@panguard-ai/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/adapter-registry.d.ts +150 -0
- package/dist/adapters/adapter-registry.d.ts.map +1 -0
- package/dist/adapters/adapter-registry.js +271 -0
- package/dist/adapters/adapter-registry.js.map +1 -0
- package/dist/adapters/base-adapter.d.ts +101 -0
- package/dist/adapters/base-adapter.d.ts.map +1 -0
- package/dist/adapters/base-adapter.js +160 -0
- package/dist/adapters/base-adapter.js.map +1 -0
- package/dist/adapters/defender-adapter.d.ts +90 -0
- package/dist/adapters/defender-adapter.d.ts.map +1 -0
- package/dist/adapters/defender-adapter.js +227 -0
- package/dist/adapters/defender-adapter.js.map +1 -0
- package/dist/adapters/index.d.ts +22 -0
- package/dist/adapters/index.d.ts.map +1 -0
- package/dist/adapters/index.js +23 -0
- package/dist/adapters/index.js.map +1 -0
- package/dist/adapters/syslog-adapter.d.ts +207 -0
- package/dist/adapters/syslog-adapter.d.ts.map +1 -0
- package/dist/adapters/syslog-adapter.js +432 -0
- package/dist/adapters/syslog-adapter.js.map +1 -0
- package/dist/adapters/types.d.ts +135 -0
- package/dist/adapters/types.d.ts.map +1 -0
- package/dist/adapters/types.js +13 -0
- package/dist/adapters/types.js.map +1 -0
- package/dist/adapters/wazuh-adapter.d.ts +120 -0
- package/dist/adapters/wazuh-adapter.d.ts.map +1 -0
- package/dist/adapters/wazuh-adapter.js +266 -0
- package/dist/adapters/wazuh-adapter.js.map +1 -0
- package/dist/ai/claude-provider.d.ts +66 -0
- package/dist/ai/claude-provider.d.ts.map +1 -0
- package/dist/ai/claude-provider.js +166 -0
- package/dist/ai/claude-provider.js.map +1 -0
- package/dist/ai/funnel-router.d.ts +75 -0
- package/dist/ai/funnel-router.d.ts.map +1 -0
- package/dist/ai/funnel-router.js +173 -0
- package/dist/ai/funnel-router.js.map +1 -0
- package/dist/ai/index.d.ts +77 -0
- package/dist/ai/index.d.ts.map +1 -0
- package/dist/ai/index.js +95 -0
- package/dist/ai/index.js.map +1 -0
- package/dist/ai/ollama-provider.d.ts +73 -0
- package/dist/ai/ollama-provider.d.ts.map +1 -0
- package/dist/ai/ollama-provider.js +200 -0
- package/dist/ai/ollama-provider.js.map +1 -0
- package/dist/ai/openai-provider.d.ts +70 -0
- package/dist/ai/openai-provider.d.ts.map +1 -0
- package/dist/ai/openai-provider.js +175 -0
- package/dist/ai/openai-provider.js.map +1 -0
- package/dist/ai/prompts/event-classifier.d.ts +25 -0
- package/dist/ai/prompts/event-classifier.d.ts.map +1 -0
- package/dist/ai/prompts/event-classifier.js +94 -0
- package/dist/ai/prompts/event-classifier.js.map +1 -0
- package/dist/ai/prompts/index.d.ts +13 -0
- package/dist/ai/prompts/index.d.ts.map +1 -0
- package/dist/ai/prompts/index.js +13 -0
- package/dist/ai/prompts/index.js.map +1 -0
- package/dist/ai/prompts/report-generator.d.ts +25 -0
- package/dist/ai/prompts/report-generator.d.ts.map +1 -0
- package/dist/ai/prompts/report-generator.js +131 -0
- package/dist/ai/prompts/report-generator.js.map +1 -0
- package/dist/ai/prompts/threat-analyzer.d.ts +26 -0
- package/dist/ai/prompts/threat-analyzer.d.ts.map +1 -0
- package/dist/ai/prompts/threat-analyzer.js +75 -0
- package/dist/ai/prompts/threat-analyzer.js.map +1 -0
- package/dist/ai/provider-base.d.ts +100 -0
- package/dist/ai/provider-base.d.ts.map +1 -0
- package/dist/ai/provider-base.js +166 -0
- package/dist/ai/provider-base.js.map +1 -0
- package/dist/ai/response-parser.d.ts +36 -0
- package/dist/ai/response-parser.d.ts.map +1 -0
- package/dist/ai/response-parser.js +195 -0
- package/dist/ai/response-parser.js.map +1 -0
- package/dist/ai/token-tracker.d.ts +72 -0
- package/dist/ai/token-tracker.d.ts.map +1 -0
- package/dist/ai/token-tracker.js +145 -0
- package/dist/ai/token-tracker.js.map +1 -0
- package/dist/ai/types.d.ts +138 -0
- package/dist/ai/types.d.ts.map +1 -0
- package/dist/ai/types.js +12 -0
- package/dist/ai/types.js.map +1 -0
- package/dist/cli/index.d.ts +146 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +515 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/cli/prompts.d.ts +58 -0
- package/dist/cli/prompts.d.ts.map +1 -0
- package/dist/cli/prompts.js +327 -0
- package/dist/cli/prompts.js.map +1 -0
- package/dist/cli/wizard.d.ts +58 -0
- package/dist/cli/wizard.d.ts.map +1 -0
- package/dist/cli/wizard.js +200 -0
- package/dist/cli/wizard.js.map +1 -0
- package/dist/discovery/firewall-checker.d.ts +28 -0
- package/dist/discovery/firewall-checker.d.ts.map +1 -0
- package/dist/discovery/firewall-checker.js +379 -0
- package/dist/discovery/firewall-checker.js.map +1 -0
- package/dist/discovery/index.d.ts +23 -0
- package/dist/discovery/index.d.ts.map +1 -0
- package/dist/discovery/index.js +29 -0
- package/dist/discovery/index.js.map +1 -0
- package/dist/discovery/network-scanner.d.ts +60 -0
- package/dist/discovery/network-scanner.d.ts.map +1 -0
- package/dist/discovery/network-scanner.js +640 -0
- package/dist/discovery/network-scanner.js.map +1 -0
- package/dist/discovery/os-detector.d.ts +24 -0
- package/dist/discovery/os-detector.d.ts.map +1 -0
- package/dist/discovery/os-detector.js +253 -0
- package/dist/discovery/os-detector.js.map +1 -0
- package/dist/discovery/osquery-provider.d.ts +127 -0
- package/dist/discovery/osquery-provider.d.ts.map +1 -0
- package/dist/discovery/osquery-provider.js +214 -0
- package/dist/discovery/osquery-provider.js.map +1 -0
- package/dist/discovery/risk-scorer.d.ts +66 -0
- package/dist/discovery/risk-scorer.d.ts.map +1 -0
- package/dist/discovery/risk-scorer.js +294 -0
- package/dist/discovery/risk-scorer.js.map +1 -0
- package/dist/discovery/security-tools.d.ts +31 -0
- package/dist/discovery/security-tools.d.ts.map +1 -0
- package/dist/discovery/security-tools.js +346 -0
- package/dist/discovery/security-tools.js.map +1 -0
- package/dist/discovery/service-detector.d.ts +28 -0
- package/dist/discovery/service-detector.d.ts.map +1 -0
- package/dist/discovery/service-detector.js +300 -0
- package/dist/discovery/service-detector.js.map +1 -0
- package/dist/discovery/types.d.ts +502 -0
- package/dist/discovery/types.d.ts.map +1 -0
- package/dist/discovery/types.js +12 -0
- package/dist/discovery/types.js.map +1 -0
- package/dist/discovery/user-auditor.d.ts +28 -0
- package/dist/discovery/user-auditor.d.ts.map +1 -0
- package/dist/discovery/user-auditor.js +385 -0
- package/dist/discovery/user-auditor.js.map +1 -0
- package/dist/i18n/config.d.ts +45 -0
- package/dist/i18n/config.d.ts.map +1 -0
- package/dist/i18n/config.js +135 -0
- package/dist/i18n/config.js.map +1 -0
- package/dist/i18n/index.d.ts +8 -0
- package/dist/i18n/index.d.ts.map +1 -0
- package/dist/i18n/index.js +8 -0
- package/dist/i18n/index.js.map +1 -0
- package/dist/index.d.ts +31 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +31 -0
- package/dist/index.js.map +1 -0
- package/dist/monitor/event-normalizer.d.ts +102 -0
- package/dist/monitor/event-normalizer.d.ts.map +1 -0
- package/dist/monitor/event-normalizer.js +195 -0
- package/dist/monitor/event-normalizer.js.map +1 -0
- package/dist/monitor/file-monitor.d.ts +90 -0
- package/dist/monitor/file-monitor.d.ts.map +1 -0
- package/dist/monitor/file-monitor.js +222 -0
- package/dist/monitor/file-monitor.js.map +1 -0
- package/dist/monitor/index.d.ts +147 -0
- package/dist/monitor/index.d.ts.map +1 -0
- package/dist/monitor/index.js +293 -0
- package/dist/monitor/index.js.map +1 -0
- package/dist/monitor/log-monitor.d.ts +102 -0
- package/dist/monitor/log-monitor.d.ts.map +1 -0
- package/dist/monitor/log-monitor.js +245 -0
- package/dist/monitor/log-monitor.js.map +1 -0
- package/dist/monitor/network-monitor.d.ts +103 -0
- package/dist/monitor/network-monitor.d.ts.map +1 -0
- package/dist/monitor/network-monitor.js +336 -0
- package/dist/monitor/network-monitor.js.map +1 -0
- package/dist/monitor/process-monitor.d.ts +108 -0
- package/dist/monitor/process-monitor.d.ts.map +1 -0
- package/dist/monitor/process-monitor.js +245 -0
- package/dist/monitor/process-monitor.js.map +1 -0
- package/dist/monitor/threat-intel-feeds.d.ts +141 -0
- package/dist/monitor/threat-intel-feeds.d.ts.map +1 -0
- package/dist/monitor/threat-intel-feeds.js +430 -0
- package/dist/monitor/threat-intel-feeds.js.map +1 -0
- package/dist/monitor/threat-intel.d.ts +83 -0
- package/dist/monitor/threat-intel.d.ts.map +1 -0
- package/dist/monitor/threat-intel.js +215 -0
- package/dist/monitor/threat-intel.js.map +1 -0
- package/dist/monitor/types.d.ts +65 -0
- package/dist/monitor/types.d.ts.map +1 -0
- package/dist/monitor/types.js +20 -0
- package/dist/monitor/types.js.map +1 -0
- package/dist/rules/index.d.ts +115 -0
- package/dist/rules/index.d.ts.map +1 -0
- package/dist/rules/index.js +244 -0
- package/dist/rules/index.js.map +1 -0
- package/dist/rules/rule-loader.d.ts +54 -0
- package/dist/rules/rule-loader.d.ts.map +1 -0
- package/dist/rules/rule-loader.js +167 -0
- package/dist/rules/rule-loader.js.map +1 -0
- package/dist/rules/sigma-matcher.d.ts +40 -0
- package/dist/rules/sigma-matcher.d.ts.map +1 -0
- package/dist/rules/sigma-matcher.js +447 -0
- package/dist/rules/sigma-matcher.js.map +1 -0
- package/dist/rules/sigma-parser.d.ts +36 -0
- package/dist/rules/sigma-parser.d.ts.map +1 -0
- package/dist/rules/sigma-parser.js +180 -0
- package/dist/rules/sigma-parser.js.map +1 -0
- package/dist/rules/types.d.ts +112 -0
- package/dist/rules/types.d.ts.map +1 -0
- package/dist/rules/types.js +11 -0
- package/dist/rules/types.js.map +1 -0
- package/dist/rules/yara-scanner.d.ts +103 -0
- package/dist/rules/yara-scanner.d.ts.map +1 -0
- package/dist/rules/yara-scanner.js +421 -0
- package/dist/rules/yara-scanner.js.map +1 -0
- package/dist/scoring/achievements.d.ts +76 -0
- package/dist/scoring/achievements.d.ts.map +1 -0
- package/dist/scoring/achievements.js +211 -0
- package/dist/scoring/achievements.js.map +1 -0
- package/dist/scoring/index.d.ts +3 -0
- package/dist/scoring/index.d.ts.map +1 -0
- package/dist/scoring/index.js +3 -0
- package/dist/scoring/index.js.map +1 -0
- package/dist/scoring/security-score.d.ts +60 -0
- package/dist/scoring/security-score.d.ts.map +1 -0
- package/dist/scoring/security-score.js +211 -0
- package/dist/scoring/security-score.js.map +1 -0
- package/dist/types.d.ts +71 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +8 -0
- package/dist/types.js.map +1 -0
- package/dist/utils/index.d.ts +10 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +9 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +38 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +71 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/validation.d.ts +35 -0
- package/dist/utils/validation.d.ts.map +1 -0
- package/dist/utils/validation.js +56 -0
- package/dist/utils/validation.js.map +1 -0
- package/package.json +60 -0
|
@@ -0,0 +1,336 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Network connection monitoring via polling
|
|
3
|
+
* 透過輪詢進行網路連線監控
|
|
4
|
+
*
|
|
5
|
+
* Periodically polls active network connections and emits events
|
|
6
|
+
* for newly established or closed connections.
|
|
7
|
+
* 定期輪詢活躍網路連線,並為新建立或關閉的連線發出事件。
|
|
8
|
+
*
|
|
9
|
+
* @module @panguard-ai/core/monitor/network-monitor
|
|
10
|
+
*/
|
|
11
|
+
import { EventEmitter } from 'node:events';
|
|
12
|
+
import { execFile } from 'node:child_process';
|
|
13
|
+
import { platform } from 'node:os';
|
|
14
|
+
import { promisify } from 'node:util';
|
|
15
|
+
import { createLogger } from '../utils/index.js';
|
|
16
|
+
import { normalizeNetworkEvent } from './event-normalizer.js';
|
|
17
|
+
const execFileAsync = promisify(execFile);
|
|
18
|
+
const logger = createLogger('network-monitor');
|
|
19
|
+
/**
|
|
20
|
+
* Generate a unique key for a connection to track state changes
|
|
21
|
+
* 為連線產生唯一金鑰以追蹤狀態變更
|
|
22
|
+
*
|
|
23
|
+
* @param conn - Active connection / 活躍連線
|
|
24
|
+
* @returns Connection key string / 連線金鑰字串
|
|
25
|
+
*/
|
|
26
|
+
function connectionKey(conn) {
|
|
27
|
+
return `${conn.localAddress}:${conn.localPort}-${conn.remoteAddress}:${conn.remotePort}`;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* NetworkMonitor - monitors active network connections by polling OS tools
|
|
31
|
+
* NetworkMonitor - 透過輪詢作業系統工具監控活躍網路連線
|
|
32
|
+
*
|
|
33
|
+
* Events emitted:
|
|
34
|
+
* - 'new_connection': SecurityEvent - when a new connection is detected / 當偵測到新連線時
|
|
35
|
+
* - 'closed_connection': SecurityEvent - when a connection is closed / 當連線關閉時
|
|
36
|
+
* - 'error': Error - when polling encounters an error / 當輪詢遇到錯誤時
|
|
37
|
+
*
|
|
38
|
+
* @example
|
|
39
|
+
* ```typescript
|
|
40
|
+
* const monitor = new NetworkMonitor(30000);
|
|
41
|
+
* monitor.on('new_connection', (event) => console.log('New:', event));
|
|
42
|
+
* monitor.on('closed_connection', (event) => console.log('Closed:', event));
|
|
43
|
+
* monitor.start();
|
|
44
|
+
* ```
|
|
45
|
+
*/
|
|
46
|
+
export class NetworkMonitor extends EventEmitter {
|
|
47
|
+
/** Whether the monitor is currently running / 監控器是否正在執行 */
|
|
48
|
+
running = false;
|
|
49
|
+
/** Polling timer / 輪詢計時器 */
|
|
50
|
+
timer;
|
|
51
|
+
/** Previous connection snapshot for diff detection / 用於差異偵測的先前連線快照 */
|
|
52
|
+
previousConnections = new Map();
|
|
53
|
+
/** Polling interval in milliseconds / 輪詢間隔(毫秒) */
|
|
54
|
+
pollInterval;
|
|
55
|
+
/**
|
|
56
|
+
* Create a new NetworkMonitor instance
|
|
57
|
+
* 建立新的 NetworkMonitor 實例
|
|
58
|
+
*
|
|
59
|
+
* @param pollInterval - Polling interval in ms (default 30000) / 輪詢間隔毫秒數(預設 30000)
|
|
60
|
+
*/
|
|
61
|
+
constructor(pollInterval = 30000) {
|
|
62
|
+
super();
|
|
63
|
+
this.pollInterval = pollInterval;
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Start polling for network connections
|
|
67
|
+
* 開始輪詢網路連線
|
|
68
|
+
*/
|
|
69
|
+
start() {
|
|
70
|
+
if (this.running) {
|
|
71
|
+
logger.warn('NetworkMonitor is already running');
|
|
72
|
+
return;
|
|
73
|
+
}
|
|
74
|
+
this.running = true;
|
|
75
|
+
logger.info(`NetworkMonitor started (poll interval: ${this.pollInterval}ms)`);
|
|
76
|
+
// Run an initial poll immediately / 立即執行首次輪詢
|
|
77
|
+
void this.pollConnections();
|
|
78
|
+
this.timer = setInterval(() => {
|
|
79
|
+
void this.pollConnections();
|
|
80
|
+
}, this.pollInterval);
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Stop polling and clean up
|
|
84
|
+
* 停止輪詢並清理
|
|
85
|
+
*/
|
|
86
|
+
stop() {
|
|
87
|
+
if (!this.running) {
|
|
88
|
+
logger.warn('NetworkMonitor is not running');
|
|
89
|
+
return;
|
|
90
|
+
}
|
|
91
|
+
if (this.timer) {
|
|
92
|
+
clearInterval(this.timer);
|
|
93
|
+
this.timer = undefined;
|
|
94
|
+
}
|
|
95
|
+
this.running = false;
|
|
96
|
+
this.previousConnections.clear();
|
|
97
|
+
logger.info('NetworkMonitor stopped');
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Check if the monitor is currently running
|
|
101
|
+
* 檢查監控器是否正在執行
|
|
102
|
+
*
|
|
103
|
+
* @returns True if running / 如果正在執行則為 true
|
|
104
|
+
*/
|
|
105
|
+
isRunning() {
|
|
106
|
+
return this.running;
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Poll current connections and emit events for changes
|
|
110
|
+
* 輪詢目前連線並為變更發出事件
|
|
111
|
+
*/
|
|
112
|
+
async pollConnections() {
|
|
113
|
+
try {
|
|
114
|
+
const currentList = await this.getCurrentConnections();
|
|
115
|
+
const currentMap = new Map();
|
|
116
|
+
for (const conn of currentList) {
|
|
117
|
+
const key = connectionKey(conn);
|
|
118
|
+
currentMap.set(key, conn);
|
|
119
|
+
// Emit event for new connections not in previous snapshot
|
|
120
|
+
// 為不在先前快照中的新連線發出事件
|
|
121
|
+
if (!this.previousConnections.has(key)) {
|
|
122
|
+
const event = normalizeNetworkEvent({
|
|
123
|
+
localAddr: conn.localAddress,
|
|
124
|
+
localPort: conn.localPort,
|
|
125
|
+
remoteAddr: conn.remoteAddress,
|
|
126
|
+
remotePort: conn.remotePort,
|
|
127
|
+
state: conn.state,
|
|
128
|
+
process: conn.process || undefined,
|
|
129
|
+
});
|
|
130
|
+
this.emit('new_connection', event);
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
// Emit event for connections that no longer exist
|
|
134
|
+
// 為不再存在的連線發出事件
|
|
135
|
+
for (const [key, conn] of this.previousConnections) {
|
|
136
|
+
if (!currentMap.has(key)) {
|
|
137
|
+
const event = normalizeNetworkEvent({
|
|
138
|
+
localAddr: conn.localAddress,
|
|
139
|
+
localPort: conn.localPort,
|
|
140
|
+
remoteAddr: conn.remoteAddress,
|
|
141
|
+
remotePort: conn.remotePort,
|
|
142
|
+
state: 'CLOSED',
|
|
143
|
+
process: conn.process || undefined,
|
|
144
|
+
});
|
|
145
|
+
this.emit('closed_connection', event);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
this.previousConnections = currentMap;
|
|
149
|
+
}
|
|
150
|
+
catch (err) {
|
|
151
|
+
logger.error('Failed to poll connections', { error: String(err) });
|
|
152
|
+
this.emit('error', err instanceof Error ? err : new Error(String(err)));
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
/**
|
|
156
|
+
* Get current active network connections from the OS
|
|
157
|
+
* 從作業系統取得目前活躍的網路連線
|
|
158
|
+
*
|
|
159
|
+
* Uses platform-specific tools:
|
|
160
|
+
* 使用平台特定工具:
|
|
161
|
+
* - macOS: `lsof -i -P -n`
|
|
162
|
+
* - Linux: `ss -tnp`
|
|
163
|
+
* - Windows: `netstat -an`
|
|
164
|
+
*
|
|
165
|
+
* @returns Array of active connections / 活躍連線陣列
|
|
166
|
+
*/
|
|
167
|
+
async getCurrentConnections() {
|
|
168
|
+
const os = platform();
|
|
169
|
+
try {
|
|
170
|
+
if (os === 'darwin') {
|
|
171
|
+
return await this.parseLsof();
|
|
172
|
+
}
|
|
173
|
+
else if (os === 'linux') {
|
|
174
|
+
return await this.parseSs();
|
|
175
|
+
}
|
|
176
|
+
else if (os === 'win32') {
|
|
177
|
+
return await this.parseNetstat();
|
|
178
|
+
}
|
|
179
|
+
else {
|
|
180
|
+
logger.warn(`Unsupported platform for network monitoring: ${os}`);
|
|
181
|
+
return [];
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
catch (err) {
|
|
185
|
+
logger.error('Failed to get current connections', { error: String(err) });
|
|
186
|
+
return [];
|
|
187
|
+
}
|
|
188
|
+
}
|
|
189
|
+
/**
|
|
190
|
+
* Parse macOS lsof output into ActiveConnection array
|
|
191
|
+
* 將 macOS lsof 輸出解析為 ActiveConnection 陣列
|
|
192
|
+
*
|
|
193
|
+
* @returns Parsed connections / 解析後的連線
|
|
194
|
+
*/
|
|
195
|
+
async parseLsof() {
|
|
196
|
+
const { stdout } = await execFileAsync('lsof', ['-i', '-P', '-n'], {
|
|
197
|
+
timeout: 10000,
|
|
198
|
+
});
|
|
199
|
+
const connections = [];
|
|
200
|
+
const lines = stdout.split('\n');
|
|
201
|
+
// Skip header line / 跳過標頭行
|
|
202
|
+
for (let i = 1; i < lines.length; i++) {
|
|
203
|
+
const line = lines[i];
|
|
204
|
+
if (!line || line.trim().length === 0)
|
|
205
|
+
continue;
|
|
206
|
+
// lsof output columns: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
|
|
207
|
+
const parts = line.split(/\s+/);
|
|
208
|
+
if (parts.length < 9)
|
|
209
|
+
continue;
|
|
210
|
+
const processName = parts[0] ?? '';
|
|
211
|
+
const pid = parseInt(parts[1] ?? '', 10);
|
|
212
|
+
const name = parts[parts.length - 1] ?? '';
|
|
213
|
+
// Parse connection string like "192.168.1.1:443->10.0.0.1:12345"
|
|
214
|
+
// 解析連線字串如 "192.168.1.1:443->10.0.0.1:12345"
|
|
215
|
+
const arrowMatch = name.match(/^(.+):(\d+)->(.+):(\d+)$/);
|
|
216
|
+
if (arrowMatch) {
|
|
217
|
+
connections.push({
|
|
218
|
+
localAddress: arrowMatch[1] ?? '',
|
|
219
|
+
localPort: parseInt(arrowMatch[2] ?? '0', 10),
|
|
220
|
+
remoteAddress: arrowMatch[3] ?? '',
|
|
221
|
+
remotePort: parseInt(arrowMatch[4] ?? '0', 10),
|
|
222
|
+
state: 'ESTABLISHED',
|
|
223
|
+
process: processName,
|
|
224
|
+
pid: isNaN(pid) ? undefined : pid,
|
|
225
|
+
});
|
|
226
|
+
continue;
|
|
227
|
+
}
|
|
228
|
+
// Parse listening socket like "*:8080" or "127.0.0.1:3000"
|
|
229
|
+
// 解析監聽 socket 如 "*:8080" 或 "127.0.0.1:3000"
|
|
230
|
+
const listenMatch = name.match(/^(.+):(\d+)$/);
|
|
231
|
+
if (listenMatch) {
|
|
232
|
+
const stateCol = parts[parts.length - 2];
|
|
233
|
+
connections.push({
|
|
234
|
+
localAddress: listenMatch[1] ?? '',
|
|
235
|
+
localPort: parseInt(listenMatch[2] ?? '0', 10),
|
|
236
|
+
remoteAddress: '',
|
|
237
|
+
remotePort: 0,
|
|
238
|
+
state: stateCol === '(LISTEN)' ? 'LISTEN' : 'UNKNOWN',
|
|
239
|
+
process: processName,
|
|
240
|
+
pid: isNaN(pid) ? undefined : pid,
|
|
241
|
+
});
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
return connections;
|
|
245
|
+
}
|
|
246
|
+
/**
|
|
247
|
+
* Parse Linux ss output into ActiveConnection array
|
|
248
|
+
* 將 Linux ss 輸出解析為 ActiveConnection 陣列
|
|
249
|
+
*
|
|
250
|
+
* @returns Parsed connections / 解析後的連線
|
|
251
|
+
*/
|
|
252
|
+
async parseSs() {
|
|
253
|
+
const { stdout } = await execFileAsync('ss', ['-tnp'], {
|
|
254
|
+
timeout: 10000,
|
|
255
|
+
});
|
|
256
|
+
const connections = [];
|
|
257
|
+
const lines = stdout.split('\n');
|
|
258
|
+
// Skip header line / 跳過標頭行
|
|
259
|
+
for (let i = 1; i < lines.length; i++) {
|
|
260
|
+
const line = lines[i];
|
|
261
|
+
if (!line || line.trim().length === 0)
|
|
262
|
+
continue;
|
|
263
|
+
// ss output: State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
|
|
264
|
+
const parts = line.split(/\s+/);
|
|
265
|
+
if (parts.length < 5)
|
|
266
|
+
continue;
|
|
267
|
+
const state = parts[0] ?? '';
|
|
268
|
+
const localParts = (parts[3] ?? '').split(':');
|
|
269
|
+
const remoteParts = (parts[4] ?? '').split(':');
|
|
270
|
+
const localAddr = localParts.slice(0, -1).join(':') || '0.0.0.0';
|
|
271
|
+
const localPort = parseInt(localParts[localParts.length - 1] ?? '0', 10);
|
|
272
|
+
const remoteAddr = remoteParts.slice(0, -1).join(':') || '0.0.0.0';
|
|
273
|
+
const remotePort = parseInt(remoteParts[remoteParts.length - 1] ?? '0', 10);
|
|
274
|
+
// Extract process name from the "users:(("name",pid=PID,...))" field
|
|
275
|
+
// 從 "users:(("name",pid=PID,...))" 欄位中擷取程序名稱
|
|
276
|
+
let processName = '';
|
|
277
|
+
let pid;
|
|
278
|
+
const processField = parts[5] ?? '';
|
|
279
|
+
const processMatch = processField.match(/\(\("(.+?)",pid=(\d+)/);
|
|
280
|
+
if (processMatch) {
|
|
281
|
+
processName = processMatch[1] ?? '';
|
|
282
|
+
pid = parseInt(processMatch[2] ?? '0', 10);
|
|
283
|
+
}
|
|
284
|
+
connections.push({
|
|
285
|
+
localAddress: localAddr,
|
|
286
|
+
localPort,
|
|
287
|
+
remoteAddress: remoteAddr,
|
|
288
|
+
remotePort,
|
|
289
|
+
state: state.toUpperCase(),
|
|
290
|
+
process: processName,
|
|
291
|
+
pid: pid !== undefined && !isNaN(pid) ? pid : undefined,
|
|
292
|
+
});
|
|
293
|
+
}
|
|
294
|
+
return connections;
|
|
295
|
+
}
|
|
296
|
+
/**
|
|
297
|
+
* Parse Windows netstat output into ActiveConnection array
|
|
298
|
+
* 將 Windows netstat 輸出解析為 ActiveConnection 陣列
|
|
299
|
+
*
|
|
300
|
+
* @returns Parsed connections / 解析後的連線
|
|
301
|
+
*/
|
|
302
|
+
async parseNetstat() {
|
|
303
|
+
const { stdout } = await execFileAsync('netstat', ['-an'], {
|
|
304
|
+
timeout: 10000,
|
|
305
|
+
});
|
|
306
|
+
const connections = [];
|
|
307
|
+
const lines = stdout.split('\n');
|
|
308
|
+
for (const line of lines) {
|
|
309
|
+
const trimmed = line.trim();
|
|
310
|
+
if (!trimmed || (!trimmed.startsWith('TCP') && !trimmed.startsWith('UDP')))
|
|
311
|
+
continue;
|
|
312
|
+
// netstat -an output: Proto Local Address Foreign Address State
|
|
313
|
+
const parts = trimmed.split(/\s+/);
|
|
314
|
+
if (parts.length < 4)
|
|
315
|
+
continue;
|
|
316
|
+
const localParts = (parts[1] ?? '').split(':');
|
|
317
|
+
const remoteParts = (parts[2] ?? '').split(':');
|
|
318
|
+
const state = parts[3] ?? '';
|
|
319
|
+
const localAddr = localParts.slice(0, -1).join(':') || '0.0.0.0';
|
|
320
|
+
const localPort = parseInt(localParts[localParts.length - 1] ?? '0', 10);
|
|
321
|
+
const remoteAddr = remoteParts.slice(0, -1).join(':') || '0.0.0.0';
|
|
322
|
+
const remotePort = parseInt(remoteParts[remoteParts.length - 1] ?? '0', 10);
|
|
323
|
+
connections.push({
|
|
324
|
+
localAddress: localAddr,
|
|
325
|
+
localPort,
|
|
326
|
+
remoteAddress: remoteAddr,
|
|
327
|
+
remotePort,
|
|
328
|
+
state: state.toUpperCase() || 'UNKNOWN',
|
|
329
|
+
process: '',
|
|
330
|
+
pid: undefined,
|
|
331
|
+
});
|
|
332
|
+
}
|
|
333
|
+
return connections;
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
//# sourceMappingURL=network-monitor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"network-monitor.js","sourceRoot":"","sources":["../../src/monitor/network-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAG9D,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,MAAM,GAAG,YAAY,CAAC,iBAAiB,CAAC,CAAC;AAE/C;;;;;;GAMG;AACH,SAAS,aAAa,CAAC,IAAsB;IAC3C,OAAO,GAAG,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;AAC3F,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,cAAe,SAAQ,YAAY;IAC9C,2DAA2D;IACnD,OAAO,GAAG,KAAK,CAAC;IACxB,4BAA4B;IACpB,KAAK,CAAkC;IAC/C,sEAAsE;IAC9D,mBAAmB,GAAkC,IAAI,GAAG,EAAE,CAAC;IACvE,kDAAkD;IAC1C,YAAY,CAAS;IAE7B;;;;;OAKG;IACH,YAAY,YAAY,GAAG,KAAK;QAC9B,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,0CAA0C,IAAI,CAAC,YAAY,KAAK,CAAC,CAAC;QAE9E,6CAA6C;QAC7C,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;QAE5B,IAAI,CAAC,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE;YAC5B,KAAK,IAAI,CAAC,eAAe,EAAE,CAAC;QAC9B,CAAC,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IAED;;;;;OAKG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,eAAe;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;YACvD,MAAM,UAAU,GAAG,IAAI,GAAG,EAA4B,CAAC;YAEvD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;gBAChC,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBAE1B,0DAA0D;gBAC1D,mBAAmB;gBACnB,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACvC,MAAM,KAAK,GAAG,qBAAqB,CAAC;wBAClC,SAAS,EAAE,IAAI,CAAC,YAAY;wBAC5B,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,UAAU,EAAE,IAAI,CAAC,aAAa;wBAC9B,UAAU,EAAE,IAAI,CAAC,UAAU;wBAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;wBACjB,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS;qBACnC,CAAC,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,eAAe;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACnD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACzB,MAAM,KAAK,GAAG,qBAAqB,CAAC;wBAClC,SAAS,EAAE,IAAI,CAAC,YAAY;wBAC5B,SAAS,EAAE,IAAI,CAAC,SAAS;wBACzB,UAAU,EAAE,IAAI,CAAC,aAAa;wBAC9B,UAAU,EAAE,IAAI,CAAC,UAAU;wBAC3B,KAAK,EAAE,QAAQ;wBACf,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS;qBACnC,CAAC,CAAC;oBACH,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAK,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC;YAED,IAAI,CAAC,mBAAmB,GAAG,UAAU,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,qBAAqB;QACzB,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QAEtB,IAAI,CAAC;YACH,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;gBACpB,OAAO,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,CAAC;iBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC1B,OAAO,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9B,CAAC;iBAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;gBAC1B,OAAO,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YACnC,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,gDAAgD,EAAE,EAAE,CAAC,CAAC;gBAClE,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,mCAAmC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC1E,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,SAAS;QACrB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;YACjE,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,MAAM,WAAW,GAAuB,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEhD,0EAA0E;YAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAE/B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;YACzC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAE3C,iEAAiE;YACjE,4CAA4C;YAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAC1D,IAAI,UAAU,EAAE,CAAC;gBACf,WAAW,CAAC,IAAI,CAAC;oBACf,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE;oBACjC,SAAS,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;oBAC7C,aAAa,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,EAAE;oBAClC,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;oBAC9C,KAAK,EAAE,aAAa;oBACpB,OAAO,EAAE,WAAW;oBACpB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG;iBAClC,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,2DAA2D;YAC3D,4CAA4C;YAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;YAC/C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;gBACzC,WAAW,CAAC,IAAI,CAAC;oBACf,YAAY,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,EAAE;oBAClC,SAAS,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC;oBAC9C,aAAa,EAAE,EAAE;oBACjB,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;oBACrD,OAAO,EAAE,WAAW;oBACpB,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,OAAO;QACnB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE;YACrD,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,MAAM,WAAW,GAAuB,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;gBAAE,SAAS;YAEhD,8EAA8E;YAC9E,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAE/B,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,WAAW,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAEhD,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;YACjE,MAAM,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YACzE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;YACnE,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAE5E,qEAAqE;YACrE,6CAA6C;YAC7C,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,IAAI,GAAuB,CAAC;YAC5B,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACjE,IAAI,YAAY,EAAE,CAAC;gBACjB,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBACpC,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAC7C,CAAC;YAED,WAAW,CAAC,IAAI,CAAC;gBACf,YAAY,EAAE,SAAS;gBACvB,SAAS;gBACT,aAAa,EAAE,UAAU;gBACzB,UAAU;gBACV,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE;gBAC1B,OAAO,EAAE,WAAW;gBACpB,GAAG,EAAE,GAAG,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,YAAY;QACxB,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,KAAK,CAAC,EAAE;YACzD,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QAEH,MAAM,WAAW,GAAuB,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEjC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;gBAAE,SAAS;YAErF,gEAAgE;YAChE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAE/B,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,WAAW,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE7B,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;YACjE,MAAM,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YACzE,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;YACnE,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;YAE5E,WAAW,CAAC,IAAI,CAAC;gBACf,YAAY,EAAE,SAAS;gBACvB,SAAS;gBACT,aAAa,EAAE,UAAU;gBACzB,UAAU;gBACV,KAAK,EAAE,KAAK,CAAC,WAAW,EAAE,IAAI,SAAS;gBACvC,OAAO,EAAE,EAAE;gBACX,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF"}
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Process monitoring via polling
|
|
3
|
+
* 透過輪詢進行程序監控
|
|
4
|
+
*
|
|
5
|
+
* Periodically polls the system process list and emits events
|
|
6
|
+
* for newly started or stopped processes.
|
|
7
|
+
* 定期輪詢系統程序列表,並為新啟動或停止的程序發出事件。
|
|
8
|
+
*
|
|
9
|
+
* @module @panguard-ai/core/monitor/process-monitor
|
|
10
|
+
*/
|
|
11
|
+
import { EventEmitter } from 'node:events';
|
|
12
|
+
/**
|
|
13
|
+
* Full process list entry
|
|
14
|
+
* 完整程序列表條目
|
|
15
|
+
*/
|
|
16
|
+
export interface ProcessListEntry {
|
|
17
|
+
/** Process ID / 程序 ID */
|
|
18
|
+
pid: number;
|
|
19
|
+
/** Process name / 程序名稱 */
|
|
20
|
+
name: string;
|
|
21
|
+
/** User running the process / 執行程序的使用者 */
|
|
22
|
+
user?: string;
|
|
23
|
+
/** Full command line / 完整命令列 */
|
|
24
|
+
command?: string;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* ProcessMonitor - monitors system processes by polling the process list
|
|
28
|
+
* ProcessMonitor - 透過輪詢程序列表監控系統程序
|
|
29
|
+
*
|
|
30
|
+
* Events emitted:
|
|
31
|
+
* - 'process_started': SecurityEvent - when a new process is detected / 當偵測到新程序時
|
|
32
|
+
* - 'process_stopped': SecurityEvent - when a process disappears / 當程序消失時
|
|
33
|
+
* - 'error': Error - when polling encounters an error / 當輪詢遇到錯誤時
|
|
34
|
+
*
|
|
35
|
+
* @example
|
|
36
|
+
* ```typescript
|
|
37
|
+
* const monitor = new ProcessMonitor(15000);
|
|
38
|
+
* monitor.on('process_started', (event) => console.log('Started:', event));
|
|
39
|
+
* monitor.on('process_stopped', (event) => console.log('Stopped:', event));
|
|
40
|
+
* monitor.start();
|
|
41
|
+
* ```
|
|
42
|
+
*/
|
|
43
|
+
export declare class ProcessMonitor extends EventEmitter {
|
|
44
|
+
/** Whether the monitor is currently running / 監控器是否正在執行 */
|
|
45
|
+
private running;
|
|
46
|
+
/** Polling timer / 輪詢計時器 */
|
|
47
|
+
private timer?;
|
|
48
|
+
/** Previous process snapshot for diff detection / 用於差異偵測的先前程序快照 */
|
|
49
|
+
private previousProcesses;
|
|
50
|
+
/** Polling interval in milliseconds / 輪詢間隔(毫秒) */
|
|
51
|
+
private pollInterval;
|
|
52
|
+
/**
|
|
53
|
+
* Create a new ProcessMonitor instance
|
|
54
|
+
* 建立新的 ProcessMonitor 實例
|
|
55
|
+
*
|
|
56
|
+
* @param pollInterval - Polling interval in ms (default 15000) / 輪詢間隔毫秒數(預設 15000)
|
|
57
|
+
*/
|
|
58
|
+
constructor(pollInterval?: number);
|
|
59
|
+
/**
|
|
60
|
+
* Start polling for process changes
|
|
61
|
+
* 開始輪詢程序變更
|
|
62
|
+
*/
|
|
63
|
+
start(): void;
|
|
64
|
+
/**
|
|
65
|
+
* Stop polling and clean up
|
|
66
|
+
* 停止輪詢並清理
|
|
67
|
+
*/
|
|
68
|
+
stop(): void;
|
|
69
|
+
/**
|
|
70
|
+
* Check if the monitor is currently running
|
|
71
|
+
* 檢查監控器是否正在執行
|
|
72
|
+
*
|
|
73
|
+
* @returns True if running / 如果正在執行則為 true
|
|
74
|
+
*/
|
|
75
|
+
isRunning(): boolean;
|
|
76
|
+
/**
|
|
77
|
+
* Poll the process list and emit events for changes
|
|
78
|
+
* 輪詢程序列表並為變更發出事件
|
|
79
|
+
*/
|
|
80
|
+
private pollProcesses;
|
|
81
|
+
/**
|
|
82
|
+
* Get the current system process list
|
|
83
|
+
* 取得目前系統程序列表
|
|
84
|
+
*
|
|
85
|
+
* Uses platform-specific tools:
|
|
86
|
+
* 使用平台特定工具:
|
|
87
|
+
* - macOS/Linux: `ps -eo pid,user,comm,args`
|
|
88
|
+
* - Windows: `tasklist /FO CSV`
|
|
89
|
+
*
|
|
90
|
+
* @returns Array of process entries / 程序條目陣列
|
|
91
|
+
*/
|
|
92
|
+
getProcessList(): Promise<ProcessListEntry[]>;
|
|
93
|
+
/**
|
|
94
|
+
* Parse Unix ps output into ProcessListEntry array
|
|
95
|
+
* 將 Unix ps 輸出解析為 ProcessListEntry 陣列
|
|
96
|
+
*
|
|
97
|
+
* @returns Parsed process entries / 解析後的程序條目
|
|
98
|
+
*/
|
|
99
|
+
private parsePs;
|
|
100
|
+
/**
|
|
101
|
+
* Parse Windows tasklist CSV output into ProcessListEntry array
|
|
102
|
+
* 將 Windows tasklist CSV 輸出解析為 ProcessListEntry 陣列
|
|
103
|
+
*
|
|
104
|
+
* @returns Parsed process entries / 解析後的程序條目
|
|
105
|
+
*/
|
|
106
|
+
private parseTasklist;
|
|
107
|
+
}
|
|
108
|
+
//# sourceMappingURL=process-monitor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"process-monitor.d.ts","sourceRoot":"","sources":["../../src/monitor/process-monitor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAwB3C;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,yBAAyB;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,0BAA0B;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,cAAe,SAAQ,YAAY;IAC9C,2DAA2D;IAC3D,OAAO,CAAC,OAAO,CAAS;IACxB,4BAA4B;IAC5B,OAAO,CAAC,KAAK,CAAC,CAAiC;IAC/C,mEAAmE;IACnE,OAAO,CAAC,iBAAiB,CAAuC;IAChE,kDAAkD;IAClD,OAAO,CAAC,YAAY,CAAS;IAE7B;;;;;OAKG;gBACS,YAAY,SAAQ;IAKhC;;;OAGG;IACH,KAAK,IAAI,IAAI;IAiBb;;;OAGG;IACH,IAAI,IAAI,IAAI;IAgBZ;;;;;OAKG;IACH,SAAS,IAAI,OAAO;IAIpB;;;OAGG;YACW,aAAa;IAmD3B;;;;;;;;;;OAUG;IACG,cAAc,IAAI,OAAO,CAAC,gBAAgB,EAAE,CAAC;IAkBnD;;;;;OAKG;YACW,OAAO;IAqCrB;;;;;OAKG;YACW,aAAa;CA+B5B"}
|