ver 2.2.0

CHANGELOG.md

@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [2.2.0] - 2019-05-06
+### Added
+- Send telemetry by command
+
 ## [2.1.1] - 2019-05-02
 ### Fixed
 - pxConfig setting for proxy

README.md

@@ -5,7 +5,7 @@
 [PerimeterX](http://www.perimeterx.com) Shared base for NodeJS enforcers
 =============================================================
 
-> Latest stable version: [v2.1.1](https://www.npmjs.com/package/perimeterx-node-core)
+> Latest stable version: [v2.2.0](https://www.npmjs.com/package/perimeterx-node-core)
 
 This is a shared base implementation for PerimeterX Express enforcer and future NodeJS enforcers. For a fully functioning implementation example, see the [Node-Express enforcer](https://github.com/PerimeterX/perimeterx-node-express/) implementation.
 

lib/pxconfig.js

@@ -32,7 +32,8 @@ class PxConfig {
             ['SEND_PAGE_ACTIVITIES', 'sendPageActivities'], ['SENSITIVE_HEADERS', 'sensitiveHeaders'], ['DEBUG_MODE', 'debugMode'], ['MAX_BUFFER_LEN', 'maxBufferLength'], ['JS_REF', 'jsRef'], 
             ['CSS_REF', 'cssRef'], ['CUSTOM_LOGO', 'customLogo'], ['SENSITIVE_ROUTES', 'sensitiveRoutes'], ['WHITELIST_ROUTES', 'whitelistRoutes'], ['DYNAMIC_CONFIGURATIONS', 'dynamicConfigurations'], 
             ['MODULE_MODE', 'moduleMode'], ['FIRST_PARTY_ENABLED', 'firstPartyEnabled'], ['ADDITIONAL_ACTIVITY_HANDLER', 'additionalActivityHandler'], ['ENRICH_CUSTOM_PARAMETERS', 'enrichCustomParameters'], 
-            ['TESTING_MODE', 'testingMode'], ['WHITELIST_EXT', 'whitelistExt'], ['BYPASS_MONITOR_HEADER', 'bypassMonitorHeader'], ['ADVANCED_BLOCKING_RESPONSE', 'advancedBlockingResponse']];
+            ['TESTING_MODE', 'testingMode'], ['WHITELIST_EXT', 'whitelistExt'], ['BYPASS_MONITOR_HEADER', 'bypassMonitorHeader'], ['ADVANCED_BLOCKING_RESPONSE', 'advancedBlockingResponse'],
+            ['TELEMETRY_COMMAND_HEADER', 'telemetryCommandHeader']];
 
         configKeyMapping.forEach(([targetKey, sourceKey]) => {
             this.PX_DEFAULT[targetKey] = PxConfig.configurationsOverriding(this.PX_DEFAULT, params, targetKey, sourceKey);
@@ -112,6 +113,7 @@ function pxInternalConfig() {
         SERVER_COLLECT_URI: '/api/v1/collector/s2s',
         CONFIGURATIONS_URI: '/api/v1/enforcer',
         TELEMETRY_URI: '/api/v2/risk/telemetry',
+        TELEMETRY_COMMAND_HEADER: 'x-px-enforcer-telemetry',
         ENFORCER_TRUE_IP_HEADER: 'x-px-enforcer-true-ip',
         FIRST_PARTY_HEADER: 'x-px-first-party',
         FORWARDED_FOR_HEADER: 'x-forwarded-for',
@@ -238,7 +240,8 @@ const configSchemaMapper = {
     px_test_mode: 'testingMode', 
     px_whitelist_extensions: 'whitelistExt', 
     px_bypass_monitor_header: 'bypassMonitorHeader',
-    px_advanced_blocking_response: 'advancedBlockingResponse'
+    px_advanced_blocking_response: 'advancedBlockingResponse',
+    px_telemetry_command: 'telemetryCommandHeader'
 };
 
 module.exports = PxConfig;

lib/pxenforcer.js

@@ -10,6 +10,7 @@ const pxApi = require('./pxapi');
 const pxCookie = require('./pxcookie');
 const PxLogger = require('./pxlogger');
 const ConfigLoader = require('./configloader');
+const telemetryHandler = require('./telemetry_handler.js');
 
 class PxEnforcer {
     constructor(params, client) {
@@ -22,7 +23,6 @@ class PxEnforcer {
 
         this.pxClient = (client) ? client : new PxClient();
         this.pxClient.init(this._config);
-        this.pxClient.sendEnforcerTelemetry('initial_config', this._config);
         if (this._config.DYNAMIC_CONFIGURATIONS) {
             this.config.configLoader = new ConfigLoader(this.pxConfig, this.pxClient);
             this.config.configLoader.init();
@@ -55,6 +55,14 @@ class PxEnforcer {
             return cb();
         }
 
+        try {
+            if(telemetryHandler.isTelemetryCommand(req, this._config)) {
+                this.pxClient.sendEnforcerTelemetry('command', this._config);
+            }
+        } catch (err) {
+            this.logger.debug('Telemetry command failure. unexpected error. ' + err.message);
+        }
+
         try {
             const ctx = new PxContext(this._config, req, this.logger);
             this.logger.debug('Request context created successfully');

lib/telemetry_handler.js

@@ -0,0 +1,52 @@
+const crypto = require('crypto');
+const PxLogger = require('./pxlogger');
+
+module.exports = {
+    isTelemetryCommand
+};
+
+function isTelemetryCommand(req, config) {
+
+    const logger = new PxLogger();
+    const headerVal = req.headers[config.TELEMETRY_COMMAND_HEADER];
+
+    if(!headerVal) {
+        return false;
+    }
+
+    logger.debug('Received command to send enforcer telemetry');
+
+    // base 64 decode
+    const decodedString = Buffer.from(headerVal, 'base64').toString();
+
+    // value is in the form of timestamp:hmac_val
+    const splittedValue = decodedString.split(':');
+
+    if(splittedValue.length !== 2) {
+        logger.debug('Malformed header value - ${config.TELEMETRY_COMMAND_HEADER} = ${headerVal}');
+        return false;
+    }
+
+    const [timestamp, hmac] = splittedValue;
+
+    // timestamp
+    if(Number(timestamp) < new Date().getTime()) {
+        logger.debug('Telemetry command has expired');
+        return false;
+    }
+
+    // check hmac integrity
+    const hmacCreator = crypto.createHmac('sha256', config.COOKIE_SECRET_KEY);
+    hmacCreator.setEncoding('hex');
+    hmacCreator.write(timestamp);
+    hmacCreator.end();
+    const generatedHmac = hmacCreator.read();
+
+    if (generatedHmac !== hmac) {
+        logger.debug('hmac validation failed. original = ${hmac}, generated = ${generatedHmac}');
+        return false;
+    }
+
+    return true;
+}
+

package.json

@@ -1,6 +1,6 @@
 {
   "name": "perimeterx-node-core",
-  "version": "2.1.1",
+  "version": "2.2.0",
   "description": "PerimeterX NodeJS shared core for various applications to monitor and block traffic according to PerimeterX risk score",
   "main": "index.js",
   "scripts": {