honeyweb-core 2.0.2 → 2.0.4

package/detection/rate-limiter.js

@@ -1,109 +1,38 @@
-// honeyweb-core/detection/rate-limiter.js
-// Rate limiting with auto-cleanup (fixes memory leak)
-
 class RateLimiter {
     constructor(config) {
-        this.window = config.window || 10000; // 10 seconds
+        this.window = config.window || 10000;
         this.maxRequests = config.maxRequests || 50;
-        this.requests = new Map(); // ip -> [timestamps]
-
-        // Auto-cleanup to prevent memory leak
-        const cleanupInterval = config.cleanupInterval || 60000; // 60 seconds
-        this.cleanupTimer = setInterval(() => {
-            this._cleanup();
-        }, cleanupInterval);
+        this.requests = new Map();
+        this.cleanupTimer = setInterval(() => this._cleanup(), config.cleanupInterval || 60000);
     }
 
-    /**
-     * Check if IP has exceeded rate limit
-     * @param {string} ip
-     * @returns {Object} - { limited: boolean, count: number, remaining: number }
-     */
     check(ip) {
         const now = Date.now();
-        const windowStart = now - this.window;
-
-        // Get existing requests for this IP
-        let timestamps = this.requests.get(ip) || [];
-
-        // Filter out old requests outside the window
-        timestamps = timestamps.filter(ts => ts > windowStart);
-
-        // Add current request
+        let timestamps = (this.requests.get(ip) || []).filter(ts => ts > now - this.window);
         timestamps.push(now);
-
-        // Update map
         this.requests.set(ip, timestamps);
 
-        const count = timestamps.length;
-        const remaining = Math.max(0, this.maxRequests - count);
-        const limited = count > this.maxRequests;
-
         return {
-            limited,
-            count,
-            remaining,
+            limited: timestamps.length > this.maxRequests,
+            count: timestamps.length,
+            remaining: Math.max(0, this.maxRequests - timestamps.length),
             resetAt: now + this.window
         };
     }
 
-    /**
-     * Clean up old entries to prevent memory leak
-     * @private
-     */
     _cleanup() {
-        const now = Date.now();
-        const windowStart = now - this.window;
-
+        const cutoff = Date.now() - this.window;
         for (const [ip, timestamps] of this.requests.entries()) {
-            // Filter out old timestamps
-            const active = timestamps.filter(ts => ts > windowStart);
-
-            if (active.length === 0) {
-                // No active requests, remove entry
-                this.requests.delete(ip);
-            } else {
-                // Update with filtered timestamps
-                this.requests.set(ip, active);
-            }
+            const active = timestamps.filter(ts => ts > cutoff);
+            if (active.length === 0) this.requests.delete(ip);
+            else this.requests.set(ip, active);
         }
     }
 
-    /**
-     * Get statistics
-     * @returns {Object}
-     */
-    getStats() {
-        return {
-            trackedIPs: this.requests.size,
-            window: this.window,
-            maxRequests: this.maxRequests
-        };
-    }
-
-    /**
-     * Reset rate limit for an IP
-     * @param {string} ip
-     */
-    reset(ip) {
-        this.requests.delete(ip);
-    }
-
-    /**
-     * Clear all rate limit data
-     */
-    clear() {
-        this.requests.clear();
-    }
-
-    /**
-     * Cleanup and stop timers
-     */
-    destroy() {
-        if (this.cleanupTimer) {
-            clearInterval(this.cleanupTimer);
-        }
-    }
+    getStats() { return { trackedIPs: this.requests.size, window: this.window, maxRequests: this.maxRequests }; }
+    reset(ip) { this.requests.delete(ip); }
+    clear() { this.requests.clear(); }
+    destroy() { if (this.cleanupTimer) clearInterval(this.cleanupTimer); }
 }
 
 module.exports = RateLimiter;

package/detection/traversal.js

@@ -0,0 +1,42 @@
+const TRAVERSAL_PATTERNS = [
+    /\.\.\//,
+    /\.\.\\/,
+    /%2e%2e[%2f%5c]/i,
+    /%252e%252e/i,
+    /\.\.%2f/i,
+    /\.\.%5c/i,
+    /\/etc\/passwd/i,
+    /\/etc\/shadow/i,
+    /\/etc\/hosts/i,
+    /\/proc\/self/i,
+    /win\.ini/i,
+    /boot\.ini/i,
+    /system32/i,
+    /%00/,
+    /\0/,
+];
+
+function detectTraversal(req) {
+    const threats = [];
+    const targets = [
+        req.url || '',
+        JSON.stringify(req.query || {}),
+        req.headers['referer'] || '',
+    ];
+
+    if (req.body) targets.push(JSON.stringify(req.body));
+
+    for (const target of targets) {
+        for (const pattern of TRAVERSAL_PATTERNS) {
+            if (pattern.test(target)) {
+                threats.push(`Path traversal pattern: ${pattern.source.substring(0, 40)}`);
+            }
+        }
+    }
+
+    // Deduplicate
+    const unique = [...new Set(threats)];
+    return { detected: unique.length > 0, threats: unique };
+}
+
+module.exports = { TRAVERSAL_PATTERNS, detectTraversal };

package/index.js

@@ -1,6 +1,5 @@
 // honeyweb-core/index.js
 // HoneyWeb - Intelligent Honeypot Middleware
-// Main entry point - orchestrates all modules
 
 const { loadConfig } = require('./config');
 const { createStorage } = require('./storage');
@@ -11,27 +10,18 @@ const Logger = require('./utils/logger');
 const HoneyWebEvents = require('./utils/event-emitter');
 const createMiddleware = require('./middleware');
 
-/**
- * HoneyWeb Middleware Factory
- * @param {Object} userConfig - Optional configuration overrides
- * @returns {Function} - Express middleware function with event emitter
- */
 function honeyWeb(userConfig = {}) {
-    // 1. Load and merge configuration
     const config = loadConfig(userConfig);
 
-    // 2. Initialize core components
     const logger = new Logger(config.logging);
     const events = new HoneyWebEvents();
     const storage = createStorage(config.storage);
-    const botTracker = new BotTracker(); // Track legitimate bot visits
+    const botTracker = new BotTracker();
     const detector = new DetectionEngine(config);
     const aiAnalyzer = new AIAnalyzer(config.ai);
 
-    // 3. Create middleware
     const middleware = createMiddleware(config, storage, botTracker, detector, aiAnalyzer, logger, events);
 
-    // 4. Attach event emitter and utilities to middleware function
     middleware.on = events.on.bind(events);
     middleware.once = events.once.bind(events);
     middleware.off = events.off.bind(events);
@@ -42,7 +32,6 @@ function honeyWeb(userConfig = {}) {
     middleware.logger = logger;
     middleware.config = config;
 
-    // 5. Cleanup on process exit
     const cleanup = () => {
         detector.destroy();
         storage.destroy();
@@ -60,5 +49,4 @@ function honeyWeb(userConfig = {}) {
     return middleware;
 }
 
-// Export for backward compatibility
 module.exports = honeyWeb;

package/middleware/blocklist-checker.js

@@ -1,27 +1,13 @@
-// honeyweb-core/middleware/blocklist-checker.js
-// Blocklist checking middleware
-
-/**
- * Create blocklist checker middleware
- * @param {Object} storage - Storage instance
- * @param {Object} logger - Logger instance
- * @param {Object} events - Event emitter
- * @returns {Function} - Middleware function
- */
 function createBlocklistChecker(storage, logger, events) {
     return async function checkBlocklist(req, res, next) {
         const clientIP = req.ip || req.connection.remoteAddress;
 
         try {
             const isBanned = await storage.isBanned(clientIP);
-
             if (isBanned) {
                 logger.blocked(clientIP, 'IP is banned');
                 events.emitRequestBlocked(clientIP, 'IP is banned');
-
-                return res.status(403).send(
-                    '<h1>403 Forbidden</h1><p>Your IP has been flagged for suspicious activity.</p>'
-                );
+                return res.status(403).send('<h1>403 Forbidden</h1><p>Your IP has been flagged for suspicious activity.</p>');
             }
         } catch (err) {
             logger.error('Error checking blocklist', { error: err.message });