Attack wave detection: fix bugs & report samples #552
Conversation
- Updated AttackWaveDetector to accept Context objects instead of IP strings - Added sample tracking functionality to collect request samples for metadata - Updated is_attack_wave to check if context is from a web scanner using is_web_scanner - Added get_samples_for_ip and clear_samples_for_ip methods to AttackWaveDetector - Updated AttackWaveDetectorStore to work with context objects - Updated create_attack_wave_event to include samples in metadata reporting - Updated request_handler to pass context objects and include samples in events - Updated all test cases to work with the new context-based approach - Added comprehensive tests for sample tracking functionality This implementation follows the pattern from firewall-node's AttackWaveDetector.ts and includes metadata reporting similar to the onDetectedAttackWave function in Agent.ts
…r better test consistency
- Run black formatter to ensure consistent code style - Remove unused json import from create_attack_wave_event.py - Apply consistent double-quote formatting throughout Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
aikido_zen/vulnerabilities/attack_wave_detection/attack_wave_detector.py
Outdated
Show resolved
Hide resolved
aikido_zen/vulnerabilities/attack_wave_detection/attack_wave_detector.py
Show resolved
Hide resolved
| import json | ||
| from aikido_zen.helpers.limit_length_metadata import limit_length_metadata | ||
| from aikido_zen.helpers.logging import logger | ||
| from aikido_zen.storage.attack_wave_detector_store import attack_wave_detector_store |
There was a problem hiding this comment.
Importing and using the module-level singleton 'attack_wave_detector_store' caches request-specific samples globally and can leak data between requests
Details
✨ AI Reasoning
1) The added code imports a module-level singleton 'attack_wave_detector_store' and then reads/writes per-request samples from it inside create_attack_wave_event; 2) This introduces a new dependency on a global store that holds request-specific samples across requests, which can leak data between requests or cause race conditions; 3) The issue harms maintainability and safety because request-scoped data is now stored in a shared global object rather than passed through call state, making reasoning about data lifetime and isolation harder.
🔧 How do I fix it?
Avoid storing request-specific data in module-level variables. Use request-scoped variables or explicitly mark shared caches as intentional.
More info - Comment @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
aikido_zen/vulnerabilities/attack_wave_detection/attack_wave_detector.py
Show resolved
Hide resolved
had to write evt myself in the end lol
aikido_zen/vulnerabilities/attack_wave_detection/attack_wave_detector.py
Show resolved
Hide resolved
bitterpanda63
changed the title
No description provided.