firewall-node
Zen by Aikido protects your node app against attacks with one line of code. Get peace of mind— at runtime.
OTHER License
Bot releases are visible (Hide)
Published by hansott 5 months ago
What's Changed
- Detect absolute path traversal
- Ignore localhost IP addresses during rate limiting
Published by hansott 5 months ago
What's Changed
- Output IP address when rate limited
Published by hansott 5 months ago
What's Changed
- Ignore OPTIONS and HEAD for API endpoint reporting
Published by hansott 5 months ago
What's Changed
- Introduce Rate limiting
- Amend path traversal protection for edge cases
- Amend shell injection protection via spawn arguments
Published by hansott 5 months ago
What's Changed
- Next.js by @hansott in https://github.com/AikidoSec/runtime-node/pull/195
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.21...1.5.22
Published by hansott 5 months ago
What's Changed
- Improve error message: "an SQL injection" by @hansott in https://github.com/AikidoSec/runtime-node/pull/197
- Pin serverless tot ^3.0.0 by @hansott in https://github.com/AikidoSec/runtime-node/pull/198
- Fix end2end test: shell injection by @hansott in https://github.com/AikidoSec/runtime-node/pull/199
- Also check if user input contains unsafe path parts by @hansott in https://github.com/AikidoSec/runtime-node/pull/196
- Use template literal by @hansott in https://github.com/AikidoSec/runtime-node/pull/178
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.20...1.5.21
Published by hansott 5 months ago
What's Changed
- Use correct config property name (
configUpdatedAt) by @hansott in https://github.com/AikidoSec/runtime-node/pull/191 - Fix unit tests by @hansott in https://github.com/AikidoSec/runtime-node/pull/192
- Check if user is blocked by @hansott in https://github.com/AikidoSec/runtime-node/pull/193
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.19...1.5.20
Published by hansott 5 months ago
What's Changed
- Don't overwrite context by @hansott in https://github.com/AikidoSec/runtime-node/pull/188
- Be able to set user and send along with attack by @hansott in https://github.com/AikidoSec/runtime-node/pull/189
- Capture all users by @hansott in https://github.com/AikidoSec/runtime-node/pull/190
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.18...1.5.19
Published by hansott 5 months ago
What's Changed
- Poll for config changes by @hansott in https://github.com/AikidoSec/runtime-node/pull/186
- Be able to block specific users by @hansott in https://github.com/AikidoSec/runtime-node/pull/183
- Add tests for pollForChanges by @hansott in https://github.com/AikidoSec/runtime-node/pull/187
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.17...1.5.18
Published by hansott 6 months ago
What's Changed
- Make interval configurable by @hansott in https://github.com/AikidoSec/runtime-node/pull/184
- Add support for express.use(...) by @hansott in https://github.com/AikidoSec/runtime-node/pull/185
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.16...1.5.17
Published by hansott 6 months ago
What's Changed
- Queries passed inside of objects now also protected (mysql2, pg)
- Add test for "IN (...)" by
- Allow disabling protection on specific endpoints
- Check arguments of path.join/resolve for path traversal attacks protection
- Inspect route params for injections by
Published by hansott 6 months ago
What's Changed
- Fix broken unicode readme by @bitterpanda63 in https://github.com/AikidoSec/runtime-node/pull/159
- Fix missing port for outgoing hostnames by @hansott in https://github.com/AikidoSec/runtime-node/pull/163
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.14...1.5.15
Published by hansott 6 months ago
What's Changed
- Wrap next() in try/finally by @hansott in https://github.com/AikidoSec/runtime-node/pull/144
- Fix blocking env var by @hansott in https://github.com/AikidoSec/runtime-node/pull/146
- Fix blocking env var by @hansott in https://github.com/AikidoSec/runtime-node/pull/147
- Flush stats for google cloud functions by @hansott in https://github.com/AikidoSec/runtime-node/pull/145
- Set engines in package.json to node 16+ by @hansott in https://github.com/AikidoSec/runtime-node/pull/150
- Add CONDUCT_OF_CONDUCT.md, CONTRIBUTING.md and SECURITY.md by @hansott in https://github.com/AikidoSec/runtime-node/pull/151
- Link to md files in .github directory by @hansott in https://github.com/AikidoSec/runtime-node/pull/152
- Add ORMs to supported packages by @hansott in https://github.com/AikidoSec/runtime-node/pull/153
- Inspect S3 operations for path traversal attacks (AWS SDK v2) by @hansott in https://github.com/AikidoSec/runtime-node/pull/156
- Outgoing domain monitoring by @hansott in https://github.com/AikidoSec/runtime-node/pull/154
- Add missing sinks spawn and spawnSync for shell injection by @nadiraikido in https://github.com/AikidoSec/runtime-node/pull/155
New Contributors
- @nadiraikido made their first contribution in https://github.com/AikidoSec/runtime-node/pull/155
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.13...1.5.14
Published by hansott 7 months ago
What's Changed
- Await flush by @hansott in https://github.com/AikidoSec/runtime-node/pull/143
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.12...1.5.13
Published by hansott 7 months ago
What's Changed
- Return early when user input > query/command/... by @hansott in https://github.com/AikidoSec/runtime-node/pull/141
- Flush stats after first invoke and every 10 minutes by @hansott in https://github.com/AikidoSec/runtime-node/pull/142
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.11...1.5.12
Published by hansott 7 months ago
What's Changed
- Remove human source name in error message by @hansott in https://github.com/AikidoSec/runtime-node/pull/139
- Send lambda stats on shutdown by @hansott in https://github.com/AikidoSec/runtime-node/pull/134
- Add path traversal to features by @hansott in https://github.com/AikidoSec/runtime-node/pull/140
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.10...1.5.11
Published by hansott 7 months ago
What's Changed
- Avoid using exports in package.json by @hansott in https://github.com/AikidoSec/runtime-node/pull/135
- Fix CI by @hansott in https://github.com/AikidoSec/runtime-node/pull/136
- Add package names to stack by @hansott in https://github.com/AikidoSec/runtime-node/pull/138
- Aik 2617 by @robinbailleul in https://github.com/AikidoSec/runtime-node/pull/137
New Contributors
- @robinbailleul made their first contribution in https://github.com/AikidoSec/runtime-node/pull/137
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.9...1.5.10
Published by hansott 7 months ago
What's Changed
- Use type from aws-lambda by @hansott in https://github.com/AikidoSec/runtime-node/pull/132
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.8...1.5.9
Published by hansott 7 months ago
What's Changed
- Use any instead of unknown by @hansott in https://github.com/AikidoSec/runtime-node/pull/131
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.7...1.5.8
Published by hansott 7 months ago
What's Changed
- Loosen up types of lambda events by @hansott in https://github.com/AikidoSec/runtime-node/pull/130
Full Changelog: https://github.com/AikidoSec/runtime-node/compare/1.5.6...1.5.7
