		@@ -38,3 +38,3 @@ "use strict";
		this.users = new Users_1.Users(1000);
		this.serviceConfig = new ServiceConfig_1.ServiceConfig([], Date.now(), []);
		this.serviceConfig = new ServiceConfig_1.ServiceConfig([], Date.now(), [], []);
		this.routes = new Routes_1.Routes(200);
		@@ -148,3 +148,3 @@ this.rateLimiter = new RateLimiter_1.RateLimiter(5000, 120 * 60 * 1000);
		? response.configUpdatedAt
		: Date.now(), response.blockedUserIds ? response.blockedUserIds : []);
		: Date.now(), response.blockedUserIds ? response.blockedUserIds : [], response.allowedIPAddresses ? response.allowedIPAddresses : []);
		}
		@@ -151,0 +151,0 @@ const minimumHeartbeatIntervalMS = 2 * 60 * 1000;

agent/api/ReportingAPIForTesting.js

agent/applyHooks.js

		@@ -146,3 +146,6 @@ "use strict";
		});
		if (result && context) {
		const isAllowedIP = context &&
		context.remoteAddress &&
		agent.getConfig().isAllowedIP(context.remoteAddress);
		if (result && context && !isAllowedIP) {
		// Flag request as having an attack detected
		@@ -149,0 +152,0 @@ context.attackDetected = true;

agent/Config.d.ts

agent/ServiceConfig.d.ts

		@@ -6,3 +6,4 @@ import { Endpoint } from "./Config";
		private blockedUserIds;
		constructor(endpoints: Endpoint[], lastUpdatedAt: number, blockedUserIds: string[]);
		private allowedIPAddresses;
		constructor(endpoints: Endpoint[], lastUpdatedAt: number, blockedUserIds: string[], allowedIPAddresses: string[]);
		private getKey;
		@@ -14,2 +15,3 @@ getRateLimiting(method: string, route: string \| RegExp): {
		} \| undefined;
		isAllowedIP(ip: string): boolean;
		shouldProtectEndpoint(method: string, route: string \| RegExp): boolean;
		@@ -16,0 +18,0 @@ isUserBlocked(userId: string): boolean;

agent/ServiceConfig.js

		@@ -5,6 +5,7 @@ "use strict";
		class ServiceConfig {
		constructor(endpoints, lastUpdatedAt, blockedUserIds) {
		constructor(endpoints, lastUpdatedAt, blockedUserIds, allowedIPAddresses) {
		this.lastUpdatedAt = lastUpdatedAt;
		this.endpoints = new Map();
		this.blockedUserIds = new Map();
		this.allowedIPAddresses = new Map();
		endpoints.forEach((rule) => {
		@@ -21,2 +22,5 @@ this.endpoints.set(this.getKey(rule.method, rule.route), {
		});
		allowedIPAddresses.forEach((ip) => {
		this.allowedIPAddresses.set(ip, ip);
		});
		}
		@@ -34,2 +38,5 @@ getKey(method, route) {
		}
		isAllowedIP(ip) {
		return this.allowedIPAddresses.has(ip);
		}
		shouldProtectEndpoint(method, route) {
		@@ -36,0 +43,0 @@ const key = this.getKey(method, typeof route === "string" ? route : route.source);

package.json

		{
		"name": "@aikidosec/runtime",
		"version": "1.5.26",
		"version": "1.5.27",
		"description": "Aikido runtime protects your application against NoSQL injections and more",
		@@ -5,0 +5,0 @@ "repository": "https://github.com/AikidoSec/runtime-node",

sources/express/shouldRateLimitRequest.js

		@@ -14,3 +14,4 @@ "use strict";
		!context.consumedRateLimitForIP &&
		!(0, isLocalhostIP_1.isLocalhostIP)(context.remoteAddress)) {
		!(0, isLocalhostIP_1.isLocalhostIP)(context.remoteAddress) &&
		!agent.getConfig().isAllowedIP(context.remoteAddress)) {
		const allowed = agent
		@@ -17,0 +18,0 @@ .getRateLimiter()

sources/express/wrapRequestHandler.js

		@@ -5,2 +5,3 @@ "use strict";
		const Context_1 = require("../../agent/Context");
		const escapeHTML_1 = require("../../helpers/escapeHTML");
		const contextFromRequest_1 = require("./contextFromRequest");
		@@ -29,3 +30,3 @@ const shouldRateLimitRequest_1 = require("./shouldRateLimitRequest");
		if (result.trigger === "ip") {
		message += ` (Your IP: ${context.remoteAddress})`;
		message += ` (Your IP: ${(0, escapeHTML_1.escapeHTML)(context.remoteAddress)})`;
		}
		@@ -32,0 +33,0 @@ return res.status(429).send(message);

@aikidosec/runtime - npm Package Compare versions

Improved metrics