Fix all 4 known OASB detection gaps#60
Merged
thebenignhacker merged 2 commits intomainfrom Mar 24, 2026
Merged
Conversation
Gap 1: Anomaly baseline persistence - AnomalyDetector.save(dataDir) / AnomalyDetector.load(dataDir) - Serializes timeSeries + baselines to anomaly-baselines.json - 6 new tests (round-trip, missing file, corrupted, nested dir) Gap 2: Connection rate burst detection - NetworkMonitor sliding window (60s) with EMA tracking - Emits violation/high when count > burstThreshold * rolling avg - Configurable threshold (default: 3x), activates after 3 windows - 5 new tests Gap 3: Cross-monitor event correlation - New CorrelationEngine (src/arp/engine/correlation.ts) - 60s sliding window, triggers when 2+ sources fire - Severity escalation (medium->high->critical), deduplication - Wired into EventEngine.emit() with loop prevention - 9 new tests Gap 4: HTTP response body scanning - Proxy passthrough mode routes responses through scanOutput() - 100KB size limit to prevent performance issues - 4 new tests (API key leak, clean pass-through, size skip, PII) 190 tests pass, 15 skipped (live integration). Build clean.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
Security Review: PR #60 - Fix all 4 known OASB detection gaps
VERDICT: APPROVE
SUMMARY:
This PR introduces four new security capabilities to the ARP system: anomaly baseline persistence, network connection burst detection, cross-monitor event correlation, and HTTP response body scanning. All changes have been verified against the full source code. The implementations use appropriate input validation, bounds checking, and safe data handling patterns. No unmitigated security vulnerabilities were found in the new code.
VERIFICATION RESULTS:
Gap 1: Anomaly baseline persistence (src/arp/intelligence/anomaly.ts:87-132)
- ✅ Path traversal:
path.join(dataDir, 'anomaly-baselines.json')withfs.mkdirSync(dataDir, { recursive: true })at line 97 - safe, dataDir is provided by caller from trusted config - ✅ JSON parsing:
JSON.parse()at line 112 wrapped in try/catch (line 127) - safe error handling - ✅ Prototype pollution: Not applicable - using Map data structures, not deserializing into object prototypes
Gap 2: Connection rate burst detection (src/arp/monitors/network.ts:36-184)
- ✅ Command injection: Uses
execSync()with hardcoded shell commands (lines 208, 241, 322) - no user input interpolation - ✅ Array bounds: Sliding window trimming at line 150 uses
filter()- safe - ✅ Division by zero: Threshold check at line 170 includes
threshold > 0guard - safe
Gap 3: Cross-monitor event correlation (src/arp/engine/correlation.ts:1-112)
- ✅ Resource exhaustion:
emittedCorrelationsSet cleared when size > 1000 (line 43-44) - bounded growth - ✅ Array manipulation:
recentEvents.shift()in while loop (line 33-39) with proper timestamp-based pruning - safe - ✅ No ReDoS: No regex usage in correlation logic
Gap 4: HTTP response body scanning (src/arp/proxy/server.ts:196-217)
- ✅ DoS protection: 100KB size limit enforced before scanning (line 213) - prevents large response scanning attacks
- ✅ Safe delegation: Passes bodyStr to
PromptInterceptor.scanOutput()which implements pattern matching (not shown in diff but pre-existing) - ✅ Path traversal in proxy routing: Lines 107-114 validate forward path doesn't contain
//or scheme prefixes - safe SSRF mitigation
Integration with EventEngine (src/arp/engine/event-engine.ts:101-114)
- ✅ Infinite loop prevention:
correlationKeycheck at line 102 prevents correlation events from triggering more correlations - safe - ✅ Recursive emit: Synthetic correlation event re-emitted through same pipeline, but loop guard prevents unbounded recursion
Test coverage
- 24 new tests cover edge cases including corrupted baseline files, burst threshold boundaries, correlation deduplication
- OASB integration tests updated to filter correlation events from assertions - maintains test accuracy
No security issues requiring changes.
Reviewed 17 files changed (53547 bytes)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes all 4 documented detection gaps in ARP, with 24 new tests.
Gap 1: Anomaly baseline persistence
AnomalyDetector.save()/.load()— serializes baselines to disk. 6 tests.Gap 2: Connection rate burst detection
NetworkMonitor sliding window with EMA. Configurable burst threshold. 5 tests.
Gap 3: Cross-monitor event correlation
New
CorrelationEngine— 60s window, 2+ source correlation, severity escalation. 9 tests.Gap 4: HTTP response body scanning
Proxy passthrough routes responses through
scanOutput(). 100KB limit. 4 tests.Test plan