https://github.com/hupe1980/node-rasp

Simple nodejs rasp solution
https://github.com/hupe1980/node-rasp

appsec cybersecurity rasp security

Last synced: 2 months ago
JSON representation

Simple nodejs rasp solution

• Host: GitHub
• URL: https://github.com/hupe1980/node-rasp
• Owner: hupe1980
• License: mit
• Created: 2022-12-06T13:59:14.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-03-06T01:47:57.000Z (over 2 years ago)
• Last Synced: 2025-02-10T02:14:39.138Z (4 months ago)
• Topics: appsec, cybersecurity, rasp, security
• Language: TypeScript
• Homepage:
• Size: 312 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# node-rasp

> Simple nodejs rasp solution

:warning: This is experimental and subject to breaking changes.

## How to use

```typescript

import fs from 'fs';

import { Mode, RASP, Message } from 'node-rasp';

RASP.configure({

  mode: Mode.Block,

  reporter: (msg: Message, rasp: RASP) => {

    console.log(msg);

  },

});

fs.readdirSync('/tmp'); // => throws fs.readdirSync blocked by RASP

```

## Example Message

```

{

  pid: 20448,

  runtime: 'node.js',

  runtimeVersion: 'v16.13.0',

  time: 1670454402069,

  messageType: 'trace',

  data: {

    module: 'fs',

    method: 'readdirSync',

    blocked: false,

    args: [ '/tmp' ],

    stackTrace: [

      'at Object. (/.../index.js:10:8)',

      'at Module._compile (node:internal/modules/cjs/loader:1101:14)',

      'at Object.Module._extensions..js (node:internal/modules/cjs/loader:1153:10)',

      'at Module.load (node:internal/modules/cjs/loader:981:32)',

      'at Function.Module._load (node:internal/modules/cjs/loader:822:12)',

      'at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:81:12)',

      'at node:internal/main/run_main_module:17:47'

    ]

  }

}

```

## Configuration

|Name|Type|Description

|-|-|-

|mode|allow, alert, block|

|preProcessor|(module: string, method: string, strArgs: string[], mode: Mode, rasp: RASP) => Mode|

|reporter|(msg: Message, rasp: RASP) => void|

|allowRead|string[]|Allow file system read access

|allowWrite|string[]|Allow file system write access

|allowDelete|string[]|Allow file system delete access

|allowRun|string[]|Allow running subprocesses

|allowNet|string[]|Allow network access

|allowApi|{ module: string, method: string }|Allow api calls

## License

[MIT](LICENCE)