@panguard-ai/core 0.3.3 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/utils/index.d.ts +2 -1
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +1 -1
- package/dist/utils/index.js.map +1 -1
- package/dist/utils/validation.d.ts +215 -0
- package/dist/utils/validation.d.ts.map +1 -1
- package/dist/utils/validation.js +124 -0
- package/dist/utils/validation.js.map +1 -1
- package/package.json +10 -11
package/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2025-2026 Panguard AI Team
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/dist/index.d.ts
CHANGED
|
@@ -10,8 +10,8 @@
|
|
|
10
10
|
*/
|
|
11
11
|
export type { Language, Severity, EventSource, BaseConfig, SecurityEvent, LogEntry, } from './types.js';
|
|
12
12
|
export { initI18n, getI18n, changeLanguage, t, resetI18n } from './i18n/index.js';
|
|
13
|
-
export { createLogger, setLogLevel, validateInput, sanitizeString, validateFilePath, } from './utils/index.js';
|
|
14
|
-
export type { Logger } from './utils/index.js';
|
|
13
|
+
export { createLogger, setLogLevel, validateInput, tryValidateInput, sanitizeString, validateFilePath, sanitizeFilename, isPathWithinDir, ClientIdSchema, ISODateSchema, PaginationLimitSchema, ReputationSchema, RiskLevelSchema, ThreatDataSchema, RulePublishSchema, ATRProposalSchema, ATRFeedbackSchema, SkillThreatSchema, SkillWhitelistItemSchema, SkillWhitelistSchema, } from './utils/index.js';
|
|
14
|
+
export type { Logger, ThreatDataInput, RulePublishInput, ATRProposalInput, ATRFeedbackInput, SkillThreatInput, SkillWhitelistInput, } from './utils/index.js';
|
|
15
15
|
export { DISCOVERY_VERSION, detectOS, getNetworkInterfaces, scanOpenPorts, getActiveConnections, getGateway, getDnsServers, getDnsServersAsync, detectServices, detectSecurityTools, checkFirewall, auditUsers, calculateRiskScore, getRiskLevel, OsqueryProvider, createOsqueryProvider, } from './discovery/index.js';
|
|
16
16
|
export type { DiscoveryConfig, OSInfo, NetworkInterface, PortInfo, ActiveConnection, NetworkInfo, ServiceInfo, SecurityToolType, SecurityTool, FirewallRule, FirewallStatus, UpdateStatus, UserInfo, RiskFactor, DiscoveryResult, OsqueryProcess, OsqueryListeningPort, OsqueryLoggedInUser, } from './discovery/index.js';
|
|
17
17
|
export { RULES_VERSION, RuleEngine, parseSigmaYaml, parseSigmaFile, matchEvent, matchEventAgainstRules, loadRulesFromDirectory, watchRulesDirectory, YaraScanner, } from './rules/index.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,WAAW,EACX,UAAU,EACV,aAAa,EACb,QAAQ,GACT,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGlF,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,cAAc,EACd,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,YAAY,EACV,QAAQ,EACR,QAAQ,EACR,WAAW,EACX,UAAU,EACV,aAAa,EACb,QAAQ,GACT,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGlF,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,MAAM,EACN,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,iBAAiB,EACjB,QAAQ,EACR,oBAAoB,EACpB,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,eAAe,EACf,MAAM,EACN,gBAAgB,EAChB,QAAQ,EACR,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,aAAa,EACb,UAAU,EACV,cAAc,EACd,cAAc,EACd,UAAU,EACV,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,WAAW,GACZ,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,cAAc,EACd,cAAc,EACd,SAAS,EACT,SAAS,EACT,gBAAgB,EAChB,SAAS,EACT,cAAc,GACf,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,eAAe,EACf,aAAa,EACb,UAAU,EACV,cAAc,EACd,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,GAAG,EACH,UAAU,EACV,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,GACb,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,WAAW,EACX,qBAAqB,EACrB,UAAU,EACV,WAAW,EACX,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AACvB,YAAY,EACV,SAAS,EACT,WAAW,EACX,eAAe,EACf,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,WAAW,EACX,iBAAiB,EACjB,aAAa,GACd,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,EACf,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,aAAa,EACb,YAAY,EACZ,eAAe,EACf,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/F,YAAY,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAG7C,OAAO,EACL,CAAC,EACD,aAAa,EACb,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,WAAW,EACX,KAAK,EACL,GAAG,EACH,MAAM,EACN,MAAM,EACN,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,SAAS,EACT,cAAc,EACd,OAAO,EACP,MAAM,EACN,YAAY,EACZ,UAAU,EACV,aAAa,EACb,YAAY,GACb,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACV,kBAAkB,EAClB,WAAW,EACX,UAAU,EACV,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,UAAU,EACV,aAAa,EACb,UAAU,EACV,aAAa,GACd,MAAM,gBAAgB,CAAC;AAMxB,oCAAoC;AACpC,eAAO,MAAM,YAAY,EAAE,MAAqB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
// i18n / 國際化
|
|
12
12
|
export { initI18n, getI18n, changeLanguage, t, resetI18n } from './i18n/index.js';
|
|
13
13
|
// Utils / 工具函式
|
|
14
|
-
export { createLogger, setLogLevel, validateInput, sanitizeString, validateFilePath, } from './utils/index.js';
|
|
14
|
+
export { createLogger, setLogLevel, validateInput, tryValidateInput, sanitizeString, validateFilePath, sanitizeFilename, isPathWithinDir, ClientIdSchema, ISODateSchema, PaginationLimitSchema, ReputationSchema, RiskLevelSchema, ThreatDataSchema, RulePublishSchema, ATRProposalSchema, ATRFeedbackSchema, SkillThreatSchema, SkillWhitelistItemSchema, SkillWhitelistSchema, } from './utils/index.js';
|
|
15
15
|
// Discovery engine / 偵察引擎
|
|
16
16
|
export { DISCOVERY_VERSION, detectOS, getNetworkInterfaces, scanOpenPorts, getActiveConnections, getGateway, getDnsServers, getDnsServersAsync, detectServices, detectSecurityTools, checkFirewall, auditUsers, calculateRiskScore, getRiskLevel, OsqueryProvider, createOsqueryProvider, } from './discovery/index.js';
|
|
17
17
|
// Rules engine / 規則引擎
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH,aAAa;AACb,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAElF,eAAe;AACf,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,cAAc,EACd,gBAAgB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH,aAAa;AACb,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAElF,eAAe;AACf,OAAO,EACL,YAAY,EACZ,WAAW,EACX,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAW1B,0BAA0B;AAC1B,OAAO,EACL,iBAAiB,EACjB,QAAQ,EACR,oBAAoB,EACpB,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,YAAY,EACZ,eAAe,EACf,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAsB9B,sBAAsB;AACtB,OAAO,EACL,aAAa,EACb,UAAU,EACV,cAAc,EACd,cAAc,EACd,UAAU,EACV,sBAAsB,EACtB,sBAAsB,EACtB,mBAAmB,EACnB,WAAW,GACZ,MAAM,kBAAkB,CAAC;AAW1B,wBAAwB;AACxB,OAAO,EACL,eAAe,EACf,aAAa,EACb,UAAU,EACV,cAAc,EACd,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAa5B,iBAAiB;AACjB,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,EAClB,YAAY,GACb,MAAM,oBAAoB,CAAC;AAU5B,iCAAiC;AACjC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,cAAc,EACd,kBAAkB,GACnB,MAAM,eAAe,CAAC;AAevB,iBAAiB;AACjB,OAAO,EACL,gBAAgB,EAChB,WAAW,EACX,WAAW,EACX,cAAc,EACd,eAAe,EACf,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAQ7B,eAAe;AACf,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/F,yBAAyB;AACzB,OAAO,EACL,CAAC,EACD,aAAa,EACb,UAAU,EACV,UAAU,EACV,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,WAAW,EACX,KAAK,EACL,GAAG,EACH,MAAM,EACN,MAAM,EACN,OAAO,EACP,OAAO,EACP,YAAY,EACZ,WAAW,EACX,SAAS,EACT,cAAc,EACd,OAAO,EACP,MAAM,EACN,YAAY,EACZ,UAAU,EACV,aAAa,EACb,YAAY,GACb,MAAM,gBAAgB,CAAC;AAcxB,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,iBAAiB,CAAwB,CAAC;AAEhE,oCAAoC;AACpC,MAAM,CAAC,MAAM,YAAY,GAAW,IAAI,CAAC,OAAO,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -15,7 +15,7 @@ export type Severity = 'info' | 'low' | 'medium' | 'high' | 'critical';
|
|
|
15
15
|
/**
|
|
16
16
|
* Security event source types / 安全事件來源類型
|
|
17
17
|
*/
|
|
18
|
-
export type EventSource = 'windows_event' | 'syslog' | 'authlog' | 'journald' | 'network' | 'process' | 'file' | 'falco' | 'suricata' | 'honeypot' | 'dpi' | 'memory_scanner' | 'syscall' | 'agent_input' | 'agent_output' | 'agent_behavior' | 'llm_input' | 'llm_output' | 'tool_call' | 'tool_response' | 'function_call' | 'mcp_response' | 'multi_agent';
|
|
18
|
+
export type EventSource = 'windows_event' | 'syslog' | 'authlog' | 'journald' | 'network' | 'process' | 'file' | 'falco' | 'suricata' | 'honeypot' | 'dpi' | 'memory_scanner' | 'syscall' | 'agent_input' | 'agent_output' | 'agent_behavior' | 'llm_input' | 'llm_output' | 'tool_call' | 'tool_response' | 'function_call' | 'mcp_response' | 'multi_agent' | 'git';
|
|
19
19
|
/**
|
|
20
20
|
* Base application configuration / 基礎應用程式配置
|
|
21
21
|
*/
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,QAAQ,GACR,SAAS,GACT,UAAU,GACV,SAAS,GACT,SAAS,GACT,MAAM,GACN,OAAO,GACP,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,SAAS,GACT,aAAa,GACb,cAAc,GACd,gBAAgB,GAChB,WAAW,GACX,YAAY,GACZ,WAAW,GACX,eAAe,GACf,eAAe,GACf,cAAc,GACd,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAEvE;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,eAAe,GACf,QAAQ,GACR,SAAS,GACT,UAAU,GACV,SAAS,GACT,SAAS,GACT,MAAM,GACN,OAAO,GACP,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,SAAS,GACT,aAAa,GACb,cAAc,GACd,gBAAgB,GAChB,WAAW,GACX,YAAY,GACZ,WAAW,GACX,eAAe,GACf,eAAe,GACf,cAAc,GACd,aAAa,GACb,KAAK,CAAC;AAEV;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,kCAAkC;IAClC,QAAQ,EAAE,QAAQ,CAAC;IACnB,wBAAwB;IACxB,KAAK,EAAE,OAAO,CAAC;IACf,uBAAuB;IACvB,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;CAC/C;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC;IACX,8BAA8B;IAC9B,SAAS,EAAE,IAAI,CAAC;IAChB,iCAAiC;IACjC,MAAM,EAAE,WAAW,CAAC;IACpB,4BAA4B;IAC5B,QAAQ,EAAE,QAAQ,CAAC;IACnB,8CAA8C;IAC9C,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,8BAA8B;IAC9B,GAAG,EAAE,OAAO,CAAC;IACb,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB;IACvB,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;IAC3C,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC"}
|
package/dist/utils/index.d.ts
CHANGED
|
@@ -6,5 +6,6 @@
|
|
|
6
6
|
*/
|
|
7
7
|
export { createLogger, setLogLevel } from './logger.js';
|
|
8
8
|
export type { Logger } from './logger.js';
|
|
9
|
-
export { validateInput, sanitizeString, validateFilePath } from './validation.js';
|
|
9
|
+
export { validateInput, tryValidateInput, sanitizeString, validateFilePath, sanitizeFilename, isPathWithinDir, ClientIdSchema, ISODateSchema, PaginationLimitSchema, ReputationSchema, RiskLevelSchema, ThreatDataSchema, RulePublishSchema, ATRProposalSchema, ATRFeedbackSchema, SkillThreatSchema, SkillWhitelistItemSchema, SkillWhitelistSchema, } from './validation.js';
|
|
10
|
+
export type { ThreatDataInput, RulePublishInput, ATRProposalInput, ATRFeedbackInput, SkillThreatInput, SkillWhitelistInput, } from './validation.js';
|
|
10
11
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxD,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACxD,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC;AACzB,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC"}
|
package/dist/utils/index.js
CHANGED
|
@@ -5,5 +5,5 @@
|
|
|
5
5
|
* @module @panguard-ai/core/utils
|
|
6
6
|
*/
|
|
7
7
|
export { createLogger, setLogLevel } from './logger.js';
|
|
8
|
-
export { validateInput, sanitizeString, validateFilePath } from './validation.js';
|
|
8
|
+
export { validateInput, tryValidateInput, sanitizeString, validateFilePath, sanitizeFilename, isPathWithinDir, ClientIdSchema, ISODateSchema, PaginationLimitSchema, ReputationSchema, RiskLevelSchema, ThreatDataSchema, RulePublishSchema, ATRProposalSchema, ATRFeedbackSchema, SkillThreatSchema, SkillWhitelistItemSchema, SkillWhitelistSchema, } from './validation.js';
|
|
9
9
|
//# sourceMappingURL=index.js.map
|
package/dist/utils/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,iBAAiB,EACjB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,iBAAiB,CAAC"}
|
|
@@ -15,6 +15,203 @@ import { z } from 'zod';
|
|
|
15
15
|
* @throws Error if validation fails / 驗證失敗時拋出錯誤
|
|
16
16
|
*/
|
|
17
17
|
export declare function validateInput<T>(schema: z.ZodSchema<T>, data: unknown): T;
|
|
18
|
+
/**
|
|
19
|
+
* Try to validate input, returning a result object instead of throwing.
|
|
20
|
+
* 嘗試驗證輸入,回傳結果物件而非拋出錯誤。
|
|
21
|
+
*/
|
|
22
|
+
export declare function tryValidateInput<T>(schema: z.ZodSchema<T>, data: unknown): {
|
|
23
|
+
ok: true;
|
|
24
|
+
data: T;
|
|
25
|
+
} | {
|
|
26
|
+
ok: false;
|
|
27
|
+
error: string;
|
|
28
|
+
};
|
|
29
|
+
/** Client ID from x-panguard-client-id header (alphanumeric + dash/underscore, 1-64 chars) */
|
|
30
|
+
export declare const ClientIdSchema: z.ZodString;
|
|
31
|
+
/** ISO 8601 date string (YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS) */
|
|
32
|
+
export declare const ISODateSchema: z.ZodString;
|
|
33
|
+
/** Pagination limit (positive integer, clamped to max) */
|
|
34
|
+
export declare const PaginationLimitSchema: z.ZodDefault<z.ZodNumber>;
|
|
35
|
+
/** Reputation score for blocklist feeds */
|
|
36
|
+
export declare const ReputationSchema: z.ZodDefault<z.ZodNumber>;
|
|
37
|
+
/** Risk level enum */
|
|
38
|
+
export declare const RiskLevelSchema: z.ZodEnum<["LOW", "MEDIUM", "HIGH", "CRITICAL"]>;
|
|
39
|
+
/** POST /api/threats */
|
|
40
|
+
export declare const ThreatDataSchema: z.ZodObject<{
|
|
41
|
+
attackSourceIP: z.ZodString;
|
|
42
|
+
attackType: z.ZodString;
|
|
43
|
+
mitreTechnique: z.ZodString;
|
|
44
|
+
sigmaRuleMatched: z.ZodString;
|
|
45
|
+
timestamp: z.ZodString;
|
|
46
|
+
industry: z.ZodOptional<z.ZodString>;
|
|
47
|
+
region: z.ZodString;
|
|
48
|
+
}, "strip", z.ZodTypeAny, {
|
|
49
|
+
attackSourceIP: string;
|
|
50
|
+
attackType: string;
|
|
51
|
+
mitreTechnique: string;
|
|
52
|
+
sigmaRuleMatched: string;
|
|
53
|
+
timestamp: string;
|
|
54
|
+
region: string;
|
|
55
|
+
industry?: string | undefined;
|
|
56
|
+
}, {
|
|
57
|
+
attackSourceIP: string;
|
|
58
|
+
attackType: string;
|
|
59
|
+
mitreTechnique: string;
|
|
60
|
+
sigmaRuleMatched: string;
|
|
61
|
+
timestamp: string;
|
|
62
|
+
region: string;
|
|
63
|
+
industry?: string | undefined;
|
|
64
|
+
}>;
|
|
65
|
+
export type ThreatDataInput = z.infer<typeof ThreatDataSchema>;
|
|
66
|
+
/** POST /api/rules */
|
|
67
|
+
export declare const RulePublishSchema: z.ZodObject<{
|
|
68
|
+
ruleId: z.ZodString;
|
|
69
|
+
ruleContent: z.ZodString;
|
|
70
|
+
source: z.ZodString;
|
|
71
|
+
publishedAt: z.ZodOptional<z.ZodString>;
|
|
72
|
+
category: z.ZodOptional<z.ZodString>;
|
|
73
|
+
severity: z.ZodOptional<z.ZodString>;
|
|
74
|
+
mitreTechniques: z.ZodOptional<z.ZodString>;
|
|
75
|
+
tags: z.ZodOptional<z.ZodString>;
|
|
76
|
+
}, "strip", z.ZodTypeAny, {
|
|
77
|
+
ruleId: string;
|
|
78
|
+
ruleContent: string;
|
|
79
|
+
source: string;
|
|
80
|
+
publishedAt?: string | undefined;
|
|
81
|
+
category?: string | undefined;
|
|
82
|
+
severity?: string | undefined;
|
|
83
|
+
mitreTechniques?: string | undefined;
|
|
84
|
+
tags?: string | undefined;
|
|
85
|
+
}, {
|
|
86
|
+
ruleId: string;
|
|
87
|
+
ruleContent: string;
|
|
88
|
+
source: string;
|
|
89
|
+
publishedAt?: string | undefined;
|
|
90
|
+
category?: string | undefined;
|
|
91
|
+
severity?: string | undefined;
|
|
92
|
+
mitreTechniques?: string | undefined;
|
|
93
|
+
tags?: string | undefined;
|
|
94
|
+
}>;
|
|
95
|
+
export type RulePublishInput = z.infer<typeof RulePublishSchema>;
|
|
96
|
+
/** POST /api/atr-proposals */
|
|
97
|
+
export declare const ATRProposalSchema: z.ZodObject<{
|
|
98
|
+
patternHash: z.ZodString;
|
|
99
|
+
ruleContent: z.ZodString;
|
|
100
|
+
llmProvider: z.ZodString;
|
|
101
|
+
llmModel: z.ZodString;
|
|
102
|
+
selfReviewVerdict: z.ZodString;
|
|
103
|
+
}, "strip", z.ZodTypeAny, {
|
|
104
|
+
ruleContent: string;
|
|
105
|
+
patternHash: string;
|
|
106
|
+
llmProvider: string;
|
|
107
|
+
llmModel: string;
|
|
108
|
+
selfReviewVerdict: string;
|
|
109
|
+
}, {
|
|
110
|
+
ruleContent: string;
|
|
111
|
+
patternHash: string;
|
|
112
|
+
llmProvider: string;
|
|
113
|
+
llmModel: string;
|
|
114
|
+
selfReviewVerdict: string;
|
|
115
|
+
}>;
|
|
116
|
+
export type ATRProposalInput = z.infer<typeof ATRProposalSchema>;
|
|
117
|
+
/** POST /api/atr-feedback */
|
|
118
|
+
export declare const ATRFeedbackSchema: z.ZodObject<{
|
|
119
|
+
ruleId: z.ZodString;
|
|
120
|
+
isTruePositive: z.ZodBoolean;
|
|
121
|
+
}, "strip", z.ZodTypeAny, {
|
|
122
|
+
ruleId: string;
|
|
123
|
+
isTruePositive: boolean;
|
|
124
|
+
}, {
|
|
125
|
+
ruleId: string;
|
|
126
|
+
isTruePositive: boolean;
|
|
127
|
+
}>;
|
|
128
|
+
export type ATRFeedbackInput = z.infer<typeof ATRFeedbackSchema>;
|
|
129
|
+
/** POST /api/skill-threats */
|
|
130
|
+
export declare const SkillThreatSchema: z.ZodObject<{
|
|
131
|
+
skillHash: z.ZodString;
|
|
132
|
+
skillName: z.ZodString;
|
|
133
|
+
riskScore: z.ZodNumber;
|
|
134
|
+
riskLevel: z.ZodEnum<["LOW", "MEDIUM", "HIGH", "CRITICAL"]>;
|
|
135
|
+
findingSummaries: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
136
|
+
id: z.ZodString;
|
|
137
|
+
category: z.ZodString;
|
|
138
|
+
severity: z.ZodString;
|
|
139
|
+
title: z.ZodString;
|
|
140
|
+
}, "strip", z.ZodTypeAny, {
|
|
141
|
+
category: string;
|
|
142
|
+
severity: string;
|
|
143
|
+
id: string;
|
|
144
|
+
title: string;
|
|
145
|
+
}, {
|
|
146
|
+
category: string;
|
|
147
|
+
severity: string;
|
|
148
|
+
id: string;
|
|
149
|
+
title: string;
|
|
150
|
+
}>, "many">>;
|
|
151
|
+
}, "strip", z.ZodTypeAny, {
|
|
152
|
+
skillHash: string;
|
|
153
|
+
skillName: string;
|
|
154
|
+
riskScore: number;
|
|
155
|
+
riskLevel: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL";
|
|
156
|
+
findingSummaries?: {
|
|
157
|
+
category: string;
|
|
158
|
+
severity: string;
|
|
159
|
+
id: string;
|
|
160
|
+
title: string;
|
|
161
|
+
}[] | undefined;
|
|
162
|
+
}, {
|
|
163
|
+
skillHash: string;
|
|
164
|
+
skillName: string;
|
|
165
|
+
riskScore: number;
|
|
166
|
+
riskLevel: "LOW" | "MEDIUM" | "HIGH" | "CRITICAL";
|
|
167
|
+
findingSummaries?: {
|
|
168
|
+
category: string;
|
|
169
|
+
severity: string;
|
|
170
|
+
id: string;
|
|
171
|
+
title: string;
|
|
172
|
+
}[] | undefined;
|
|
173
|
+
}>;
|
|
174
|
+
export type SkillThreatInput = z.infer<typeof SkillThreatSchema>;
|
|
175
|
+
/** POST /api/skill-whitelist (single or batch) */
|
|
176
|
+
export declare const SkillWhitelistItemSchema: z.ZodObject<{
|
|
177
|
+
skillName: z.ZodString;
|
|
178
|
+
fingerprintHash: z.ZodOptional<z.ZodString>;
|
|
179
|
+
}, "strip", z.ZodTypeAny, {
|
|
180
|
+
skillName: string;
|
|
181
|
+
fingerprintHash?: string | undefined;
|
|
182
|
+
}, {
|
|
183
|
+
skillName: string;
|
|
184
|
+
fingerprintHash?: string | undefined;
|
|
185
|
+
}>;
|
|
186
|
+
export declare const SkillWhitelistSchema: z.ZodObject<{
|
|
187
|
+
skillName: z.ZodOptional<z.ZodString>;
|
|
188
|
+
fingerprintHash: z.ZodOptional<z.ZodString>;
|
|
189
|
+
skills: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
190
|
+
skillName: z.ZodString;
|
|
191
|
+
fingerprintHash: z.ZodOptional<z.ZodString>;
|
|
192
|
+
}, "strip", z.ZodTypeAny, {
|
|
193
|
+
skillName: string;
|
|
194
|
+
fingerprintHash?: string | undefined;
|
|
195
|
+
}, {
|
|
196
|
+
skillName: string;
|
|
197
|
+
fingerprintHash?: string | undefined;
|
|
198
|
+
}>, "many">>;
|
|
199
|
+
}, "strip", z.ZodTypeAny, {
|
|
200
|
+
skillName?: string | undefined;
|
|
201
|
+
fingerprintHash?: string | undefined;
|
|
202
|
+
skills?: {
|
|
203
|
+
skillName: string;
|
|
204
|
+
fingerprintHash?: string | undefined;
|
|
205
|
+
}[] | undefined;
|
|
206
|
+
}, {
|
|
207
|
+
skillName?: string | undefined;
|
|
208
|
+
fingerprintHash?: string | undefined;
|
|
209
|
+
skills?: {
|
|
210
|
+
skillName: string;
|
|
211
|
+
fingerprintHash?: string | undefined;
|
|
212
|
+
}[] | undefined;
|
|
213
|
+
}>;
|
|
214
|
+
export type SkillWhitelistInput = z.infer<typeof SkillWhitelistSchema>;
|
|
18
215
|
/**
|
|
19
216
|
* Sanitize a string by removing potentially dangerous characters
|
|
20
217
|
* 清理字串,移除潛在危險字元
|
|
@@ -32,4 +229,22 @@ export declare function sanitizeString(input: string): string;
|
|
|
32
229
|
* @throws Error if path contains traversal patterns / 路徑包含遍歷模式時拋出錯誤
|
|
33
230
|
*/
|
|
34
231
|
export declare function validateFilePath(filePath: string): string;
|
|
232
|
+
/**
|
|
233
|
+
* Sanitize a filename to prevent path traversal attacks.
|
|
234
|
+
* Strips path separators and allows only safe characters.
|
|
235
|
+
* 清理檔案名稱以防止路徑穿越攻擊。
|
|
236
|
+
*
|
|
237
|
+
* @param filename - Raw filename (potentially from external source)
|
|
238
|
+
* @returns Safe filename with only alphanumeric, dash, underscore, and dot characters
|
|
239
|
+
*/
|
|
240
|
+
export declare function sanitizeFilename(filename: string): string;
|
|
241
|
+
/**
|
|
242
|
+
* Validate that a resolved file path stays within a given base directory.
|
|
243
|
+
* 驗證解析後的檔案路徑仍在指定基準目錄內。
|
|
244
|
+
*
|
|
245
|
+
* @param filePath - The file path to check
|
|
246
|
+
* @param baseDir - The directory it must stay within
|
|
247
|
+
* @returns true if path is within baseDir
|
|
248
|
+
*/
|
|
249
|
+
export declare function isPathWithinDir(filePath: string, baseDir: string): boolean;
|
|
35
250
|
//# sourceMappingURL=validation.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,CAOzE;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAChC,MAAM,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EACtB,IAAI,EAAE,OAAO,GACZ;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAOtD;AAID,8FAA8F;AAC9F,eAAO,MAAM,cAAc,aAEwE,CAAC;AAEpG,+DAA+D;AAC/D,eAAO,MAAM,aAAa,aAEoD,CAAC;AAE/E,0DAA0D;AAC1D,eAAO,MAAM,qBAAqB,2BAAyD,CAAC;AAE5F,2CAA2C;AAC3C,eAAO,MAAM,gBAAgB,2BAAgD,CAAC;AAE9E,sBAAsB;AACtB,eAAO,MAAM,eAAe,kDAAgD,CAAC;AAI7E,wBAAwB;AACxB,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;EAQ3B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE/D,sBAAsB;AACtB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;EAY5B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAEjE,8BAA8B;AAC9B,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;EAM5B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAEjE,6BAA6B;AAC7B,eAAO,MAAM,iBAAiB;;;;;;;;;EAG5B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAEjE,8BAA8B;AAC9B,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAe5B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAEjE,kDAAkD;AAClD,eAAO,MAAM,wBAAwB;;;;;;;;;EAGnC,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;EAI/B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAEvE;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAMpD;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CASzD;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAUzD;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAI1E"}
|
package/dist/utils/validation.js
CHANGED
|
@@ -4,6 +4,8 @@
|
|
|
4
4
|
*
|
|
5
5
|
* @module @panguard-ai/core/utils/validation
|
|
6
6
|
*/
|
|
7
|
+
import { z } from 'zod';
|
|
8
|
+
import { resolve } from 'node:path';
|
|
7
9
|
/**
|
|
8
10
|
* Validate input data against a Zod schema
|
|
9
11
|
* 使用 Zod schema 驗證輸入資料
|
|
@@ -21,6 +23,96 @@ export function validateInput(schema, data) {
|
|
|
21
23
|
}
|
|
22
24
|
return result.data;
|
|
23
25
|
}
|
|
26
|
+
/**
|
|
27
|
+
* Try to validate input, returning a result object instead of throwing.
|
|
28
|
+
* 嘗試驗證輸入,回傳結果物件而非拋出錯誤。
|
|
29
|
+
*/
|
|
30
|
+
export function tryValidateInput(schema, data) {
|
|
31
|
+
const result = schema.safeParse(data);
|
|
32
|
+
if (!result.success) {
|
|
33
|
+
const messages = result.error.errors.map((e) => `${e.path.join('.')}: ${e.message}`).join('; ');
|
|
34
|
+
return { ok: false, error: messages };
|
|
35
|
+
}
|
|
36
|
+
return { ok: true, data: result.data };
|
|
37
|
+
}
|
|
38
|
+
// -- Common field schemas --
|
|
39
|
+
/** Client ID from x-panguard-client-id header (alphanumeric + dash/underscore, 1-64 chars) */
|
|
40
|
+
export const ClientIdSchema = z
|
|
41
|
+
.string()
|
|
42
|
+
.regex(/^[a-zA-Z0-9_-]{1,64}$/, 'Client ID must be 1-64 alphanumeric/dash/underscore characters');
|
|
43
|
+
/** ISO 8601 date string (YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS) */
|
|
44
|
+
export const ISODateSchema = z
|
|
45
|
+
.string()
|
|
46
|
+
.regex(/^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2})?/, 'Must be ISO 8601 format');
|
|
47
|
+
/** Pagination limit (positive integer, clamped to max) */
|
|
48
|
+
export const PaginationLimitSchema = z.coerce.number().int().min(1).max(5000).default(1000);
|
|
49
|
+
/** Reputation score for blocklist feeds */
|
|
50
|
+
export const ReputationSchema = z.coerce.number().min(0).max(100).default(70);
|
|
51
|
+
/** Risk level enum */
|
|
52
|
+
export const RiskLevelSchema = z.enum(['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']);
|
|
53
|
+
// -- API request body schemas --
|
|
54
|
+
/** POST /api/threats */
|
|
55
|
+
export const ThreatDataSchema = z.object({
|
|
56
|
+
attackSourceIP: z.string().min(1, 'attackSourceIP is required'),
|
|
57
|
+
attackType: z.string().min(1, 'attackType is required'),
|
|
58
|
+
mitreTechnique: z.string().min(1, 'mitreTechnique is required'),
|
|
59
|
+
sigmaRuleMatched: z.string().min(1, 'sigmaRuleMatched is required'),
|
|
60
|
+
timestamp: z.string().min(1, 'timestamp is required'),
|
|
61
|
+
industry: z.string().optional(),
|
|
62
|
+
region: z.string().min(1, 'region is required'),
|
|
63
|
+
});
|
|
64
|
+
/** POST /api/rules */
|
|
65
|
+
export const RulePublishSchema = z.object({
|
|
66
|
+
ruleId: z.string().min(1, 'ruleId is required').max(256, 'ruleId exceeds maximum length of 256'),
|
|
67
|
+
ruleContent: z
|
|
68
|
+
.string()
|
|
69
|
+
.min(1, 'ruleContent is required')
|
|
70
|
+
.max(65_536, 'ruleContent exceeds maximum size of 64KB'),
|
|
71
|
+
source: z.string().min(1, 'source is required'),
|
|
72
|
+
publishedAt: z.string().optional(),
|
|
73
|
+
category: z.string().optional(),
|
|
74
|
+
severity: z.string().optional(),
|
|
75
|
+
mitreTechniques: z.string().optional(),
|
|
76
|
+
tags: z.string().optional(),
|
|
77
|
+
});
|
|
78
|
+
/** POST /api/atr-proposals */
|
|
79
|
+
export const ATRProposalSchema = z.object({
|
|
80
|
+
patternHash: z.string().min(1, 'patternHash is required'),
|
|
81
|
+
ruleContent: z.string().min(1, 'ruleContent is required'),
|
|
82
|
+
llmProvider: z.string().min(1, 'llmProvider is required'),
|
|
83
|
+
llmModel: z.string().min(1, 'llmModel is required'),
|
|
84
|
+
selfReviewVerdict: z.string().min(1, 'selfReviewVerdict is required'),
|
|
85
|
+
});
|
|
86
|
+
/** POST /api/atr-feedback */
|
|
87
|
+
export const ATRFeedbackSchema = z.object({
|
|
88
|
+
ruleId: z.string().min(1, 'ruleId is required'),
|
|
89
|
+
isTruePositive: z.boolean({ required_error: 'isTruePositive must be a boolean' }),
|
|
90
|
+
});
|
|
91
|
+
/** POST /api/skill-threats */
|
|
92
|
+
export const SkillThreatSchema = z.object({
|
|
93
|
+
skillHash: z.string().min(1, 'skillHash is required'),
|
|
94
|
+
skillName: z.string().min(1, 'skillName is required'),
|
|
95
|
+
riskScore: z.number().min(0).max(100, 'riskScore must be between 0 and 100'),
|
|
96
|
+
riskLevel: RiskLevelSchema,
|
|
97
|
+
findingSummaries: z
|
|
98
|
+
.array(z.object({
|
|
99
|
+
id: z.string(),
|
|
100
|
+
category: z.string(),
|
|
101
|
+
severity: z.string(),
|
|
102
|
+
title: z.string(),
|
|
103
|
+
}))
|
|
104
|
+
.optional(),
|
|
105
|
+
});
|
|
106
|
+
/** POST /api/skill-whitelist (single or batch) */
|
|
107
|
+
export const SkillWhitelistItemSchema = z.object({
|
|
108
|
+
skillName: z.string().min(1, 'skillName is required'),
|
|
109
|
+
fingerprintHash: z.string().optional(),
|
|
110
|
+
});
|
|
111
|
+
export const SkillWhitelistSchema = z.object({
|
|
112
|
+
skillName: z.string().min(1).optional(),
|
|
113
|
+
fingerprintHash: z.string().optional(),
|
|
114
|
+
skills: z.array(SkillWhitelistItemSchema).optional(),
|
|
115
|
+
});
|
|
24
116
|
/**
|
|
25
117
|
* Sanitize a string by removing potentially dangerous characters
|
|
26
118
|
* 清理字串,移除潛在危險字元
|
|
@@ -53,4 +145,36 @@ export function validateFilePath(filePath) {
|
|
|
53
145
|
}
|
|
54
146
|
return normalized;
|
|
55
147
|
}
|
|
148
|
+
/**
|
|
149
|
+
* Sanitize a filename to prevent path traversal attacks.
|
|
150
|
+
* Strips path separators and allows only safe characters.
|
|
151
|
+
* 清理檔案名稱以防止路徑穿越攻擊。
|
|
152
|
+
*
|
|
153
|
+
* @param filename - Raw filename (potentially from external source)
|
|
154
|
+
* @returns Safe filename with only alphanumeric, dash, underscore, and dot characters
|
|
155
|
+
*/
|
|
156
|
+
export function sanitizeFilename(filename) {
|
|
157
|
+
// Extract basename (strip any directory components)
|
|
158
|
+
const base = filename.split(/[/\\]/).pop() ?? 'unknown';
|
|
159
|
+
// Allow only safe characters: alphanumeric, dash, underscore, dot
|
|
160
|
+
const sanitized = base.replace(/[^a-zA-Z0-9_.-]/g, '_');
|
|
161
|
+
// Prevent empty or dot-only filenames
|
|
162
|
+
if (!sanitized || sanitized === '.' || sanitized === '..') {
|
|
163
|
+
return 'unknown';
|
|
164
|
+
}
|
|
165
|
+
return sanitized;
|
|
166
|
+
}
|
|
167
|
+
/**
|
|
168
|
+
* Validate that a resolved file path stays within a given base directory.
|
|
169
|
+
* 驗證解析後的檔案路徑仍在指定基準目錄內。
|
|
170
|
+
*
|
|
171
|
+
* @param filePath - The file path to check
|
|
172
|
+
* @param baseDir - The directory it must stay within
|
|
173
|
+
* @returns true if path is within baseDir
|
|
174
|
+
*/
|
|
175
|
+
export function isPathWithinDir(filePath, baseDir) {
|
|
176
|
+
const resolved = resolve(filePath);
|
|
177
|
+
const resolvedBase = resolve(baseDir);
|
|
178
|
+
return resolved.startsWith(resolvedBase + '/') || resolved === resolvedBase;
|
|
179
|
+
}
|
|
56
180
|
//# sourceMappingURL=validation.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;
|
|
1
|
+
{"version":3,"file":"validation.js","sourceRoot":"","sources":["../../src/utils/validation.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC;;;;;;;;GAQG;AACH,MAAM,UAAU,aAAa,CAAI,MAAsB,EAAE,IAAa;IACpE,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChG,MAAM,IAAI,KAAK,CAAC,sBAAsB,QAAQ,EAAE,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAsB,EACtB,IAAa;IAEb,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChG,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACxC,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC;AACzC,CAAC;AAED,6BAA6B;AAE7B,8FAA8F;AAC9F,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC;KAC5B,MAAM,EAAE;KACR,KAAK,CAAC,uBAAuB,EAAE,gEAAgE,CAAC,CAAC;AAEpG,+DAA+D;AAC/D,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC;KAC3B,MAAM,EAAE;KACR,KAAK,CAAC,yCAAyC,EAAE,yBAAyB,CAAC,CAAC;AAE/E,0DAA0D;AAC1D,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;AAE5F,2CAA2C;AAC3C,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;AAE9E,sBAAsB;AACtB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC;AAE7E,iCAAiC;AAEjC,wBAAwB;AACxB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,4BAA4B,CAAC;IAC/D,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,4BAA4B,CAAC;IAC/D,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,8BAA8B,CAAC;IACnE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC;CAChD,CAAC,CAAC;AAGH,sBAAsB;AACtB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,sCAAsC,CAAC;IAChG,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;SACjC,GAAG,CAAC,MAAM,EAAE,0CAA0C,CAAC;IAC1D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC;IAC/C,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC5B,CAAC,CAAC;AAGH,8BAA8B;AAC9B,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;IACzD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;IACzD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;IACzD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,sBAAsB,CAAC;IACnD,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;CACtE,CAAC,CAAC;AAGH,6BAA6B;AAC7B,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oBAAoB,CAAC;IAC/C,cAAc,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,kCAAkC,EAAE,CAAC;CAClF,CAAC,CAAC;AAGH,8BAA8B;AAC9B,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,qCAAqC,CAAC;IAC5E,SAAS,EAAE,eAAe;IAC1B,gBAAgB,EAAE,CAAC;SAChB,KAAK,CACJ,CAAC,CAAC,MAAM,CAAC;QACP,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;QACpB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;KAClB,CAAC,CACH;SACA,QAAQ,EAAE;CACd,CAAC,CAAC;AAGH,kDAAkD;AAClD,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAGH;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,KAAa;IAC1C,OAAO,KAAK;SACT,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;SACpB,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC;SAC5B,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;SACvB,IAAI,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IACD,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,oDAAoD;IACpD,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC;IACxD,kEAAkE;IAClE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAC;IACxD,sCAAsC;IACtC,IAAI,CAAC,SAAS,IAAI,SAAS,KAAK,GAAG,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QAC1D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,OAAe;IAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC,UAAU,CAAC,YAAY,GAAG,GAAG,CAAC,IAAI,QAAQ,KAAK,YAAY,CAAC;AAC9E,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@panguard-ai/core",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -29,21 +29,13 @@
|
|
|
29
29
|
"access": "public"
|
|
30
30
|
},
|
|
31
31
|
"engines": {
|
|
32
|
-
"node": ">=
|
|
32
|
+
"node": ">=20.0.0"
|
|
33
33
|
},
|
|
34
34
|
"files": [
|
|
35
35
|
"dist",
|
|
36
36
|
"package.json",
|
|
37
37
|
"README.md"
|
|
38
38
|
],
|
|
39
|
-
"scripts": {
|
|
40
|
-
"build": "tsc --build",
|
|
41
|
-
"clean": "rm -rf dist tsconfig.tsbuildinfo",
|
|
42
|
-
"typecheck": "tsc --noEmit",
|
|
43
|
-
"test": "vitest run",
|
|
44
|
-
"dev": "tsc --build --watch",
|
|
45
|
-
"prepublishOnly": "pnpm run build"
|
|
46
|
-
},
|
|
47
39
|
"dependencies": {
|
|
48
40
|
"i18next": "^24.2.2",
|
|
49
41
|
"js-yaml": "^4.1.0",
|
|
@@ -65,5 +57,12 @@
|
|
|
65
57
|
"@types/js-yaml": "^4.0.9",
|
|
66
58
|
"@types/node": "^22.14.0",
|
|
67
59
|
"typescript": "~5.7.3"
|
|
60
|
+
},
|
|
61
|
+
"scripts": {
|
|
62
|
+
"build": "tsc --build",
|
|
63
|
+
"clean": "rm -rf dist tsconfig.tsbuildinfo",
|
|
64
|
+
"typecheck": "tsc --noEmit",
|
|
65
|
+
"test": "vitest run",
|
|
66
|
+
"dev": "tsc --build --watch"
|
|
68
67
|
}
|
|
69
|
-
}
|
|
68
|
+
}
|