npm - @opensecurity/zonzon-core - Versions diffs - 0.1.1 → 0.1.3 - Mend

@opensecurity/zonzon-core 0.1.1 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

package/dist/audit.d.ts +10 -0
package/dist/audit.js +39 -0
package/dist/cache-layer.test.d.ts +1 -0
package/dist/cache-layer.test.js +205 -0
package/dist/cache-multi-question.test.d.ts +1 -0
package/dist/cache-multi-question.test.js +187 -0
package/dist/dns-handler.d.ts +27 -0
package/dist/dns-handler.js +323 -0
package/dist/dns-service.d.ts +45 -0
package/dist/dns-service.js +546 -0
package/dist/dns-service.test.d.ts +1 -0
package/dist/dns-service.test.js +306 -0
package/dist/dns-wireformat.test.d.ts +1 -0
package/dist/dns-wireformat.test.js +669 -0
package/dist/firewall.d.ts +9 -0
package/dist/firewall.js +62 -0
package/dist/http-body-forwarding-integration.test.d.ts +1 -0
package/dist/http-body-forwarding-integration.test.js +318 -0
package/dist/http-body-forwarding.test.d.ts +1 -0
package/dist/http-body-forwarding.test.js +84 -0
package/dist/http-handler.d.ts +21 -0
package/dist/http-handler.js +429 -0
package/dist/http-proxy.d.ts +14 -0
package/dist/http-proxy.js +135 -0
package/dist/http-proxy.test.d.ts +1 -0
package/dist/http-proxy.test.js +375 -0
package/{src/index.ts → dist/index.d.ts} +1 -1
package/dist/index.js +10 -0
package/dist/rate-limiter.d.ts +11 -0
package/dist/rate-limiter.js +33 -0
package/dist/rate-limiter.test.d.ts +1 -0
package/dist/rate-limiter.test.js +149 -0
package/dist/schema.d.ts +12 -0
package/dist/schema.js +124 -0
package/dist/schema.test.d.ts +1 -0
package/dist/schema.test.js +586 -0
package/dist/sni-proxy.d.ts +12 -0
package/dist/sni-proxy.js +141 -0
package/dist/srv-record.test.d.ts +1 -0
package/dist/srv-record.test.js +186 -0
package/dist/tcp-connection-limit.test.d.ts +1 -0
package/dist/tcp-connection-limit.test.js +89 -0
package/dist/types.d.ts +145 -0
package/dist/types.js +34 -0
package/dist/wildcard-matching.test.d.ts +1 -0
package/dist/wildcard-matching.test.js +162 -0
package/package.json +4 -1
package/src/audit.ts +0 -43
package/src/cache-layer.test.ts +0 -236
package/src/cache-multi-question.test.ts +0 -263
package/src/dns-handler.ts +0 -355
package/src/dns-service.test.ts +0 -371
package/src/dns-service.ts +0 -655
package/src/dns-wireformat.test.ts +0 -771
package/src/env.d.ts +0 -1
package/src/firewall.ts +0 -66
package/src/http-body-forwarding-integration.test.ts +0 -357
package/src/http-body-forwarding.test.ts +0 -101
package/src/http-handler.ts +0 -489
package/src/http-proxy.test.ts +0 -440
package/src/http-proxy.ts +0 -148
package/src/rate-limiter.test.ts +0 -144
package/src/rate-limiter.ts +0 -50
package/src/schema.test.ts +0 -685
package/src/schema.ts +0 -137
package/src/sni-proxy.ts +0 -164
package/src/srv-record.test.ts +0 -211
package/src/tcp-connection-limit.test.ts +0 -110
package/src/types.ts +0 -168
package/src/wildcard-matching.test.ts +0 -196
package/tsconfig.json +0 -9

package/src/rate-limiter.test.ts DELETED Viewed

@@ -1,144 +0,0 @@
-import { describe, it } from "node:test";
-import assert from "assert";
-import * as net from "net";
-let PORT_BASE = 65000;
-function nextPort(): number { return PORT_BASE++; }
-describe("TCP Rate Limiting", () => {
-  function buildTcpDnsQuery(name: string): Buffer {
-    const encoder = new (class {
-      buf = Buffer.alloc(256); offset = 0;
-      writeUint16(v: number) { this.buf.writeUInt16BE(v, this.offset); this.offset += 2; }
-      writeUint8(v: number) { this.buf.writeUInt8(v, this.offset); this.offset += 1; }
-      writeDomainName(nm: string) {
-        for (const label of nm.split(".")) { if (!label.length) continue; this.writeUint8(label.length); Buffer.from(label).copy(this.buf, this.offset); this.offset += label.length; }
-        this.writeUint8(0);
-      }
-      finish(): Buffer { return this.buf.subarray(0, this.offset); }
-    })();
-    encoder.writeUint16(0xDEAD); encoder.writeUint16(0x0100); encoder.writeUint16(1);
-    encoder.writeUint16(0); encoder.writeUint16(0); encoder.writeUint16(0);
-    encoder.writeDomainName(name); encoder.writeUint16(1); encoder.writeUint16(1);
-    const query = encoder.finish();
-    const prefixed = Buffer.alloc(2 + query.length);
-    prefixed.writeUInt16BE(query.length, 0); query.copy(prefixed, 2);
-    return prefixed;
-  }
-  it("TCP queries are rate limited when configured", async () => {
-    const port = nextPort();
-    const { DnsHandler } = await import("./dns-handler.js");
-    const { DevDnsServer } = await import("./dns-service.js");
-    const config: any = { port, hosts: { "test.loop": { records: [{ type: "A", address: "5.6.7.8" }] } }, rateLimitMaxRequests: 3, rateLimitWindowMs: 1000 };
-    const dnsServer = new DevDnsServer(config);
-    const handler = new DnsHandler(dnsServer, config);
-    await handler.start();
-    try {
-      await new Promise<void>((r) => setTimeout(r, 150));
-      const results: number[] = [];
-      for (let i = 0; i < 3; i++) {
-        let responses = 0;
-        await new Promise<void>((resolve) => {
-          const socket = net.createConnection(port, "127.0.0.1", () => {
-            socket.write(buildTcpDnsQuery("test.loop"));
-            socket.on("data", (data: Buffer) => {
-              let off = 0;
-              while (off + 2 <= data.length) {
-                const len = data.readUInt16BE(off);
-                if (len === 0 || off + 2 + len > data.length) break;
-                responses++; off += 2 + len;
-              }
-            });
-            setTimeout(() => { socket.destroy(); resolve(); }, 1000);
-          });
-        });
-        results.push(responses);
-      }
-      assert.ok(results.every((r) => r > 0));
-    } finally {
-      await handler.stop();
-    }
-  });
-  it("TCP connection is terminated when source IP exceeds rate limit", async () => {
-    const port = nextPort();
-    const { DnsHandler } = await import("./dns-handler.js");
-    const { DevDnsServer } = await import("./dns-service.js");
-    const config: any = { port, hosts: { "test.loop": { records: [{ type: "A", address: "9.8.7.6" }] } }, rateLimitMaxRequests: 1, rateLimitWindowMs: 5000 };
-    const dnsServer = new DevDnsServer(config);
-    const handler = new DnsHandler(dnsServer, config);
-    await handler.start();
-    try {
-      await new Promise<void>((r) => setTimeout(r, 150));
-      let r1Responses = 0;
-      await new Promise<void>((resolve) => {
-        const socket = net.createConnection(port, "127.0.0.1", () => {
-          socket.write(buildTcpDnsQuery("test.loop"));
-          socket.on("data", (data: Buffer) => {
-            let off = 0;
-            while (off + 2 <= data.length) {
-              const len = data.readUInt16BE(off);
-              if (len === 0 || off + 2 + len > data.length) break;
-              r1Responses++; off += 2 + len;
-            }
-          });
-          setTimeout(() => { socket.destroy(); resolve(); }, 1000);
-        });
-      });
-      assert.ok(r1Responses > 0);
-      let r2Destroyed = false;
-      await new Promise<void>((resolve) => {
-        const socket = net.createConnection(port, "127.0.0.1", () => {
-          setTimeout(() => { socket.destroy(); resolve(); }, 1500);
-        });
-        socket.on("error", () => { r2Destroyed = true; });
-        socket.on("close", () => { if (!r2Destroyed) r2Destroyed = true; });
-      });
-      assert.strictEqual(r2Destroyed, true);
-    } finally {
-      await handler.stop();
-    }
-  });
-  it("TCP queries work when rate limiting is disabled", async () => {
-    const port = nextPort();
-    const { DnsHandler } = await import("./dns-handler.js");
-    const { DevDnsServer } = await import("./dns-service.js");
-    const config: any = { port, hosts: { "test.loop": { records: [{ type: "A", address: "1.2.3.4" }] } }, rateLimitMaxRequests: 0 };
-    const dnsServer = new DevDnsServer(config);
-    const handler = new DnsHandler(dnsServer, config);
-    await handler.start();
-    try {
-      await new Promise<void>((r) => setTimeout(r, 150));
-      let successes = 0;
-      for (let i = 0; i < 5; i++) {
-        let gotResponse = false;
-        await new Promise<void>((resolve) => {
-          const socket = net.createConnection(port, "127.0.0.1", () => {
-            socket.write(buildTcpDnsQuery("test.loop"));
-            socket.on("data", () => { gotResponse = true; });
-            setTimeout(() => { socket.destroy(); resolve(); }, 1000);
-          });
-        });
-        if (gotResponse) successes++;
-      }
-      assert.strictEqual(successes, 5);
-    } finally {
-      await handler.stop();
-    }
-  });
-});

package/src/rate-limiter.ts DELETED Viewed

@@ -1,50 +0,0 @@
-export interface RateLimiterOptions {
-  maxRequests: number;
-  windowMs: number;
-}
-interface IpBucket {
-  timestamps: number[];
-}
-export class RateLimiter {
-  private options: RateLimiterOptions;
-  private buckets = new Map<string, IpBucket>();
-  constructor(options: RateLimiterOptions) {
-    this.options = options;
-  }
-  allow(ip: string): boolean {
-    const now = Date.now();
-    let bucket = this.buckets.get(ip);
-    if (!bucket || now - bucket.timestamps[0] > this.options.windowMs) {
-      bucket = { timestamps: [now] };
-      this.buckets.set(ip, bucket);
-      return true;
-    }
-    const windowStart = now - this.options.windowMs;
-    while (bucket.timestamps.length > 0 && bucket.timestamps[0] < windowStart) {
-      bucket.timestamps.shift();
-    }
-    if (bucket.timestamps.length >= this.options.maxRequests) {
-      return false;
-    }
-    bucket.timestamps.push(now);
-    return true;
-  }
-  getRequestCount(ip: string): number {
-    const now = Date.now();
-    const windowStart = now - this.options.windowMs;
-    const bucket = this.buckets.get(ip);
-    if (!bucket) return 0;
-    return bucket.timestamps.filter((t) => t >= windowStart).length;
-  }
-}