Conversation
Member
hansott
commented
May 13, 2025
hansott
commented
- Report stats about user agents and IPs #601
- Add kind to sink stats #556
* 'main' of github.com:AikidoSec/node-RASP: (38 commits) Speed up unit tests (#497) Move outside if Keep original code Use Number.isInteger(...) Update Zen internals to v0.1.37 Fix timestamp in mock server (#517) Remove unused methods (#516) Update readme Set timeout on workflows Use 401 Increase timeout to 3s and append error message to log Check route level access before we check if IP is in bypass list Only install library deps when publishing to npm (#511) Show connection failures on startup (#510) Revert "Add failing test for route level allowed IPs" Fix duplicate clickhouse Run tests for supported dialects Update Zen internals to v0.1.36 Add failing test for route level allowed IPs Only capture hostname if the port is known ...
* 'main' of github.com:AikidoSec/node-RASP: (21 commits) Remove double middleware inclusion in sample app Improve allowed ip addresses test Add comment Rename to allowedIPAddresses Add comments Rename allowedIP to bypassedIP Do not merge allowed ip addresses Fix import with SyntheticDefaultImports enabled Add comment Fix static files detected as secret Add some comments to the X-Forwarded-For function for the future Suppresses type errors for optional dependencies (#521) Select the first valid & non-private IP from x-forwarded-for header (#519) Split test file Add test Do not block private ip addresses Rename to onlyAllowedIPAddresses Add comment, fix import Add e2e tests Fix typo ...
To know what kind of operations the sink does
And collect stats on a specific operation kind, instead of the sink name.
Reduces diff and avoids additional argument for wrapExport
* 'main' of github.com:AikidoSec/node-RASP: (45 commits) Update matchEndpoints.ts Update library/agent/Users.ts Fix ignoring underscore var names Update .prettierignore Apply review suggestions Upgrade one nestjs sample app to v11 Update test log messages Fix build Update eslint Remove unused imports Remove unused imports Update markUnsafe.md Improve docs Add more iterations to rate limiting memory test Increase allowed time Check memory usage Add performance test for rate limiting Add optimization Push timestamp after filter Simplify code ...
* 'main' of github.com:AikidoSec/node-RASP: (88 commits) Update matchEndpoints.ts Update library/agent/Users.ts Fix ignoring underscore var names Update .prettierignore Apply review suggestions Upgrade one nestjs sample app to v11 Update test log messages Fix build Update eslint Remove unused imports Remove unused imports Update markUnsafe.md Improve docs Add more iterations to rate limiting memory test Increase allowed time Check memory usage Add performance test for rate limiting Update library/helpers/mapIPv4ToIPv6.ts Add comment, remove ::ffff:0:0 Fix comment ...
Simplifies the implementation and we don't need it in the dashboard
* 'main' of github.com:AikidoSec/node-RASP: (33 commits) Prevent ReDoS Fix multiple control chars Remove unused code Check blocked users every time but log once Remove some comments Update comment Allow passing a Router to `addExpressMiddleware` Add comments Fix unit tests Fix path traversal in path Add comment Remove unused import Disable Function sink for now Fix test file brackets Extend comment Add more tests Fix url path traversal bypass Remove logs Increase timeout for n8n test Add debug logs for CI only failure ...
* 'main' of github.com:AikidoSec/node-RASP: Prevent ReDoS Fix multiple control chars Remove unused code Check blocked users every time but log once Remove some comments Update comment Allow passing a Router to `addExpressMiddleware` Add comments Fix unit tests Fix path traversal in path Fix test file brackets Extend comment Add more tests Fix url path traversal bypass fix: Remove another ts-expect-error Remove unused @ts-expect-error Support Shelljs 0.9.x
* 'beta' of github.com:AikidoSec/node-RASP: Add test coverage for empty operation strings Move @ts-expect-error Format file Update Lambda test to match new operations structure Fix TypeScript errors in test files Add test for multiple operations of same kind in InspectionStatistics Use operation name as key for the stats Fix types Undo change Undo change Fix lint Undo changes Add comments back Reduce diff Fix tests Move kind into interceptor object Fix kind Fix lint Rename sinks to operations Add kind to sink stats
Report stats about blocked/monitored user agents and IPs
* 'main' of github.com:AikidoSec/node-RASP: Add comment to extractStringsFromUserInput Add new safeDecodeURIComponent function Update library/helpers/extractStringsFromUserInput.ts Fix tests Support Koa v3 Extract safeDecodeURIComponent Add unit test Try decode possible uri encoded strings Add failing tests
This reverts commit 2ecf2a5.
Report stats about user agents and IPs
Codecov ReportAttention: Patch coverage is 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.