@niksbanna/bot-detector 1.0.0

package/src/signals/fingerprint/WebGLSignal.js

@@ -0,0 +1,146 @@
+/**
+ * @fileoverview Detects WebGL rendering anomalies.
+ */
+
+import { Signal } from '../../core/Signal.js';
+
+/**
+ * Detects WebGL anomalies and spoofed renderer information.
+ * Bots often have missing, disabled, or fake WebGL contexts.
+ */
+class WebGLSignal extends Signal {
+  static id = 'webgl';
+  static category = 'fingerprint';
+  static weight = 0.7;
+  static description = 'Detects WebGL rendering anomalies';
+
+  async detect() {
+    const anomalies = [];
+    let confidence = 0;
+
+    // Try to get WebGL context
+    const canvas = document.createElement('canvas');
+    let gl = null;
+
+    try {
+      gl = canvas.getContext('webgl') || canvas.getContext('experimental-webgl');
+    } catch (e) {
+      anomalies.push('webgl-error');
+      confidence = Math.max(confidence, 0.5);
+    }
+
+    if (!gl) {
+      // WebGL not available - could be disabled or blocked
+      anomalies.push('webgl-unavailable');
+      confidence = Math.max(confidence, 0.4);
+      return this.createResult(true, { anomalies }, confidence);
+    }
+
+    // Get renderer info
+    const debugInfo = gl.getExtension('WEBGL_debug_renderer_info');
+    let vendor = '';
+    let renderer = '';
+
+    if (debugInfo) {
+      vendor = gl.getParameter(debugInfo.UNMASKED_VENDOR_WEBGL) || '';
+      renderer = gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) || '';
+    }
+
+    // Check for empty renderer info (common in headless)
+    if (!vendor && !renderer) {
+      anomalies.push('no-webgl-renderer-info');
+      confidence = Math.max(confidence, 0.6);
+    }
+
+    // Check for known headless/virtual renderer strings
+    const suspiciousRenderers = [
+      'swiftshader',
+      'llvmpipe',
+      'software',
+      'mesa',
+      'google swiftshader',
+      'vmware',
+      'virtualbox',
+    ];
+
+    const rendererLower = renderer.toLowerCase();
+    for (const sus of suspiciousRenderers) {
+      if (rendererLower.includes(sus)) {
+        anomalies.push(`suspicious-renderer-${sus.replace(/\s+/g, '-')}`);
+        confidence = Math.max(confidence, 0.7);
+        break;
+      }
+    }
+
+    // Check for mismatched vendor/renderer
+    if (vendor && renderer) {
+      // NVIDIA renderer should have NVIDIA vendor
+      if (rendererLower.includes('nvidia') && !vendor.toLowerCase().includes('nvidia')) {
+        anomalies.push('vendor-renderer-mismatch');
+        confidence = Math.max(confidence, 0.6);
+      }
+      // AMD renderer should have AMD/ATI vendor
+      if ((rendererLower.includes('amd') || rendererLower.includes('radeon')) && 
+          !vendor.toLowerCase().includes('amd') && !vendor.toLowerCase().includes('ati')) {
+        anomalies.push('vendor-renderer-mismatch');
+        confidence = Math.max(confidence, 0.6);
+      }
+    }
+
+    // Check for supported extensions
+    const extensions = gl.getSupportedExtensions() || [];
+    
+    // Suspiciously few extensions
+    if (extensions.length < 5) {
+      anomalies.push('few-webgl-extensions');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    // Check for WebGL parameter consistency
+    const maxTextureSize = gl.getParameter(gl.MAX_TEXTURE_SIZE);
+    const maxViewportDims = gl.getParameter(gl.MAX_VIEWPORT_DIMS);
+
+    // Unrealistic values
+    if (maxTextureSize < 1024 || maxTextureSize > 65536) {
+      anomalies.push('unrealistic-max-texture');
+      confidence = Math.max(confidence, 0.5);
+    }
+
+    // Check if WebGL rendering actually works
+    try {
+      // Simple render test
+      gl.clearColor(0.0, 0.0, 0.0, 1.0);
+      gl.clear(gl.COLOR_BUFFER_BIT);
+      
+      const pixels = new Uint8Array(4);
+      gl.readPixels(0, 0, 1, 1, gl.RGBA, gl.UNSIGNED_BYTE, pixels);
+      
+      // If clear didn't work, something's wrong
+      if (pixels[3] !== 255) {
+        anomalies.push('webgl-render-failure');
+        confidence = Math.max(confidence, 0.6);
+      }
+    } catch (e) {
+      anomalies.push('webgl-render-error');
+      confidence = Math.max(confidence, 0.5);
+    }
+
+    // Clean up
+    const loseContext = gl.getExtension('WEBGL_lose_context');
+    if (loseContext) {
+      loseContext.loseContext();
+    }
+
+    const triggered = anomalies.length > 0;
+
+    return this.createResult(triggered, {
+      anomalies,
+      vendor,
+      renderer,
+      extensionCount: extensions.length,
+      maxTextureSize,
+    }, confidence);
+  }
+}
+
+export { WebGLSignal };

package/src/signals/fingerprint/index.js

@@ -0,0 +1,9 @@
+/**
+ * @fileoverview Fingerprint signals index.
+ */
+
+export { PluginsSignal } from './PluginsSignal.js';
+export { WebGLSignal } from './WebGLSignal.js';
+export { CanvasSignal } from './CanvasSignal.js';
+export { AudioContextSignal } from './AudioContextSignal.js';
+export { ScreenSignal } from './ScreenSignal.js';

package/src/signals/timing/DOMContentTimingSignal.js

@@ -0,0 +1,159 @@
+/**
+ * @fileoverview Analyzes DOM content loaded event timing.
+ */
+
+import { Signal } from '../../core/Signal.js';
+
+/**
+ * Analyzes timing around DOMContentLoaded event.
+ * Bots may have unusual patterns in when/how DOM is processed.
+ */
+class DOMContentTimingSignal extends Signal {
+  static id = 'dom-content-timing';
+  static category = 'timing';
+  static weight = 0.4;
+  static description = 'Analyzes DOM content loaded timing patterns';
+
+  constructor(options = {}) {
+    super(options);
+    this._domContentLoadedTime = null;
+    this._documentReadyState = document.readyState;
+    this._captureTime = performance.now();
+    
+    // Capture DOMContentLoaded time if not already loaded
+    if (document.readyState === 'loading') {
+      document.addEventListener('DOMContentLoaded', () => {
+        this._domContentLoadedTime = performance.now();
+      });
+    }
+  }
+
+  async detect() {
+    const anomalies = [];
+    let confidence = 0;
+
+    // Get timing information
+    const now = performance.now();
+    const readyState = document.readyState;
+    
+    // Check resource timing
+    let resourceCount = 0;
+    let totalResourceTime = 0;
+    let externalScriptCount = 0;
+
+    if (performance.getEntriesByType) {
+      const resources = performance.getEntriesByType('resource');
+      resourceCount = resources.length;
+
+      for (const resource of resources) {
+        totalResourceTime += resource.duration;
+        if (resource.initiatorType === 'script' && 
+            resource.name.startsWith('http')) {
+          externalScriptCount++;
+        }
+      }
+    }
+
+    // Check for very few resources (headless often loads minimal)
+    if (resourceCount === 0 && readyState === 'complete') {
+      anomalies.push('no-resources-loaded');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    // Check for suspiciously fast DOM ready without resources
+    if (this._domContentLoadedTime && this._domContentLoadedTime < 50 && resourceCount === 0) {
+      anomalies.push('instant-ready-no-resources');
+      confidence = Math.max(confidence, 0.6);
+    }
+
+    // Check document.hidden state at load
+    // Bots often run in hidden/background state
+    if (document.hidden && this._documentReadyState === 'loading') {
+      anomalies.push('hidden-at-load');
+      confidence = Math.max(confidence, 0.3);
+    }
+
+    // Check for visibility API
+    if (typeof document.visibilityState === 'undefined') {
+      anomalies.push('no-visibility-api');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    // Check DOM manipulation timing
+    try {
+      const startMutation = performance.now();
+      const testDiv = document.createElement('div');
+      testDiv.id = '__bot_detection_test__';
+      document.body.appendChild(testDiv);
+      const afterAppend = performance.now();
+      document.body.removeChild(testDiv);
+      const afterRemove = performance.now();
+
+      const appendTime = afterAppend - startMutation;
+      const removeTime = afterRemove - afterAppend;
+
+      // Instant DOM operations (< 0.01ms) may indicate mocked DOM
+      if (appendTime === 0 && removeTime === 0) {
+        anomalies.push('instant-dom-operations');
+        confidence = Math.max(confidence, 0.5);
+      }
+    } catch (e) {
+      // If body doesn't exist yet, that's unusual at detection time
+      if (!document.body) {
+        anomalies.push('no-document-body');
+        confidence = Math.max(confidence, 0.4);
+      }
+    }
+
+    // Check for MutationObserver availability (should exist in modern browsers)
+    if (typeof MutationObserver === 'undefined') {
+      anomalies.push('no-mutation-observer');
+      confidence = Math.max(confidence, 0.5);
+    }
+
+    // Check for requestAnimationFrame availability
+    if (typeof requestAnimationFrame === 'undefined') {
+      anomalies.push('no-request-animation-frame');
+      confidence = Math.max(confidence, 0.5);
+    }
+
+    // Check timing of first paint if available
+    if (performance.getEntriesByType) {
+      const paintEntries = performance.getEntriesByType('paint');
+      const firstPaint = paintEntries.find(e => e.name === 'first-paint');
+      
+      if (!firstPaint && readyState === 'complete' && now > 1000) {
+        anomalies.push('no-first-paint');
+        confidence = Math.max(confidence, 0.4);
+      }
+
+      // Check for first contentful paint
+      const fcp = paintEntries.find(e => e.name === 'first-contentful-paint');
+      if (!fcp && readyState === 'complete' && now > 1000) {
+        anomalies.push('no-first-contentful-paint');
+        confidence = Math.max(confidence, 0.4);
+      }
+    }
+
+    // Check intersection observer
+    if (typeof IntersectionObserver === 'undefined') {
+      anomalies.push('no-intersection-observer');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    const triggered = anomalies.length > 0;
+
+    return this.createResult(triggered, {
+      anomalies,
+      metrics: {
+        readyState,
+        resourceCount,
+        externalScriptCount,
+        domContentLoadedTime: this._domContentLoadedTime,
+        documentHidden: document.hidden,
+      },
+    }, confidence);
+  }
+}
+
+export { DOMContentTimingSignal };

package/src/signals/timing/PageLoadSignal.js

@@ -0,0 +1,165 @@
+/**
+ * @fileoverview Detects suspicious page load timing patterns.
+ */
+
+import { Signal } from '../../core/Signal.js';
+
+/**
+ * Analyzes page load timing for automation indicators.
+ * Bots often have unusual or suspiciously fast load patterns.
+ */
+class PageLoadSignal extends Signal {
+  static id = 'page-load';
+  static category = 'timing';
+  static weight = 0.5;
+  static description = 'Detects suspicious page load timing';
+
+  async detect() {
+    const anomalies = [];
+    let confidence = 0;
+
+    // Check if Performance API is available
+    if (!window.performance || !performance.timing) {
+      // Try Navigation Timing API Level 2
+      if (performance.getEntriesByType) {
+        const navEntries = performance.getEntriesByType('navigation');
+        if (navEntries.length > 0) {
+          return this._analyzeNavigationTiming(navEntries[0]);
+        }
+      }
+      
+      anomalies.push('no-performance-api');
+      confidence = Math.max(confidence, 0.3);
+      return this.createResult(true, { anomalies }, confidence);
+    }
+
+    const timing = performance.timing;
+    
+    // Calculate key timings
+    const navigationStart = timing.navigationStart;
+    const domContentLoaded = timing.domContentLoadedEventEnd - navigationStart;
+    const domComplete = timing.domComplete - navigationStart;
+    const loadComplete = timing.loadEventEnd - navigationStart;
+    const dnsLookup = timing.domainLookupEnd - timing.domainLookupStart;
+    const tcpConnection = timing.connectEnd - timing.connectStart;
+    const serverResponse = timing.responseEnd - timing.requestStart;
+    const domProcessing = timing.domComplete - timing.domLoading;
+
+    // Check for impossibly fast load times
+    if (domContentLoaded > 0 && domContentLoaded < 10) {
+      anomalies.push('instant-dom-content-loaded');
+      confidence = Math.max(confidence, 0.7);
+    }
+
+    // Check for zero DNS lookup (could indicate local file or caching, but suspicious in combination)
+    if (dnsLookup === 0 && tcpConnection === 0 && serverResponse < 5) {
+      anomalies.push('zero-network-timing');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    // Check for negative timings (timestamp manipulation)
+    if (domContentLoaded < 0 || domComplete < 0 || loadComplete < 0) {
+      anomalies.push('negative-timing');
+      confidence = Math.max(confidence, 0.8);
+    }
+
+    // Check for unrealistic timing order
+    if (timing.domContentLoadedEventEnd > 0 && timing.loadEventEnd > 0) {
+      if (timing.domContentLoadedEventEnd > timing.loadEventEnd) {
+        anomalies.push('timing-order-violation');
+        confidence = Math.max(confidence, 0.7);
+      }
+    }
+
+    // Check for very long processing times (could indicate headless waiting)
+    if (domProcessing > 30000) { // 30 seconds
+      anomalies.push('excessive-dom-processing');
+      confidence = Math.max(confidence, 0.3);
+    }
+
+    // Check for script injection timing pattern
+    // Bots often inject scripts immediately after load
+    const scriptsLoadedTime = timing.domContentLoadedEventStart - timing.responseEnd;
+    if (scriptsLoadedTime > 0 && scriptsLoadedTime < 5) {
+      anomalies.push('instant-script-execution');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    // Check for performance.now() manipulation
+    const perfNow1 = performance.now();
+    const perfNow2 = performance.now();
+    
+    // If two consecutive calls return the same value (shouldn't happen)
+    if (perfNow1 === perfNow2 && perfNow1 > 0) {
+      anomalies.push('frozen-performance-now');
+      confidence = Math.max(confidence, 0.6);
+    }
+
+    // Check for Date.now() vs performance.now() consistency
+    const dateNow1 = Date.now();
+    const perfNow3 = performance.now();
+    const dateNow2 = Date.now();
+    
+    // If they're wildly inconsistent
+    if (Math.abs((dateNow2 - dateNow1) - (performance.now() - perfNow3)) > 100) {
+      anomalies.push('timing-inconsistency');
+      confidence = Math.max(confidence, 0.5);
+    }
+
+    const triggered = anomalies.length > 0;
+
+    return this.createResult(triggered, {
+      anomalies,
+      timings: {
+        domContentLoaded,
+        domComplete,
+        loadComplete,
+        dnsLookup,
+        tcpConnection,
+        serverResponse,
+        domProcessing,
+      },
+    }, confidence);
+  }
+
+  /**
+   * Analyze Navigation Timing Level 2 API data.
+   * @param {PerformanceNavigationTiming} entry - Navigation timing entry
+   * @returns {SignalResult}
+   */
+  _analyzeNavigationTiming(entry) {
+    const anomalies = [];
+    let confidence = 0;
+
+    const domContentLoaded = entry.domContentLoadedEventEnd;
+    const loadComplete = entry.loadEventEnd;
+    const dnsLookup = entry.domainLookupEnd - entry.domainLookupStart;
+    const serverResponse = entry.responseEnd - entry.requestStart;
+
+    // Check for impossibly fast load
+    if (domContentLoaded > 0 && domContentLoaded < 10) {
+      anomalies.push('instant-dom-content-loaded');
+      confidence = Math.max(confidence, 0.7);
+    }
+
+    // Check for zero timings
+    if (dnsLookup === 0 && serverResponse === 0) {
+      anomalies.push('zero-network-timing');
+      confidence = Math.max(confidence, 0.4);
+    }
+
+    const triggered = anomalies.length > 0;
+
+    return this.createResult(triggered, {
+      anomalies,
+      timings: {
+        domContentLoaded,
+        loadComplete,
+        dnsLookup,
+        serverResponse,
+      },
+    }, confidence);
+  }
+}
+
+export { PageLoadSignal };

package/src/signals/timing/index.js

@@ -0,0 +1,6 @@
+/**
+ * @fileoverview Timing signals index.
+ */
+
+export { PageLoadSignal } from './PageLoadSignal.js';
+export { DOMContentTimingSignal } from './DOMContentTimingSignal.js';