Skip to content

Report stats about blocked/monitored user agents and IPs #505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hansott merged 56 commits into from
May 6, 2025
Merged

Report stats about blocked/monitored user agents and IPs #505

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
3e2b46e
Report stats about blocked and rate limited requests
hansott Jan 21, 2025
50d6478
Fix types
hansott Jan 21, 2025
1598c09
Fix unit test
hansott Jan 22, 2025
422a57b
Improve block request stats object
hansott Feb 7, 2025
d66f58d
Add key of matching IP/User agent list
hansott Feb 7, 2025
c6814e7
Update mock server
hansott Feb 7, 2025
5d0c34e
Fix linting
hansott Feb 7, 2025
f07de45
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Feb 7, 2025
1062e5d
Fixes
hansott Feb 7, 2025
b836465
Fix end2end test
hansott Feb 7, 2025
3676533
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Feb 17, 2025
b94d1b8
Improve diff
hansott Feb 17, 2025
bef8fe2
Fix test file
hansott Feb 17, 2025
c39a440
Fix agent test
hansott Feb 17, 2025
6f3156d
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Mar 25, 2025
acd2939
Revert changes
hansott Mar 25, 2025
41169e3
Undo
hansott Mar 26, 2025
fe7e49a
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Mar 27, 2025
505fb4b
Update inspection stats
hansott Mar 27, 2025
9863cda
add unit test for monitored IPs and user agents
hansott Mar 27, 2025
df58be7
Improve tests
hansott Mar 27, 2025
859a7bb
Set monitored user agents and IPs in config
hansott Mar 27, 2025
ee32f54
fix: update isUserAgentBlocked test to match implementation
hansott Mar 27, 2025
1067623
Update FunctionsFramework tests to match new statistics structure
hansott Mar 27, 2025
55787c2
Add tests for user agent and IP monitoring
hansott Mar 27, 2025
112d9a4
Update Lambda test assertions to match new stats structure
hansott Mar 27, 2025
82683f3
Fix formatting
hansott Mar 27, 2025
5992d38
Fix linting
hansott Mar 27, 2025
7c81efa
Ensure fetchBlockedLists returns all properties
hansott Mar 27, 2025
1bd7dcf
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Apr 15, 2025
920752f
Fix comment
hansott Apr 15, 2025
25144ab
Use monitor flag instead of separate lists
hansott Apr 15, 2025
274842d
Fix test
hansott Apr 15, 2025
b8b9022
Fixes
hansott Apr 15, 2025
9bac765
Fix stats test assertions
hansott Apr 15, 2025
e2ec466
refactor: update statistics structure to use simpler format with tota…
hansott Apr 15, 2025
090802f
Fix end2end tests
hansott Apr 15, 2025
748aa1b
FIX TypeScript errors and remove unused eslint directives
hansott Apr 15, 2025
8c33ac5
Add comment
hansott Apr 15, 2025
f4a0e4e
Move user agent and IP statistics outside requests
hansott Apr 16, 2025
00f2b76
Move monitoring logic to checkIfRequestIsBlocked
hansott Apr 16, 2025
65162e3
Fixes
hansott Apr 16, 2025
a1c97d1
Make sure to increment total only once
hansott Apr 16, 2025
9914a3a
Reduce diff
hansott Apr 16, 2025
1b8bb57
Add try/catch around new RegExp
hansott Apr 16, 2025
94f49d0
Improve tests
hansott Apr 16, 2025
7a59939
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Apr 17, 2025
519a39d
Rename AgentBlocklist to BotBlocklist
hansott Apr 17, 2025
2fa9007
Use .find(...) for performance
hansott Apr 17, 2025
3f58756
Rename methods (we return a list of matches now)
hansott Apr 17, 2025
8580d8e
Remove total and blocked
hansott Apr 18, 2025
cf35e65
Prevent double counting monitored lists
hansott Apr 18, 2025
6f84655
Set symbol to true and add comment
hansott Apr 18, 2025
a42b9e2
Merge branch 'main' of github.com:AikidoSec/node-RASP into request-stats
hansott Apr 29, 2025
3bcba19
Merge branch 'beta' of github.com:AikidoSec/node-RASP into request-stats
hansott Apr 29, 2025
b3f888b
Fix test
hansott Apr 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion end2end/server/src/handlers/lists.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,22 +20,37 @@ module.exports = function lists(req, res) {
blockedIps.length > 0
? [
{
key: "geoip/Belgium;BE",
source: "geoip",
description: "geo restrictions",
ips: blockedIps,
monitor: false,
},
]
: [],
blockedUserAgents:
blockedUserAgents.length > 0
? [
{
key: "hackers",
pattern: blockedUserAgents,
monitor: false,
},
]
: [],
blockedUserAgents: blockedUserAgents,
allowedIPAddresses:
allowedIps.length > 0
? [
{
key: "geoip/Belgium;BE",
source: "geoip",
description: "geo restrictions",
ips: allowedIps,
monitor: false,
},
]
: [],
monitoredIPAddresses: [],
monitoredUserAgents: [],
});
};
6 changes: 3 additions & 3 deletions end2end/server/src/zen/config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ function getAllowedIPAddresses(app) {
}

function updateBlockedUserAgents(app, uas) {
let entry = blockedUserAgents.find((e) => e.serviceId === e.serviceId);
let entry = blockedUserAgents.find((e) => e.serviceId === app.serviceId);

if (entry) {
entry.userAgents = uas;
Expand All @@ -104,13 +104,13 @@ function updateBlockedUserAgents(app, uas) {
}

function getBlockedUserAgents(app) {
const entry = blockedUserAgents.find((e) => e.serviceId === e.serviceId);
const entry = blockedUserAgents.find((e) => e.serviceId === app.serviceId);

if (entry) {
return entry.userAgents;
}

return "";
return { serviceId: app.serviceId, userAgents: [] };
}

module.exports = {
Expand Down
101 changes: 64 additions & 37 deletions library/agent/Agent.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import { Wrapper } from "./Wrapper";
import { Context } from "./Context";
import { createTestAgent } from "../helpers/createTestAgent";
import { setTimeout } from "node:timers/promises";
import type { Response } from "./api/fetchBlockedLists";

let shouldOnlyAllowSomeIPAddresses = false;

Expand All @@ -28,22 +29,32 @@ wrap(fetch, "fetch", function mock() {
body: JSON.stringify({
blockedIPAddresses: [
{
key: "some/key",
source: "name",
description: "Description",
ips: ["1.3.2.0/24", "fe80::1234:5678:abcd:ef12/64"],
monitor: false,
},
],
blockedUserAgents: [
{
key: "ai_bots",
pattern: "AI2Bot|Bytespider",
monitor: false,
},
],
blockedUserAgents: "AI2Bot|Bytespider",
allowedIPAddresses: shouldOnlyAllowSomeIPAddresses
? [
{
key: "some/key",
source: "name",
description: "Description",
ips: ["4.3.2.1"],
monitor: false,
},
]
: [],
}),
} satisfies Response),
};
};
});
Expand Down Expand Up @@ -1065,36 +1076,51 @@ t.test("it fetches blocked lists", async () => {

await setTimeout(0);

t.same(agent.getConfig().isIPAddressBlocked("1.3.2.4"), {
blocked: true,
reason: "Description",
});
t.same(agent.getConfig().isIPAddressBlocked("fe80::1234:5678:abcd:ef12"), {
blocked: true,
reason: "Description",
});
t.same(agent.getConfig().getBlockedIPAddresses("1.3.2.4"), [
{
key: "some/key",
monitor: false,
reason: "Description",
},
]);
t.same(agent.getConfig().getBlockedIPAddresses("fe80::1234:5678:abcd:ef12"), [
{
key: "some/key",
monitor: false,
reason: "Description",
},
]);

t.same(
agent
.getConfig()
.isUserAgentBlocked(
.getBlockedUserAgents(
"Mozilla/5.0 (compatible) AI2Bot (+https://www.allenai.org/crawler)"
),
{
blocked: true,
}
[
{
key: "ai_bots",
monitor: false,
},
]
);

t.same(
agent.getConfig().isUserAgentBlocked("Mozilla/5.0 (compatible) Bytespider"),
{
blocked: true,
}
agent
.getConfig()
.getBlockedUserAgents("Mozilla/5.0 (compatible) Bytespider"),
[
{
key: "ai_bots",
monitor: false,
},
]
);

t.same(agent.getConfig().isUserAgentBlocked("Mozilla/5.0 (compatible)"), {
blocked: false,
});
t.same(
agent.getConfig().getBlockedUserAgents("Mozilla/5.0 (compatible)"),
[]
);
});

t.test("it does not fetch blocked IPs if serverless", async () => {
Expand All @@ -1108,23 +1134,18 @@ t.test("it does not fetch blocked IPs if serverless", async () => {

await setTimeout(0);

t.same(agent.getConfig().isIPAddressBlocked("1.3.2.4"), {
blocked: false,
});

t.same(agent.getConfig().getBlockedIPAddresses("1.3.2.4"), []);
t.same(agent.getConfig().isAllowedIPAddress("1.3.2.4"), {
allowed: true,
});

t.same(
agent
.getConfig()
.isUserAgentBlocked(
.getBlockedUserAgents(
"Mozilla/5.0 (compatible) AI2Bot (+https://www.allenai.org/crawler)"
),
{
blocked: false,
}
[]
);
});

Expand All @@ -1139,14 +1160,20 @@ t.test("it only allows some IP addresses", async () => {

await setTimeout(0);

t.same(agent.getConfig().isIPAddressBlocked("1.3.2.4"), {
blocked: true,
reason: "Description",
});
t.same(agent.getConfig().isIPAddressBlocked("fe80::1234:5678:abcd:ef12"), {
blocked: true,
reason: "Description",
});
t.same(agent.getConfig().getBlockedIPAddresses("1.3.2.4"), [
{
key: "some/key",
monitor: false,
reason: "Description",
},
]);
t.same(agent.getConfig().getBlockedIPAddresses("fe80::1234:5678:abcd:ef12"), [
{
key: "some/key",
monitor: false,
reason: "Description",
},
]);

t.same(agent.getConfig().isAllowedIPAddress("1.2.3.4"), {
allowed: false,
Expand Down
2 changes: 2 additions & 0 deletions library/agent/Agent.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,8 @@ export class Agent {
startedAt: stats.startedAt,
endedAt: endedAt,
requests: stats.requests,
userAgents: stats.userAgents,
ipAddresses: stats.ipAddresses,
},
hostnames: outgoingDomains,
routes: routes,
Expand Down
Loading