
+
fds = fs_1.default.readdirSync(`/proc/${pid}/fd`);
|
|
79
|
+
}
|
|
80
|
+
catch {
|
|
81
|
+
continue;
|
|
82
|
+
}
|
|
83
|
+
for (const fd of fds) {
|
|
84
|
+
try {
|
|
85
|
+
const target = fs_1.default.readlinkSync(`/proc/${pid}/fd/${fd}`);
|
|
86
|
+
const match = target.match(/^socket:\[(\d+)\]$/);
|
|
87
|
+
if (match) {
|
|
88
|
+
// Last write wins — fine, since the same inode shouldn't be mapped
|
|
89
|
+
// to two PIDs unless they share the fd (fork without close).
|
|
90
|
+
map.set(match[1], pid);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
catch {
|
|
94
|
+
// fd closed between readdir and readlink — skip
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
return map;
|
|
99
|
+
}
|
|
34
100
|
// /proc/net/tcp hex encoding: "0100007F:0035" = 127.0.0.1:53
|
|
35
101
|
function hexToAddr(hex) {
|
|
36
102
|
const [hexAddr, hexPort] = hex.split(':');
|
|
@@ -61,10 +127,274 @@ async function reverseResolveSafe(ip) {
|
|
|
61
127
|
return [];
|
|
62
128
|
}
|
|
63
129
|
}
|
|
130
|
+
function parseEndpoint(endpoint) {
|
|
131
|
+
const trimmed = endpoint.trim();
|
|
132
|
+
const cleaned = trimmed.replace(/\s+\(LISTEN\)$/, '');
|
|
133
|
+
if (cleaned.startsWith('[')) {
|
|
134
|
+
const match = cleaned.match(/^\[(.+)\]:(\d+)$/);
|
|
135
|
+
if (!match)
|
|
136
|
+
return null;
|
|
137
|
+
return { host: match[1], port: parseInt(match[2], 10) };
|
|
138
|
+
}
|
|
139
|
+
const lastColon = cleaned.lastIndexOf(':');
|
|
140
|
+
if (lastColon === -1)
|
|
141
|
+
return null;
|
|
142
|
+
const host = cleaned.slice(0, lastColon) || '0.0.0.0';
|
|
143
|
+
const port = parseInt(cleaned.slice(lastColon + 1), 10);
|
|
144
|
+
if (!Number.isFinite(port))
|
|
145
|
+
return null;
|
|
146
|
+
return { host, port };
|
|
147
|
+
}
|
|
148
|
+
async function scanDarwinConnections(taggedProcesses) {
|
|
149
|
+
const connections = [];
|
|
150
|
+
const seen = new Set();
|
|
151
|
+
const now = Date.now();
|
|
152
|
+
const taggedPids = new Set(taggedProcesses.map((process) => process.pid));
|
|
153
|
+
let output = '';
|
|
154
|
+
try {
|
|
155
|
+
output = (0, child_process_1.execFileSync)('lsof', ['-nP', '-iTCP', '-F', 'pn'], {
|
|
156
|
+
encoding: 'utf8',
|
|
157
|
+
timeout: 5000,
|
|
158
|
+
});
|
|
159
|
+
}
|
|
160
|
+
catch {
|
|
161
|
+
return [];
|
|
162
|
+
}
|
|
163
|
+
let currentPid = null;
|
|
164
|
+
for (const line of output.split('\n')) {
|
|
165
|
+
if (!line)
|
|
166
|
+
continue;
|
|
167
|
+
if (line.startsWith('p')) {
|
|
168
|
+
const pid = parseInt(line.slice(1), 10);
|
|
169
|
+
currentPid = Number.isFinite(pid) ? pid : null;
|
|
170
|
+
continue;
|
|
171
|
+
}
|
|
172
|
+
if (!line.startsWith('n') || currentPid === null || !taggedPids.has(currentPid)) {
|
|
173
|
+
continue;
|
|
174
|
+
}
|
|
175
|
+
const descriptor = line.slice(1);
|
|
176
|
+
const [localText, remoteText] = descriptor.split('->');
|
|
177
|
+
const local = parseEndpoint(localText);
|
|
178
|
+
if (!local)
|
|
179
|
+
continue;
|
|
180
|
+
if (remoteText) {
|
|
181
|
+
const remote = parseEndpoint(remoteText);
|
|
182
|
+
if (!remote || !isLLMPort(remote.port))
|
|
183
|
+
continue;
|
|
184
|
+
const key = `darwin:established:${currentPid}:${remote.host}:${remote.port}`;
|
|
185
|
+
if (seen.has(key))
|
|
186
|
+
continue;
|
|
187
|
+
seen.add(key);
|
|
188
|
+
let providerId = null;
|
|
189
|
+
let providerName = null;
|
|
190
|
+
let hostname = remote.host;
|
|
191
|
+
if (!isLocalIp(remote.host)) {
|
|
192
|
+
const hostnames = await reverseResolveSafe(remote.host);
|
|
193
|
+
for (const candidate of hostnames) {
|
|
194
|
+
const match = (0, types_1.matchProviderByDomain)(candidate);
|
|
195
|
+
if (match) {
|
|
196
|
+
providerId = match.id;
|
|
197
|
+
providerName = match.name;
|
|
198
|
+
hostname = candidate;
|
|
199
|
+
break;
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
else {
|
|
204
|
+
const localProvider = matchLocalProviderByPort(remote.port);
|
|
205
|
+
if (localProvider) {
|
|
206
|
+
providerId = localProvider.id;
|
|
207
|
+
providerName = localProvider.name;
|
|
208
|
+
hostname = 'localhost';
|
|
209
|
+
}
|
|
210
|
+
}
|
|
211
|
+
if (providerId) {
|
|
212
|
+
connections.push({
|
|
213
|
+
pid: currentPid,
|
|
214
|
+
localIp: local.host,
|
|
215
|
+
localPort: local.port,
|
|
216
|
+
remoteIp: remote.host,
|
|
217
|
+
remotePort: remote.port,
|
|
218
|
+
providerId,
|
|
219
|
+
providerName,
|
|
220
|
+
hostname,
|
|
221
|
+
timestamp: now,
|
|
222
|
+
type: 'established',
|
|
223
|
+
});
|
|
224
|
+
}
|
|
225
|
+
continue;
|
|
226
|
+
}
|
|
227
|
+
if (!descriptor.includes('(LISTEN)') || !isLLMPort(local.port)) {
|
|
228
|
+
continue;
|
|
229
|
+
}
|
|
230
|
+
const localProvider = matchLocalProviderByPort(local.port);
|
|
231
|
+
if (!localProvider) {
|
|
232
|
+
continue;
|
|
233
|
+
}
|
|
234
|
+
const key = `darwin:listening:${currentPid}:${local.port}`;
|
|
235
|
+
if (seen.has(key))
|
|
236
|
+
continue;
|
|
237
|
+
seen.add(key);
|
|
238
|
+
connections.push({
|
|
239
|
+
pid: currentPid,
|
|
240
|
+
localIp: local.host,
|
|
241
|
+
localPort: local.port,
|
|
242
|
+
remoteIp: '0.0.0.0',
|
|
243
|
+
remotePort: 0,
|
|
244
|
+
providerId: localProvider.id,
|
|
245
|
+
providerName: localProvider.name,
|
|
246
|
+
hostname: isLocalIp(local.host) ? 'localhost' : local.host,
|
|
247
|
+
timestamp: now,
|
|
248
|
+
type: 'listening',
|
|
249
|
+
});
|
|
250
|
+
}
|
|
251
|
+
return connections;
|
|
252
|
+
}
|
|
253
|
+
async function scanWindowsConnections(taggedProcesses) {
|
|
254
|
+
const connections = [];
|
|
255
|
+
const seen = new Set();
|
|
256
|
+
const now = Date.now();
|
|
257
|
+
const taggedPids = new Set(taggedProcesses.map((process) => process.pid));
|
|
258
|
+
let output = '';
|
|
259
|
+
try {
|
|
260
|
+
output = (0, child_process_1.execFileSync)('netstat', ['-ano', '-p', 'tcp'], {
|
|
261
|
+
encoding: 'utf8',
|
|
262
|
+
timeout: 5000,
|
|
263
|
+
});
|
|
264
|
+
}
|
|
265
|
+
catch {
|
|
266
|
+
return [];
|
|
267
|
+
}
|
|
268
|
+
const entries = parseWindowsNetstat(output);
|
|
269
|
+
for (const entry of entries) {
|
|
270
|
+
if (!taggedPids.has(entry.pid)) {
|
|
271
|
+
continue;
|
|
272
|
+
}
|
|
273
|
+
const local = parseEndpoint(entry.localAddress);
|
|
274
|
+
const remote = parseEndpoint(entry.remoteAddress);
|
|
275
|
+
if (!local || !remote) {
|
|
276
|
+
continue;
|
|
277
|
+
}
|
|
278
|
+
if (entry.state === 'LISTENING' && isLLMPort(local.port)) {
|
|
279
|
+
const localProvider = matchLocalProviderByPort(local.port);
|
|
280
|
+
if (!localProvider) {
|
|
281
|
+
continue;
|
|
282
|
+
}
|
|
283
|
+
const key = `win:listening:${entry.pid}:${local.host}:${local.port}`;
|
|
284
|
+
if (seen.has(key)) {
|
|
285
|
+
continue;
|
|
286
|
+
}
|
|
287
|
+
seen.add(key);
|
|
288
|
+
connections.push({
|
|
289
|
+
pid: entry.pid,
|
|
290
|
+
localIp: local.host,
|
|
291
|
+
localPort: local.port,
|
|
292
|
+
remoteIp: '0.0.0.0',
|
|
293
|
+
remotePort: 0,
|
|
294
|
+
providerId: localProvider.id,
|
|
295
|
+
providerName: localProvider.name,
|
|
296
|
+
hostname: isLocalIp(local.host) ? 'localhost' : local.host,
|
|
297
|
+
timestamp: now,
|
|
298
|
+
type: 'listening',
|
|
299
|
+
});
|
|
300
|
+
continue;
|
|
301
|
+
}
|
|
302
|
+
if (!['ESTABLISHED', 'CLOSE_WAIT', 'TIME_WAIT'].includes(entry.state)) {
|
|
303
|
+
continue;
|
|
304
|
+
}
|
|
305
|
+
if (!isLLMPort(remote.port)) {
|
|
306
|
+
continue;
|
|
307
|
+
}
|
|
308
|
+
const key = `win:established:${entry.pid}:${remote.host}:${remote.port}`;
|
|
309
|
+
if (seen.has(key)) {
|
|
310
|
+
continue;
|
|
311
|
+
}
|
|
312
|
+
seen.add(key);
|
|
313
|
+
let providerId = null;
|
|
314
|
+
let providerName = null;
|
|
315
|
+
let hostname = null;
|
|
316
|
+
if (isLocalIp(remote.host)) {
|
|
317
|
+
const localProvider = matchLocalProviderByPort(remote.port);
|
|
318
|
+
if (localProvider) {
|
|
319
|
+
providerId = localProvider.id;
|
|
320
|
+
providerName = localProvider.name;
|
|
321
|
+
hostname = 'localhost';
|
|
322
|
+
}
|
|
323
|
+
}
|
|
324
|
+
else {
|
|
325
|
+
const hostnames = await reverseResolveSafe(remote.host);
|
|
326
|
+
hostname = hostnames[0] ?? remote.host;
|
|
327
|
+
for (const candidate of hostnames) {
|
|
328
|
+
const match = (0, types_1.matchProviderByDomain)(candidate);
|
|
329
|
+
if (match) {
|
|
330
|
+
providerId = match.id;
|
|
331
|
+
providerName = match.name;
|
|
332
|
+
hostname = candidate;
|
|
333
|
+
break;
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
if (!providerId) {
|
|
337
|
+
for (const sig of types_1.LLM_PROVIDER_SIGNATURES) {
|
|
338
|
+
for (const domain of sig.domains) {
|
|
339
|
+
if (domain === 'localhost' || domain === '127.0.0.1')
|
|
340
|
+
continue;
|
|
341
|
+
try {
|
|
342
|
+
const resolved = await new Promise((resolve) => {
|
|
343
|
+
dns_1.default.resolve(domain, (err, addresses) => {
|
|
344
|
+
resolve(err ? [] : addresses);
|
|
345
|
+
});
|
|
346
|
+
});
|
|
347
|
+
if (resolved.includes(remote.host)) {
|
|
348
|
+
providerId = sig.id;
|
|
349
|
+
providerName = sig.name;
|
|
350
|
+
hostname = domain;
|
|
351
|
+
break;
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
catch { /* continue */ }
|
|
355
|
+
}
|
|
356
|
+
if (providerId)
|
|
357
|
+
break;
|
|
358
|
+
}
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
if (!providerId) {
|
|
362
|
+
continue;
|
|
363
|
+
}
|
|
364
|
+
connections.push({
|
|
365
|
+
pid: entry.pid,
|
|
366
|
+
localIp: local.host,
|
|
367
|
+
localPort: local.port,
|
|
368
|
+
remoteIp: remote.host,
|
|
369
|
+
remotePort: remote.port,
|
|
370
|
+
providerId,
|
|
371
|
+
providerName,
|
|
372
|
+
hostname,
|
|
373
|
+
timestamp: now,
|
|
374
|
+
type: 'established',
|
|
375
|
+
});
|
|
376
|
+
}
|
|
377
|
+
if (connections.length > 0) {
|
|
378
|
+
const providers = [...new Set(connections.map(c => c.providerName))];
|
|
379
|
+
logger_1.logger.info('LLM endpoints detected', { count: connections.length, providers });
|
|
380
|
+
}
|
|
381
|
+
return connections;
|
|
382
|
+
}
|
|
64
383
|
async function scanLLMConnections(taggedProcesses) {
|
|
384
|
+
if (process.platform === 'darwin') {
|
|
385
|
+
return scanDarwinConnections(taggedProcesses);
|
|
386
|
+
}
|
|
387
|
+
if (process.platform === 'win32') {
|
|
388
|
+
return scanWindowsConnections(taggedProcesses);
|
|
389
|
+
}
|
|
390
|
+
if (process.platform !== 'linux') {
|
|
391
|
+
return [];
|
|
392
|
+
}
|
|
65
393
|
const connections = [];
|
|
66
394
|
const now = Date.now();
|
|
67
395
|
const procFiles = ['/proc/net/tcp', '/proc/net/tcp6'];
|
|
396
|
+
const taggedPids = taggedProcesses.map((p) => p.pid);
|
|
397
|
+
const inodeToPid = buildInodeToPidMap(taggedPids);
|
|
68
398
|
// Track seen connections to avoid duplicates
|
|
69
399
|
const seen = new Set();
|
|
70
400
|
// ── Phase 1: Established outbound connections (cloud LLMs) ────────────────
|
|
@@ -73,6 +403,10 @@ async function scanLLMConnections(taggedProcesses) {
|
|
|
73
403
|
for (const entry of entries) {
|
|
74
404
|
if (entry.state !== '01' && entry.state !== '06' && entry.state !== '08')
|
|
75
405
|
continue; // 01=ESTABLISHED, 06=TIME_WAIT, 08=CLOSE_WAIT
|
|
406
|
+
const ownerPid = entry.inode ? inodeToPid.get(entry.inode) : undefined;
|
|
407
|
+
if (!ownerPid)
|
|
408
|
+
continue;
|
|
409
|
+
const local = hexToAddr(entry.localAddress);
|
|
76
410
|
const remote = hexToAddr(entry.remoteAddress);
|
|
77
411
|
if (!remote)
|
|
78
412
|
continue;
|
|
@@ -80,7 +414,7 @@ async function scanLLMConnections(taggedProcesses) {
|
|
|
80
414
|
continue;
|
|
81
415
|
if (isLocalIp(remote.ip))
|
|
82
416
|
continue; // skip localhost for cloud scan
|
|
83
|
-
const key = `cloud:${remote.ip}:${remote.port}`;
|
|
417
|
+
const key = `cloud:${ownerPid}:${remote.ip}:${remote.port}`;
|
|
84
418
|
if (seen.has(key))
|
|
85
419
|
continue;
|
|
86
420
|
seen.add(key);
|
|
@@ -124,7 +458,9 @@ async function scanLLMConnections(taggedProcesses) {
|
|
|
124
458
|
}
|
|
125
459
|
if (providerId) {
|
|
126
460
|
connections.push({
|
|
127
|
-
pid:
|
|
461
|
+
pid: ownerPid,
|
|
462
|
+
localIp: local?.ip ?? '',
|
|
463
|
+
localPort: local?.port ?? 0,
|
|
128
464
|
remoteIp: remote.ip, remotePort: remote.port,
|
|
129
465
|
providerId, providerName, hostname,
|
|
130
466
|
timestamp: now, type: 'established',
|
|
@@ -136,6 +472,9 @@ async function scanLLMConnections(taggedProcesses) {
|
|
|
136
472
|
for (const procFile of procFiles) {
|
|
137
473
|
const entries = parseProcNetTcp(procFile);
|
|
138
474
|
for (const entry of entries) {
|
|
475
|
+
const ownerPid = entry.inode ? inodeToPid.get(entry.inode) : undefined;
|
|
476
|
+
if (!ownerPid)
|
|
477
|
+
continue;
|
|
139
478
|
const local = hexToAddr(entry.localAddress);
|
|
140
479
|
const remote = hexToAddr(entry.remoteAddress);
|
|
141
480
|
if (!local || !remote)
|
|
@@ -143,14 +482,15 @@ async function scanLLMConnections(taggedProcesses) {
|
|
|
143
482
|
// State 01 = ESTABLISHED, 06 = TIME_WAIT, 08 = CLOSE_WAIT — catch active + recently-closed
|
|
144
483
|
const isRecent = entry.state === '01' || entry.state === '06' || entry.state === '08';
|
|
145
484
|
if (isRecent && isLocalIp(remote.ip) && isLLMPort(remote.port)) {
|
|
146
|
-
const key = `local:established:${remote.port}`;
|
|
485
|
+
const key = `local:established:${ownerPid}:${remote.port}`;
|
|
147
486
|
if (seen.has(key))
|
|
148
487
|
continue;
|
|
149
488
|
seen.add(key);
|
|
150
489
|
const localProvider = matchLocalProviderByPort(remote.port);
|
|
151
490
|
if (localProvider) {
|
|
152
491
|
connections.push({
|
|
153
|
-
pid:
|
|
492
|
+
pid: ownerPid,
|
|
493
|
+
localIp: local.ip, localPort: local.port,
|
|
154
494
|
remoteIp: remote.ip, remotePort: remote.port,
|
|
155
495
|
providerId: localProvider.id,
|
|
156
496
|
providerName: localProvider.name,
|
|
@@ -161,14 +501,15 @@ async function scanLLMConnections(taggedProcesses) {
|
|
|
161
501
|
}
|
|
162
502
|
// State 0A = LISTEN on local LLM port (service is running)
|
|
163
503
|
if (entry.state === '0A' && isLLMPort(local.port)) {
|
|
164
|
-
const key = `local:listening:${local.port}`;
|
|
504
|
+
const key = `local:listening:${ownerPid}:${local.port}`;
|
|
165
505
|
if (seen.has(key))
|
|
166
506
|
continue;
|
|
167
507
|
seen.add(key);
|
|
168
508
|
const localProvider = matchLocalProviderByPort(local.port);
|
|
169
509
|
if (localProvider) {
|
|
170
510
|
connections.push({
|
|
171
|
-
pid:
|
|
511
|
+
pid: ownerPid,
|
|
512
|
+
localIp: local.ip, localPort: local.port,
|
|
172
513
|
remoteIp: '0.0.0.0', remotePort: 0,
|
|
173
514
|
providerId: localProvider.id,
|
|
174
515
|
providerName: localProvider.name,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"network-monitor.js","sourceRoot":"","sources":["../../src/enforcement/network-monitor.ts"],"names":[],"mappings":";;;;;AAkEA,gDA8HC;AAhMD,8CAAsB;AACtB,+BAAiC;AACjC,oCAAuH;AACvH,sCAAmC;AAEnC,MAAM,UAAU,GAAG,IAAA,gBAAS,EAAC,aAAG,CAAC,OAAO,CAAC,CAAC;AAC1C,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAQzB,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAC/B,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC5B,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC7B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;aACtB,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,6DAA6D;AAC7D,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG;YACZ,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;SAClC,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,oBAAoB;AACnC,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,qBAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,SAAS,CAAC,EAAU;IAC3B,OAAO,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,IAAI,CAAC;AAC/E,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,EAAU;IAC1C,IAAI,CAAC;QACH,OAAO,MAAM,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,eAAgC;IACvE,MAAM,WAAW,GAAoB,EAAE,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;IAEtD,6CAA6C;IAC7C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,6EAA6E;IAC7E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI;gBAAE,SAAS,CAAC,8CAA8C;YAClI,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;gBAAE,SAAS;YACtC,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;gBAAE,SAAS,CAAC,gCAAgC;YAEpE,MAAM,GAAG,GAAG,SAAS,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACtD,IAAI,UAAU,GAAkB,IAAI,CAAC;YACrC,IAAI,YAAY,GAAkB,IAAI,CAAC;YACvC,IAAI,QAAQ,GAAkB,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAEnD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC1B,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,CAAC,CAAC,CAAC;gBACvC,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC;oBACtB,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;oBAC1B,QAAQ,GAAG,CAAC,CAAC;oBACb,MAAM;gBACR,CAAC;YACH,CAAC;YAED,gEAAgE;YAChE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,KAAK,MAAM,GAAG,IAAI,+BAAuB,EAAE,CAAC;oBAC1C,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;wBACjC,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW;4BAAE,SAAS;wBAC/D,IAAI,CAAC;4BACH,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAW,CAAC,OAAO,EAAE,EAAE;gCACvD,aAAG,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;oCACrC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gCAChC,CAAC,CAAC,CAAC;4BACL,CAAC,CAAC,CAAC;4BACH,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;gCACjC,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;gCACpB,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC;gCACxB,QAAQ,GAAG,MAAM,CAAC;gCAClB,MAAM;4BACR,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;oBAC5B,CAAC;oBACD,IAAI,UAAU;wBAAE,MAAM;gBACxB,CAAC;YACH,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,CAAC,IAAI,CAAC;oBACf,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC;oBACjC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI;oBAC5C,UAAU,EAAE,YAAY,EAAE,QAAQ;oBAClC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEhC,2FAA2F;YAC3F,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC;YACtF,IAAI,QAAQ,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/D,MAAM,GAAG,GAAG,qBAAqB,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC/C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC5D,IAAI,aAAa,EAAE,CAAC;oBAClB,WAAW,CAAC,IAAI,CAAC;wBACf,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI;wBAChD,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI;wBAC5C,UAAU,EAAE,aAAa,CAAC,EAAE;wBAC5B,YAAY,EAAE,aAAa,CAAC,IAAI;wBAChC,QAAQ,EAAE,WAAW;wBACrB,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa;qBACpC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,2DAA2D;YAC3D,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClD,MAAM,GAAG,GAAG,mBAAmB,KAAK,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3D,IAAI,aAAa,EAAE,CAAC;oBAClB,WAAW,CAAC,IAAI,CAAC;wBACf,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI;wBAChD,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;wBAClC,UAAU,EAAE,aAAa,CAAC,EAAE;wBAC5B,YAAY,EAAE,aAAa,CAAC,IAAI;wBAChC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;wBACtD,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW;qBAClC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrE,eAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,sCAAsC;IACtC,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IAC1E,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;IACtF,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;IAC/E,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;IAC3E,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,wBAAwB,EAAE,CAAC;IAC1G,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
1
|
+
{"version":3,"file":"network-monitor.js","sourceRoot":"","sources":["../../src/enforcement/network-monitor.ts"],"names":[],"mappings":";;;;;AAqaA,gDAqJC;AA1jBD,8CAAsB;AACtB,+BAAiC;AACjC,4CAAoB;AACpB,iDAA6C;AAC7C,oCAAuH;AACvH,sCAAmC;AAEnC,MAAM,UAAU,GAAG,IAAA,gBAAS,EAAC,aAAG,CAAC,OAAO,CAAC,CAAC;AAkB1C,SAAS,eAAe,CAAC,QAAgB;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,SAAS;YAChC,OAAO,CAAC,IAAI,CAAC;gBACX,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC5B,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC7B,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBACrB,8EAA8E;gBAC9E,4EAA4E;gBAC5E,yBAAyB;gBACzB,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,IAAI,EAAE;aACtE,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAc;IACzC,MAAM,OAAO,GAA0B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/B,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,SAAS;QACX,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;YAClB,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC;YACtB,aAAa,EAAE,KAAK,CAAC,CAAC,CAAC;YACvB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;YACf,GAAG;SACJ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,kBAAkB,CAAC,IAAc;IACxC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,GAAa,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,GAAG,GAAG,YAAE,CAAC,WAAW,CAAC,SAAS,GAAG,KAAK,CAAC,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,YAAE,CAAC,YAAY,CAAC,SAAS,GAAG,OAAO,EAAE,EAAE,CAAC,CAAC;gBACxD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBACjD,IAAI,KAAK,EAAE,CAAC;oBACV,mEAAmE;oBACnE,6DAA6D;oBAC7D,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,6DAA6D;AAC7D,SAAS,SAAS,CAAC,GAAW;IAC5B,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG;YACZ,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;SAClC,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,IAAI,CAAC,CAAC,oBAAoB;AACnC,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,qBAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,SAAS,CAAC,EAAU;IAC3B,OAAO,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,IAAI,CAAC;AAC/E,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,EAAU;IAC1C,IAAI,CAAC;QACH,OAAO,MAAM,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;IAEtD,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,SAAS,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,IAAI,SAAS,CAAC;IACtD,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACxD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,eAAgC;IACnE,MAAM,WAAW,GAAoB,EAAE,CAAC;IACxC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAE1E,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,4BAAY,EAAC,MAAM,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;YAC1D,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACxC,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/C,SAAS;QACX,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAChF,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEjD,MAAM,GAAG,GAAG,sBAAsB,UAAU,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC7E,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,IAAI,UAAU,GAAkB,IAAI,CAAC;YACrC,IAAI,YAAY,GAAkB,IAAI,CAAC;YACvC,IAAI,QAAQ,GAAkB,MAAM,CAAC,IAAI,CAAC;YAE1C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBACxD,KAAK,MAAM,SAAS,IAAI,SAAS,EAAE,CAAC;oBAClC,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,SAAS,CAAC,CAAC;oBAC/C,IAAI,KAAK,EAAE,CAAC;wBACV,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC;wBACtB,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;wBAC1B,QAAQ,GAAG,SAAS,CAAC;wBACrB,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC5D,IAAI,aAAa,EAAE,CAAC;oBAClB,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;oBAC9B,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC;oBAClC,QAAQ,GAAG,WAAW,CAAC;gBACzB,CAAC;YACH,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,CAAC,IAAI,CAAC;oBACf,GAAG,EAAE,UAAU;oBACf,OAAO,EAAE,KAAK,CAAC,IAAI;oBACnB,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,QAAQ,EAAE,MAAM,CAAC,IAAI;oBACrB,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,UAAU;oBACV,YAAY;oBACZ,QAAQ;oBACR,SAAS,EAAE,GAAG;oBACd,IAAI,EAAE,aAAa;iBACpB,CAAC,CAAC;YACL,CAAC;YACD,SAAS;QACX,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/D,SAAS;QACX,CAAC;QAED,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,oBAAoB,UAAU,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEd,WAAW,CAAC,IAAI,CAAC;YACf,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,KAAK,CAAC,IAAI;YACnB,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,CAAC;YACb,UAAU,EAAE,aAAa,CAAC,EAAE;YAC5B,YAAY,EAAE,aAAa,CAAC,IAAI;YAChC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI;YAC1D,SAAS,EAAE,GAAG;YACd,IAAI,EAAE,WAAW;SAClB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,eAAgC;IACpE,MAAM,WAAW,GAAoB,EAAE,CAAC;IACxC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IAE1E,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,4BAAY,EAAC,SAAS,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE;YACtD,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,SAAS;QACX,CAAC;QAED,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;YACtB,SAAS;QACX,CAAC;QAED,IAAI,KAAK,CAAC,KAAK,KAAK,WAAW,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACzD,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3D,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YAED,MAAM,GAAG,GAAG,iBAAiB,KAAK,CAAC,GAAG,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACrE,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClB,SAAS;YACX,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,WAAW,CAAC,IAAI,CAAC;gBACf,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,OAAO,EAAE,KAAK,CAAC,IAAI;gBACnB,SAAS,EAAE,KAAK,CAAC,IAAI;gBACrB,QAAQ,EAAE,SAAS;gBACnB,UAAU,EAAE,CAAC;gBACb,UAAU,EAAE,aAAa,CAAC,EAAE;gBAC5B,YAAY,EAAE,aAAa,CAAC,IAAI;gBAChC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI;gBAC1D,SAAS,EAAE,GAAG;gBACd,IAAI,EAAE,WAAW;aAClB,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QAED,IAAI,CAAC,CAAC,aAAa,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,SAAS;QACX,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,SAAS;QACX,CAAC;QAED,MAAM,GAAG,GAAG,mBAAmB,KAAK,CAAC,GAAG,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAEd,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,YAAY,GAAkB,IAAI,CAAC;QACvC,IAAI,QAAQ,GAAkB,IAAI,CAAC;QAEnC,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC5D,IAAI,aAAa,EAAE,CAAC;gBAClB,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC;gBAC9B,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC;gBAClC,QAAQ,GAAG,WAAW,CAAC;YACzB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxD,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC;YACvC,KAAK,MAAM,SAAS,IAAI,SAAS,EAAE,CAAC;gBAClC,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,SAAS,CAAC,CAAC;gBAC/C,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC;oBACtB,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;oBAC1B,QAAQ,GAAG,SAAS,CAAC;oBACrB,MAAM;gBACR,CAAC;YACH,CAAC;YAED,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,KAAK,MAAM,GAAG,IAAI,+BAAuB,EAAE,CAAC;oBAC1C,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;wBACjC,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW;4BAAE,SAAS;wBAC/D,IAAI,CAAC;4BACH,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAW,CAAC,OAAO,EAAE,EAAE;gCACvD,aAAG,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;oCACrC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gCAChC,CAAC,CAAC,CAAC;4BACL,CAAC,CAAC,CAAC;4BACH,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gCACnC,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;gCACpB,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC;gCACxB,QAAQ,GAAG,MAAM,CAAC;gCAClB,MAAM;4BACR,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;oBAC5B,CAAC;oBACD,IAAI,UAAU;wBAAE,MAAM;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,SAAS;QACX,CAAC;QAED,WAAW,CAAC,IAAI,CAAC;YACf,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,OAAO,EAAE,KAAK,CAAC,IAAI;YACnB,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,QAAQ,EAAE,MAAM,CAAC,IAAI;YACrB,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,UAAU;YACV,YAAY;YACZ,QAAQ;YACR,SAAS,EAAE,GAAG;YACd,IAAI,EAAE,aAAa;SACpB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrE,eAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,eAAgC;IACvE,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,qBAAqB,CAAC,eAAe,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,sBAAsB,CAAC,eAAe,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,WAAW,GAAoB,EAAE,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,CAAC,eAAe,EAAE,gBAAgB,CAAC,CAAC;IACtD,MAAM,UAAU,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;IAElD,6CAA6C;IAC7C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAE/B,6EAA6E;IAC7E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI;gBAAE,SAAS,CAAC,8CAA8C;YAClI,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACvE,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM;gBAAE,SAAS;YACtB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;gBAAE,SAAS;YACtC,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;gBAAE,SAAS,CAAC,gCAAgC;YAEpE,MAAM,GAAG,GAAG,SAAS,QAAQ,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAC5D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAEd,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACtD,IAAI,UAAU,GAAkB,IAAI,CAAC;YACrC,IAAI,YAAY,GAAkB,IAAI,CAAC;YACvC,IAAI,QAAQ,GAAkB,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YAEnD,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC1B,MAAM,KAAK,GAAG,IAAA,6BAAqB,EAAC,CAAC,CAAC,CAAC;gBACvC,IAAI,KAAK,EAAE,CAAC;oBACV,UAAU,GAAG,KAAK,CAAC,EAAE,CAAC;oBACtB,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC;oBAC1B,QAAQ,GAAG,CAAC,CAAC;oBACb,MAAM;gBACR,CAAC;YACH,CAAC;YAED,gEAAgE;YAChE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,KAAK,MAAM,GAAG,IAAI,+BAAuB,EAAE,CAAC;oBAC1C,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;wBACjC,IAAI,MAAM,KAAK,WAAW,IAAI,MAAM,KAAK,WAAW;4BAAE,SAAS;wBAC/D,IAAI,CAAC;4BACH,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAW,CAAC,OAAO,EAAE,EAAE;gCACvD,aAAG,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;oCACrC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;gCAChC,CAAC,CAAC,CAAC;4BACL,CAAC,CAAC,CAAC;4BACH,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC;gCACjC,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC;gCACpB,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC;gCACxB,QAAQ,GAAG,MAAM,CAAC;gCAClB,MAAM;4BACR,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;oBAC5B,CAAC;oBACD,IAAI,UAAU;wBAAE,MAAM;gBACxB,CAAC;YACH,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,CAAC,IAAI,CAAC;oBACf,GAAG,EAAE,QAAQ;oBACb,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE;oBACxB,SAAS,EAAE,KAAK,EAAE,IAAI,IAAI,CAAC;oBAC3B,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI;oBAC5C,UAAU,EAAE,YAAY,EAAE,QAAQ;oBAClC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC1C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACvE,IAAI,CAAC,QAAQ;gBAAE,SAAS;YACxB,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC5C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;gBAAE,SAAS;YAEhC,2FAA2F;YAC3F,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,CAAC;YACtF,IAAI,QAAQ,IAAI,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/D,MAAM,GAAG,GAAG,qBAAqB,QAAQ,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC3D,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC5D,IAAI,aAAa,EAAE,CAAC;oBAClB,WAAW,CAAC,IAAI,CAAC;wBACf,GAAG,EAAE,QAAQ;wBACb,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI;wBACxC,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,CAAC,IAAI;wBAC5C,UAAU,EAAE,aAAa,CAAC,EAAE;wBAC5B,YAAY,EAAE,aAAa,CAAC,IAAI;wBAChC,QAAQ,EAAE,WAAW;wBACrB,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa;qBACpC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,2DAA2D;YAC3D,IAAI,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClD,MAAM,GAAG,GAAG,mBAAmB,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACxD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBAEd,MAAM,aAAa,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC3D,IAAI,aAAa,EAAE,CAAC;oBAClB,WAAW,CAAC,IAAI,CAAC;wBACf,GAAG,EAAE,QAAQ;wBACb,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI;wBACxC,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;wBAClC,UAAU,EAAE,aAAa,CAAC,EAAE;wBAC5B,YAAY,EAAE,aAAa,CAAC,IAAI;wBAChC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;wBACtD,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,WAAW;qBAClC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrE,eAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC5C,sCAAsC;IACtC,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IAC1E,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;IACtF,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC;IAC/E,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,eAAe,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;IAC3E,IAAI,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,wBAAwB,EAAE,CAAC;IAC1G,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network-monitor.test.d.ts","sourceRoot":"","sources":["../../src/enforcement/network-monitor.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const vitest_1 = require("vitest");
|
|
7
|
+
const dns_1 = __importDefault(require("dns"));
|
|
8
|
+
const { mockExecFileSync } = vitest_1.vi.hoisted(() => ({
|
|
9
|
+
mockExecFileSync: vitest_1.vi.fn(),
|
|
10
|
+
}));
|
|
11
|
+
vitest_1.vi.mock('child_process', () => ({
|
|
12
|
+
execFileSync: mockExecFileSync,
|
|
13
|
+
}));
|
|
14
|
+
const network_monitor_1 = require("./network-monitor");
|
|
15
|
+
(0, vitest_1.describe)('scanLLMConnections', () => {
|
|
16
|
+
(0, vitest_1.beforeEach)(() => {
|
|
17
|
+
vitest_1.vi.clearAllMocks();
|
|
18
|
+
});
|
|
19
|
+
(0, vitest_1.it)('detects local LLM listeners on Windows via netstat', async () => {
|
|
20
|
+
const platformSpy = vitest_1.vi.spyOn(process, 'platform', 'get').mockReturnValue('win32');
|
|
21
|
+
const reverseSpy = vitest_1.vi.spyOn(dns_1.default, 'reverse').mockImplementation((_ip, cb) => cb(new Error('no reverse dns'), []));
|
|
22
|
+
mockExecFileSync.mockReturnValue([
|
|
23
|
+
'Active Connections',
|
|
24
|
+
'',
|
|
25
|
+
' Proto Local Address Foreign Address State PID',
|
|
26
|
+
' TCP 127.0.0.1:11434 0.0.0.0:0 LISTENING 4242',
|
|
27
|
+
' TCP 127.0.0.1:55000 127.0.0.1:11434 ESTABLISHED 4242',
|
|
28
|
+
].join('\r\n'));
|
|
29
|
+
const taggedProcesses = [{
|
|
30
|
+
pid: 4242,
|
|
31
|
+
ppid: 1,
|
|
32
|
+
frameworkId: 'ollama',
|
|
33
|
+
frameworkName: 'Ollama',
|
|
34
|
+
command: 'ollama serve',
|
|
35
|
+
exePath: 'C:\\ollama.exe',
|
|
36
|
+
confidence: 1,
|
|
37
|
+
envKeys: [],
|
|
38
|
+
discoveredAt: Date.now(),
|
|
39
|
+
sandboxed: false,
|
|
40
|
+
sandboxProfileName: null,
|
|
41
|
+
uid: 0,
|
|
42
|
+
gid: 0,
|
|
43
|
+
}];
|
|
44
|
+
const connections = await (0, network_monitor_1.scanLLMConnections)(taggedProcesses);
|
|
45
|
+
(0, vitest_1.expect)(connections).toHaveLength(2);
|
|
46
|
+
(0, vitest_1.expect)(connections.some(connection => connection.type === 'listening' && connection.providerId === 'ollama-local')).toBe(true);
|
|
47
|
+
(0, vitest_1.expect)(connections.some(connection => connection.type === 'established' && connection.hostname === 'localhost')).toBe(true);
|
|
48
|
+
reverseSpy.mockRestore();
|
|
49
|
+
platformSpy.mockRestore();
|
|
50
|
+
});
|
|
51
|
+
});
|
|
52
|
+
//# sourceMappingURL=network-monitor.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network-monitor.test.js","sourceRoot":"","sources":["../../src/enforcement/network-monitor.test.ts"],"names":[],"mappings":";;;;;AAAA,mCAA8D;AAC9D,8CAAsB;AAEtB,MAAM,EAAE,gBAAgB,EAAE,GAAG,WAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7C,gBAAgB,EAAE,WAAE,CAAC,EAAE,EAAE;CAC1B,CAAC,CAAC,CAAC;AAEJ,WAAE,CAAC,IAAI,CAAC,eAAe,EAAE,GAAG,EAAE,CAAC,CAAC;IAC9B,YAAY,EAAE,gBAAgB;CAC/B,CAAC,CAAC,CAAC;AAEJ,uDAAuD;AAGvD,IAAA,iBAAQ,EAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAA,mBAAU,EAAC,GAAG,EAAE;QACd,WAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,WAAW,GAAG,WAAE,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAClF,MAAM,UAAU,GAAG,WAAE,CAAC,KAAK,CAAC,aAAG,EAAE,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAEjH,gBAAgB,CAAC,eAAe,CAAC;YAC/B,oBAAoB;YACpB,EAAE;YACF,4EAA4E;YAC5E,6EAA6E;YAC7E,6EAA6E;SAC9E,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAEhB,MAAM,eAAe,GAAoB,CAAC;gBACxC,GAAG,EAAE,IAAI;gBACT,IAAI,EAAE,CAAC;gBACP,WAAW,EAAE,QAAQ;gBACrB,aAAa,EAAE,QAAQ;gBACvB,OAAO,EAAE,cAAc;gBACvB,OAAO,EAAE,gBAAgB;gBACzB,UAAU,EAAE,CAAC;gBACb,OAAO,EAAE,EAAE;gBACX,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;gBACxB,SAAS,EAAE,KAAK;gBAChB,kBAAkB,EAAE,IAAI;gBACxB,GAAG,EAAE,CAAC;gBACN,GAAG,EAAE,CAAC;aACP,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,MAAM,IAAA,oCAAkB,EAAC,eAAe,CAAC,CAAC;QAE9D,IAAA,eAAM,EAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,IAAA,eAAM,EAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,WAAW,IAAI,UAAU,CAAC,UAAU,KAAK,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/H,IAAA,eAAM,EAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,KAAK,aAAa,IAAI,UAAU,CAAC,QAAQ,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE5H,UAAU,CAAC,WAAW,EAAE,CAAC;QACzB,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -16,17 +16,40 @@ interface PolicyResult {
|
|
|
16
16
|
applied: boolean;
|
|
17
17
|
detail: string;
|
|
18
18
|
}
|
|
19
|
+
/**
|
|
20
|
+
* Executes cloud-supplied policies on the local host.
|
|
21
|
+
*
|
|
22
|
+
* SECURITY INVARIANTS:
|
|
23
|
+
* - Every `target` from a policy is validated via {@link validateTarget}
|
|
24
|
+
* before reaching any subprocess. Invalid targets are dropped, not
|
|
25
|
+
* "best-effort" passed through.
|
|
26
|
+
* - All subprocess invocations use {@link execFileSync} with separate args —
|
|
27
|
+
* no shell metacharacter interpolation, ever.
|
|
28
|
+
* - PID validation rejects values outside the kernel's PID range (1..4194304).
|
|
29
|
+
* - Iptables / nft binaries are resolved once at construction; we never
|
|
30
|
+
* accept a `bin` path from the cloud.
|
|
31
|
+
*/
|
|
19
32
|
export declare class PolicyExecutor {
|
|
20
33
|
private config;
|
|
21
34
|
private appliedRules;
|
|
22
35
|
private lastPolicies;
|
|
36
|
+
private iptablesBin;
|
|
37
|
+
private nftBin;
|
|
23
38
|
constructor(config: SentryConfig);
|
|
39
|
+
private resolveBin;
|
|
24
40
|
apply(policies: SentryPolicy[], taggedProcesses: TaggedProcess[]): Promise<PolicyResult[]>;
|
|
25
41
|
private applyKillProcess;
|
|
26
42
|
private applyBlockProvider;
|
|
27
43
|
private applyBlockDomain;
|
|
28
|
-
|
|
44
|
+
/**
|
|
45
|
+
* Add an OUTPUT DROP rule. Each piece of `target` was pre-validated; we still
|
|
46
|
+
* call execFileSync with separate args so even a future regression in the
|
|
47
|
+
* validator cannot escape to a shell.
|
|
48
|
+
*/
|
|
49
|
+
private addNetworkBlockRule;
|
|
29
50
|
private removeRule;
|
|
51
|
+
private removeIptablesRule;
|
|
52
|
+
private removeNftRules;
|
|
30
53
|
}
|
|
31
54
|
export {};
|
|
32
55
|
//# sourceMappingURL=policy-executor.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy-executor.d.ts","sourceRoot":"","sources":["../../src/enforcement/policy-executor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"policy-executor.d.ts","sourceRoot":"","sources":["../../src/enforcement/policy-executor.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAA2B,MAAM,UAAU,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAIzC,UAAU,YAAY;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,EAAE,cAAc,GAAG,gBAAgB,GAAG,cAAc,CAAC;IACzD,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS,CAAC;IACvC,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,UAAU,YAAY;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,cAAc,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAC3D,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AAOD;;;;;;;;;;;;GAYG;AACH,qBAAa,cAAc;IAMb,OAAO,CAAC,MAAM;IAL1B,OAAO,CAAC,YAAY,CAA2C;IAC/D,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,MAAM,CAAgB;gBAEV,MAAM,EAAE,YAAY;IAKxC,OAAO,CAAC,UAAU;IAcZ,KAAK,CACT,QAAQ,EAAE,YAAY,EAAE,EACxB,eAAe,EAAE,aAAa,EAAE,GAC/B,OAAO,CAAC,YAAY,EAAE,CAAC;IAiF1B,OAAO,CAAC,gBAAgB;IAoDxB,OAAO,CAAC,kBAAkB;IAqC1B,OAAO,CAAC,gBAAgB;IAaxB;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IA8B3B,OAAO,CAAC,UAAU;IAqBlB,OAAO,CAAC,kBAAkB;IAqB1B,OAAO,CAAC,cAAc;CAiCvB"}
|