Report stats about blocked/monitored user agents and IPs#505
Merged
Conversation
Codecov ReportAttention: Patch coverage is
📢 Thoughts on this report? Let us know! |
timokoessler
approved these changes
Jan 27, 2025
hansott
changed the title
* 'main' of github.com:AikidoSec/node-RASP: (38 commits) Speed up unit tests (#497) Move outside if Keep original code Use Number.isInteger(...) Update Zen internals to v0.1.37 Fix timestamp in mock server (#517) Remove unused methods (#516) Update readme Set timeout on workflows Use 401 Increase timeout to 3s and append error message to log Check route level access before we check if IP is in bypass list Only install library deps when publishing to npm (#511) Show connection failures on startup (#510) Revert "Add failing test for route level allowed IPs" Fix duplicate clickhouse Run tests for supported dialects Update Zen internals to v0.1.36 Add failing test for route level allowed IPs Only capture hostname if the port is known ...
* 'main' of github.com:AikidoSec/node-RASP: (21 commits) Remove double middleware inclusion in sample app Improve allowed ip addresses test Add comment Rename to allowedIPAddresses Add comments Rename allowedIP to bypassedIP Do not merge allowed ip addresses Fix import with SyntheticDefaultImports enabled Add comment Fix static files detected as secret Add some comments to the X-Forwarded-For function for the future Suppresses type errors for optional dependencies (#521) Select the first valid & non-private IP from x-forwarded-for header (#519) Split test file Add test Do not block private ip addresses Rename to onlyAllowedIPAddresses Add comment, fix import Add e2e tests Fix typo ...
timokoessler
approved these changes
Feb 18, 2025
* 'main' of github.com:AikidoSec/node-RASP: (88 commits) Update matchEndpoints.ts Update library/agent/Users.ts Fix ignoring underscore var names Update .prettierignore Apply review suggestions Upgrade one nestjs sample app to v11 Update test log messages Fix build Update eslint Remove unused imports Remove unused imports Update markUnsafe.md Improve docs Add more iterations to rate limiting memory test Increase allowed time Check memory usage Add performance test for rate limiting Update library/helpers/mapIPv4ToIPv6.ts Add comment, remove ::ffff:0:0 Fix comment ...
* 'main' of github.com:AikidoSec/node-RASP: feat: add guidance about importing Zen at the top of main app file to context warnings Call it another time Fix lint test: update shouldBlockRequest test to use console.warn mock feat: add context warning to shouldBlockRequest function
We moved the monitoring logic from createRequestListener to checkIfRequestIsBlocked to handle multiple matches for both IP addresses and user agents. This change allows us to track statistics for all matches while using the first non-monitored match for blocking.
* 'main' of github.com:AikidoSec/node-RASP: Add comment Remove unused import Disable Function sink for now Remove logs Increase timeout for n8n test Add debug logs for CI only failure Fix n8n tests chore: Update dependencies (only dev & tests)
Simplifies the implementation and we don't need it in the dashboard
timokoessler
approved these changes
Apr 28, 2025
* 'main' of github.com:AikidoSec/node-RASP: Prevent ReDoS Fix multiple control chars Remove unused code Check blocked users every time but log once Remove some comments Update comment Allow passing a Router to `addExpressMiddleware` Add comments Fix unit tests Fix path traversal in path Fix test file brackets Extend comment Add more tests Fix url path traversal bypass fix: Remove another ts-expect-error Remove unused @ts-expect-error Support Shelljs 0.9.x
* 'beta' of github.com:AikidoSec/node-RASP: Add test coverage for empty operation strings Move @ts-expect-error Format file Update Lambda test to match new operations structure Fix TypeScript errors in test files Add test for multiple operations of same kind in InspectionStatistics Use operation name as key for the stats Fix types Undo change Undo change Fix lint Undo changes Add comments back Reduce diff Fix tests Move kind into interceptor object Fix kind Fix lint Rename sinks to operations Add kind to sink stats
hansott
added a commit
that referenced
this pull request
May 16, 2025
…essed-timings * 'main' of github.com:AikidoSec/node-RASP: (85 commits) Rename variable to make it more clear Remove redundant methods Improve comment Remove `isMonitoredIPAddress` Use userAgent variable Iterate through monitored IP lists only once Add comment about empty string and regexp Refactor safeCreateRegExp to its own file Fix end2end test Fix missing imports Format file Add end2end test to ensure monitored IPs and user agents are never blocked Fix tests Adapt to new firewall/lists API Revert "Revert "Merge pull request #505 from AikidoSec/request-stats"" Revert "Merge pull request #505 from AikidoSec/request-stats" Always include items key for arrays in data schema Fix test Set symbol to true and add comment Prevent double counting monitored lists ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
requestscheckIfRequestIsBlocked