Added logic to chek for changes in org variable in msg object

2025-03-01 10:36:34 +00:00 · 2021-07-07 15:37:59 +01:00
parent d49ad87f5e
commit 1cf81d77aa
13 changed files with 3544 additions and 2349 deletions
--- a/nodes/StopTheBleed.js
+++ b/nodes/StopTheBleed.js
@@ -0,0 +1,52 @@
+const clone = require('clone');
+
+const variablesToCheck = [
+  'logger.metadata.organization',
+  'payload.system.organization',
+  'event.event.organization',
+  'event.event.token.contents.organization'
+];
+
+module.exports = class StopTheBleed {
+  constructor(_before) {
+    const before = clone(_before);
+    const {
+      logger, 
+      payload: {
+        system: {
+          bot, conversationId, organization, region
+        }
+      }
+    } = before;
+    this.before = before;
+    this.logger = logger;
+    this.bot = bot;
+    this.conversationId = conversationId;
+    this.organization = organization;
+    this.region = region;
+  }
+
+  verify(after) {
+    try {
+      variablesToCheck.forEach((location) => {
+        const getValue = (object) => location.split('.').reduce((p, c) => (p && p[c]) || null, object);
+        if (getValue(this.before) !== getValue(after)) {
+          const details = {
+            message: `msg.${location} changed from "${getValue(this.before)}" to "${getValue(after)}" for bot "${this.bot}"`
+          };
+          this.logger.error(details.message);
+          this.logger.app.platform.organization({
+            srn: `srn:botnet:${this.region}:${this.organization}:bot:${this.bot}`,
+            action: 'exception',
+            actionType: 'invalid-payload-modification',
+            details,
+            conversationId: this.conversationId
+          });
+        }
+      });
+    } catch (e) {
+      console.log('Error while trying to verify variable changes');
+      console.log(e);
+    }
+  }
+};
--- a/nodes/core/core/80-function.js
+++ b/nodes/core/core/80-function.js
@@ -14,6 +14,8 @@
 * limitations under the License.
 **/

+const StopTheBleed = require('../../StopTheBleed')
+
 module.exports = function(RED) {
    "use strict";
    var util = require("util");
@@ -207,10 +209,13 @@ module.exports = function(RED) {
        try {
            this.on("input", function(msg) {
                try {
+                    const stopTheBleed = new StopTheBleed(msg)
                    var start = process.hrtime();
                    sandbox.msg = msg;
                    const vm2Instance = new vm2.VM({ sandbox, timeout: 5000 });
                    const result = vm2Instance.run(functionText);
+                    console.log('before the bleed check')
+                    stopTheBleed.verify(result)
                    sendResults(this,msg._msgid, result);

                    var duration = process.hrtime(start);
--- a/nodes/core/logic/15-change.js
+++ b/nodes/core/logic/15-change.js
@@ -13,6 +13,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 **/
+const StopTheBleed = require('../../StopTheBleed')

 module.exports = function(RED) {
    "use strict";
@@ -228,6 +229,7 @@ module.exports = function(RED) {
        }
        if (valid) {
            this.on('input', function(msg) {
+                const stopTheBleed = new StopTheBleed(msg)
                for (var i=0; i<this.rules.length; i++) {
                    if (this.rules[i].t === "move") {
                        var r = this.rules[i];
@@ -248,6 +250,7 @@ module.exports = function(RED) {
                        return;
                    }
                }
+                stopTheBleed.verify(msg)
                node.send(msg);
            });
        }