Rename guard to runtime

AikidoSec · Mar 19, 2024 · 362b1ef · 362b1ef
1 parent 4ec2dda
commit 362b1ef
Show file tree

Hide file tree

Showing 38 changed files with 138 additions and 132 deletions.
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
-# Aikido Guard for Node.js
+# Aikido Runtime for Node.js
 
-![NPM Version](https://img.shields.io/npm/v/%40aikidosec%2Fguard?style=flat-square) ![Codecov](https://img.shields.io/codecov/c/github/AikidoSec/guard-node?style=flat-square&token=AJK9LU35GY) ![NPM License](https://img.shields.io/npm/l/%40aikidosec%2Fguard?style=flat-square)
-[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) ![](https://github.com/AikidoSec/guard-node/actions/workflows/unit-test.yml/badge.svg) ![](https://github.com/AikidoSec/guard-node/actions/workflows/end-to-end-tests.yml/badge.svg)
+![NPM Version](https://img.shields.io/npm/v/%40aikidosec%2Fruntime?style=flat-square) ![Codecov](https://img.shields.io/codecov/c/github/AikidoSec/runtime-node?style=flat-square&token=AJK9LU35GY) ![NPM License](https://img.shields.io/npm/l/%40aikidosec%2Fruntime?style=flat-square)
+[![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg?style=flat-square)](http://makeapullrequest.com) ![](https://github.com/AikidoSec/runtime-node/actions/workflows/unit-test.yml/badge.svg) ![](https://github.com/AikidoSec/runtime-node/actions/workflows/end-to-end-tests.yml/badge.svg)
 
 ## Features
 
@@ -21,7 +21,7 @@ Protects your application against
 
 ## Supported libraries and frameworks
 
-Aikido guard for Node.js is compatible with
+Aikido runtime for Node.js is compatible with
 
 * ✅ [`express`](https://www.npmjs.com/package/express) 4.x
 * ✅ [`mongodb`](https://www.npmjs.com/package/mongodb) 4.x, 5.x and 6.x _(npm package versions, not MongoDB server versions)_
@@ -34,10 +34,10 @@ Aikido guard for Node.js is compatible with
 
 ```shell
 # The --save-exact makes sure that you don't automatically install a newer version
-$ npm install --save-exact @aikidosec/guard
+$ npm install --save-exact @aikidosec/runtime
 
 # The --exact makes sure that you don't automatically install a newer version
-$ yarn add --exact @aikidosec/guard
+$ yarn add --exact @aikidosec/runtime
 ```
 
 * For express based apps, follow the [Express](docs/express.md) instructions
@@ -69,7 +69,7 @@ AIKIDO_TOKEN=your-token node your-app.js
 
 ## Running in dry mode
 
-If you want to test the guard without blocking any requests, you can set the `AIKIDO_NO_BLOCKING` environment variable to `true`:
+If you want to test the runtime without blocking any requests, you can set the `AIKIDO_NO_BLOCKING` environment variable to `true`:
 
 ```shell
 AIKIDO_NO_BLOCKING=true node your-app.js
@@ -81,13 +81,13 @@ See [Reporting NoSQL injections to Aikido](#reporting-nosql-injections-to-aikido
 
 ## Performance
 
-We run a benchmark on every commit to make sure that the guard has a minimal impact on your application's performance.
+We run a benchmark on every commit to make sure that the runtime has a minimal impact on your application's performance.
 
-The bench runs [a simple MongoDB query](benchmarks/mongodb/getUser.js) to measure the difference between two runs with and without the guard:
+The bench runs [a simple MongoDB query](benchmarks/mongodb/getUser.js) to measure the difference between two runs with and without the runtime:
 
-| Without guard | With guard | Difference in ms |
-|---------------|------------|------------------|
-| 0.214ms       | 0.222ms    | +0.008ms         |
+| Without runtime  | With runtime  | Difference in ms |
+|------------------|---------------|------------------|
+| 0.214ms          | 0.222ms       | +0.008ms         |
 
 (Using Node.js 18.x and MongoDB 6.3.x, results will vary depending on your hardware)
 

diff --git a/benchmarks/express-mongodb/package.json b/benchmarks/express-mongodb/package.json
@@ -2,7 +2,7 @@
   "name": "express-mongodb-bench",
   "private": true,
   "dependencies": {
-    "@aikidosec/guard": "file:../../library",
+    "@aikidosec/runtime": "file:../../library",
     "cookie-parser": "^1.4.6",
     "dotenv": "^16.4.3",
     "express": "^4.18.2",

diff --git a/benchmarks/express-mongodb/withGuard.js b/benchmarks/express-mongodb/withGuard.js
@@ -1,8 +1,8 @@
-const { protect } = require("@aikidosec/guard");
+const { protect } = require("@aikidosec/runtime");
 
 protect();
 
 require("./createApp")(4000).then(() => {
   console.log("Listening on port 4000");
-  console.log("Secured with @aikidosec/guard!");
+  console.log("Secured with @aikidosec/runtime!");
 });
diff --git a/benchmarks/mongodb/package.json b/benchmarks/mongodb/package.json
@@ -2,7 +2,7 @@
   "name": "mongodb-bench",
   "private": true,
   "dependencies": {
-    "@aikidosec/guard": "file:../../library",
+    "@aikidosec/runtime": "file:../../library",
     "mongodb": "^6.3.0",
     "percentile": "^1.6.0"
   }

diff --git a/benchmarks/mongodb/withGuard.js b/benchmarks/mongodb/withGuard.js
@@ -1,9 +1,9 @@
-require("@aikidosec/guard").protect();
+require("@aikidosec/runtime").protect();
 
 const measure = require("./measure");
 const getUser = require("./getUser");
 const getClient = require("./getClient");
-const { runWithContext } = require("@aikidosec/guard");
+const { runWithContext } = require("@aikidosec/runtime");
 
 async function main() {
   const client = await getClient();

diff --git a/benchmarks/sql-injection/benchmark.js b/benchmarks/sql-injection/benchmark.js
@@ -8,7 +8,7 @@ const {
 } = require("../../library/dist/vulnerabilities/sql-injection/detectSQLInjection");
 const {
   SQLDialectMySQL,
-} = require("@aikidosec/guard/dist/vulnerabilities/sql-injection/dialects/SQLDialectMySQL");
+} = require("@aikidosec/runtime/dist/vulnerabilities/sql-injection/dialects/SQLDialectMySQL");
 
 const MAX_TIME_LIMIT = 0.05; // milliseconds / statement
 

diff --git a/docs/express.md b/docs/express.md
@@ -3,7 +3,7 @@
 At the very beginning of your app.js file, add the following line:
 
 ```js
-const { protect, preventPrototypePollution } = require('@aikidosec/guard');
+const { protect, preventPrototypePollution } = require('@aikidosec/runtime');
 
 protect(); // <-- Call this before any other code or imports
 
@@ -19,18 +19,18 @@ You can read more about `preventPrototypePollution` [here](./prototype-pollution
 or ESM import style:
 
 ```js
-import { protect, preventPrototypePollution } from '@aikidosec/guard';
+import { protect, preventPrototypePollution } from '@aikidosec/runtime';
 
 // ...
 ```
 
-That's it! Your app is now protected by Aikido guard.
+That's it! Your app is now protected by Aikido runtime.
 
 If you want to see a full example, check our [express sample app](../sample-apps/express-mongodb).
 
 ## Debug mode
 
-If you need to debug the guard, you can set the `debug` option to `true`:
+If you need to debug the runtime, you can set the `debug` option to `true`:
 
 ```js
 protect({ debug: true });

diff --git a/docs/lambda.md b/docs/lambda.md
@@ -3,7 +3,7 @@
 At the very beginning of your handler.js file, add the following line:
 
 ```js
-const { lambda, preventPrototypePollution } = require("@aikidosec/guard");
+const { lambda, preventPrototypePollution } = require("@aikidosec/runtime");
 
 const protect = lambda(); // <-- Call this before any other code or imports
 
@@ -21,21 +21,21 @@ You can read more about `preventPrototypePollution` [here](./prototype-pollution
 or ESM import style:
 
 ```js
-import { lambda, preventPrototypePollution } from '@aikidosec/guard';
+import { lambda, preventPrototypePollution } from '@aikidosec/runtime';
 ```
 
-In order for the guard to work properly, we need the following event properties to be present:
+In order for the runtime to work properly, we need the following event properties to be present:
 
 * `event.body`
 * `event.headers`
 
-That's it! Your AWS Lambda function is now protected by Aikido guard.
+That's it! Your AWS Lambda function is now protected by Aikido runtime.
 
 If you want to see a full example, check our [lambda sample app](../sample-apps/lambda-mongodb).
 
 ## Debug mode
 
-If you need to debug the guard, you can set the `debug` option to `true`:
+If you need to debug the runtime, you can set the `debug` option to `true`:
 
 ```js
 protect({ debug: true });

diff --git a/docs/prototype-pollution.md b/docs/prototype-pollution.md
@@ -1,6 +1,6 @@
 # Protect against prototype pollution
 
-Aikido guard can also protect your application against [prototype pollution attacks](https://www.aikido.dev/blog/prevent-prototype-pollution).
+Aikido runtime can also protect your application against [prototype pollution attacks](https://www.aikido.dev/blog/prevent-prototype-pollution).
 
 It works by calling [Object.freeze](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze) for some built-in JavaScript objects.
 
@@ -9,7 +9,7 @@ It works by calling [Object.freeze](https://developer.mozilla.org/en-US/docs/Web
 We believe that there are legitimate cases of prototype changes, but they should happen only during the initialization step. Hence, we recommend calling `preventPrototypePollution` when your application is initialised.
 
 ```js
-import { preventPrototypePollution } from '@aikidosec/guard';
+import { preventPrototypePollution } from '@aikidosec/runtime';
 
 import express from 'express';
 

diff --git a/end2end/tests/express-mongodb.test.js b/end2end/tests/express-mongodb.test.js
@@ -46,7 +46,7 @@ t.test("it blocks in blocking mode", (t) => {
       t.equal(noSQLInjection.status, 500);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.match(stderr, /Aikido guard has blocked a NoSQL injection/);
+      t.match(stderr, /Aikido runtime has blocked a NoSQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);
@@ -91,7 +91,7 @@ t.test("it does not block in dry mode", (t) => {
       t.equal(noSQLInjection.status, 200);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.notMatch(stderr, /Aikido guard has blocked a NoSQL injection/);
+      t.notMatch(stderr, /Aikido runtime has blocked a NoSQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);

diff --git a/end2end/tests/express-mongoose.test.js b/end2end/tests/express-mongoose.test.js
@@ -46,7 +46,7 @@ t.test("it blocks in blocking mode", (t) => {
       t.equal(noSQLInjection.status, 500);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.match(stderr, /Aikido guard has blocked a NoSQL injection/);
+      t.match(stderr, /Aikido runtime has blocked a NoSQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);
@@ -91,7 +91,7 @@ t.test("it does not block in dry mode", (t) => {
       t.equal(noSQLInjection.status, 200);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.notMatch(stderr, /Aikido guard has blocked a NoSQL injection/);
+      t.notMatch(stderr, /Aikido runtime has blocked a NoSQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);

diff --git a/end2end/tests/express-mysql.test.js b/end2end/tests/express-mysql.test.js
@@ -49,7 +49,7 @@ t.test("it blocks in blocking mode", (t) => {
       t.equal(noSQLInjection.status, 500);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.match(stderr, /Aikido guard has blocked a SQL injection/);
+      t.match(stderr, /Aikido runtime has blocked a SQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);
@@ -97,7 +97,7 @@ t.test("it does not block in dry mode", (t) => {
       t.equal(noSQLInjection.status, 200);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.notMatch(stderr, /Aikido guard has blocked a SQL injection/);
+      t.notMatch(stderr, /Aikido runtime has blocked a SQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);

diff --git a/end2end/tests/express-mysql2.test.js b/end2end/tests/express-mysql2.test.js
@@ -49,7 +49,7 @@ t.test("it blocks in blocking mode", (t) => {
       t.equal(noSQLInjection.status, 500);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.match(stderr, /Aikido guard has blocked a SQL injection/);
+      t.match(stderr, /Aikido runtime has blocked a SQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);
@@ -97,7 +97,7 @@ t.test("it does not block in dry mode", (t) => {
       t.equal(noSQLInjection.status, 200);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.notMatch(stderr, /Aikido guard has blocked a SQL injection/);
+      t.notMatch(stderr, /Aikido runtime has blocked a SQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);

diff --git a/end2end/tests/express-postgres.test.js b/end2end/tests/express-postgres.test.js
@@ -49,7 +49,7 @@ t.test("it blocks in blocking mode", (t) => {
       t.equal(noSQLInjection.status, 500);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.match(stderr, /Aikido guard has blocked a SQL injection/);
+      t.match(stderr, /Aikido runtime has blocked a SQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);
@@ -97,7 +97,7 @@ t.test("it does not block in dry mode", (t) => {
       t.equal(noSQLInjection.status, 200);
       t.equal(normalSearch.status, 200);
       t.match(stdout, /Starting agent/);
-      t.notMatch(stderr, /Aikido guard has blocked a SQL injection/);
+      t.notMatch(stderr, /Aikido runtime has blocked a SQL injection/);
     })
     .catch((error) => {
       t.fail(error.message);

diff --git a/library/package.json b/library/package.json
@@ -1,7 +1,7 @@
 {
-  "name": "@aikidosec/guard",
+  "name": "@aikidosec/runtime",
   "version": "0.0.0",
-  "description": "Aikido guard protects your application against NoSQL injections and more",
+  "description": "Aikido runtime protects your application against NoSQL injections and more",
   "repository": "https://github.com/AikidoSec/guard-node",
   "keywords": [
     "security",

diff --git a/library/src/agent/applyHooks.ts b/library/src/agent/applyHooks.ts
@@ -166,7 +166,7 @@ function wrapWithoutArgumentModification(
 
         if (agent.shouldBlock()) {
           throw new Error(
-            `Aikido guard has blocked a ${attackKindHumanName(result.kind)}: ${result.operation}(...) originating from ${sourceHumanName(result.source)} (${result.pathToPayload})`
+            `Aikido runtime has blocked a ${attackKindHumanName(result.kind)}: ${result.operation}(...) originating from ${sourceHumanName(result.source)} (${result.pathToPayload})`
           );
         }
       }

diff --git a/library/src/sinks/MongoDB.test.ts b/library/src/sinks/MongoDB.test.ts
@@ -116,7 +116,7 @@ t.test("it inspects method calls and blocks if needed", async (t) => {
     if (bulkError instanceof Error) {
       t.same(
         bulkError.message,
-        "Aikido guard has blocked a NoSQL injection: MongoDB.Collection.bulkWrite(...) originating from body (.myTitle)"
+        "Aikido runtime has blocked a NoSQL injection: MongoDB.Collection.bulkWrite(...) originating from body (.myTitle)"
       );
     }
 
@@ -129,7 +129,7 @@ t.test("it inspects method calls and blocks if needed", async (t) => {
     if (error instanceof Error) {
       t.same(
         error.message,
-        "Aikido guard has blocked a NoSQL injection: MongoDB.Collection.find(...) originating from body (.myTitle)"
+        "Aikido runtime has blocked a NoSQL injection: MongoDB.Collection.find(...) originating from body (.myTitle)"
       );
     }
 

diff --git a/library/src/sinks/MySQL.test.ts b/library/src/sinks/MySQL.test.ts
@@ -71,7 +71,7 @@ t.test("it detects SQL injections", async () => {
     if (error instanceof Error) {
       t.same(
         error.message,
-        "Aikido guard has blocked a SQL injection: MySQL.query(...) originating from body (.myTitle)"
+        "Aikido runtime has blocked a SQL injection: MySQL.query(...) originating from body (.myTitle)"
       );
     }
 

diff --git a/library/src/sinks/MySQL2.test.ts b/library/src/sinks/MySQL2.test.ts
@@ -69,7 +69,7 @@ t.test("it detects SQL injections", async () => {
     if (error instanceof Error) {
       t.same(
         error.message,
-        "Aikido guard has blocked a SQL injection: mysql2.query(...) originating from body (.myTitle)"
+        "Aikido runtime has blocked a SQL injection: mysql2.query(...) originating from body (.myTitle)"
       );
     }
 

diff --git a/library/src/sinks/Postgres.pool.test.ts b/library/src/sinks/Postgres.pool.test.ts
@@ -55,7 +55,7 @@ t.test("it detects SQL injections", async () => {
     if (error instanceof Error) {
       t.same(
         error.message,
-        "Aikido guard has blocked a SQL injection: pg.query(...) originating from body (.myTitle)"
+        "Aikido runtime has blocked a SQL injection: pg.query(...) originating from body (.myTitle)"
       );
     }
 

diff --git a/library/src/sinks/Postgres.test.ts b/library/src/sinks/Postgres.test.ts
@@ -54,7 +54,7 @@ t.test("it inspects query method calls and blocks if needed", async () => {
     if (error instanceof Error) {
       t.same(
         error.message,
-        "Aikido guard has blocked a SQL injection: pg.query(...) originating from body (.myTitle)"
+        "Aikido runtime has blocked a SQL injection: pg.query(...) originating from body (.myTitle)"
       );
     }