Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion app.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
// Include Zen firewall before any other code or imports to ensure it wraps/initializes
require('@aikidosec/firewall');

/*
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
Expand All @@ -6,4 +9,4 @@
require('./lib/startup/validateDependencies')().then(() => {
const server = require('./server')
server.start()
})
})
26 changes: 26 additions & 0 deletions docs/zen-integration.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Zen (Aikido) integration — notes

What this change does
- Adds the npm dependency `@aikidosec/firewall` to the root `package.json`.
- Requires `@aikidosec/firewall` at the very top of `app.ts` so the firewall module initializes before any other code. This follows Aikido's guidance to "Include this before any other code or imports".
- This branch intentionally does not alter CI to keep risk low. CI automation can be added separately to exercise the integrated firewall.

How to test locally
1. From repository root (checkout the branch `feat/zen-integration`):
- npm ci
- cd frontend && npm ci --legacy-peer-deps && npm run build || true && cd ..
- npm run build:server || true
- npm run serve
2. Check server logs for a message from the firewall. To make it visible, you can temporarily add:
- require('@aikidosec/firewall'); console.log('[Zen] firewall loaded');
at the top of app.ts
3. Visit http://localhost:3000 and exercise Juice Shop endpoints. Because the app is intentionally vulnerable, run tests only in an isolated environment.

How to revert
- Remove the `require('@aikidosec/firewall');` line from app.ts
- npm uninstall @aikidosec/firewall
- Commit and push the removal, or revert the branch/PR in GitHub.

Notes & recommendations
- Pin the firewall package to a specific version before merging instead of using `*`. Example: `npm install @aikidosec/firewall@1.2.3 --save`.
- Adding a WAF inside the app may change behavior of some Juice Shop challenges. Keep this change in a feature branch and test thoroughly before merging into main.
71 changes: 36 additions & 35 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@
"check-internet-connected": "^2.0.6",
"clarinet": "^0.12.5",
"colors": "1.4.0",
"@aikidosec/firewall": "*",
"compression": "^1.7.4",
"concurrently": "^5.3.0",
"config": "^3.3.7",
Expand Down Expand Up @@ -146,7 +147,7 @@
"grunt-contrib-compress": "^1.6.0",
"grunt-replace-json": "^0.1.0",
"hashids": "^2.2.1",
"hbs": "^4.0.4",
"hbs": "^4.0.0",
"helmet": "^4.0.0",
"html-entities": "^1.3.1",
"i18n": "^0.11.1",
Expand Down Expand Up @@ -199,39 +200,39 @@
"@types/cypress": "^1.1.3",
"@types/download": "^8.0.5",
"@types/errorhandler": "^1.5.0",
"@types/exif": "^0.6.3",
"@types/express": "^4.17.11",
"@types/express-jwt": "^6.0.0",
"@types/frisby": "^2.0.10",
"@types/fs-extra": "^9.0.6",
"@types/glob": "^7.1.6",
"@types/graceful-fs": "^4.1.5",
"@types/i18n": "^0.12.0",
"@types/jasmine": "~3.9.1",
"@types/jest": "^26.0.20",
"@types/js-yaml": "^3.12.6",
"@types/jsonwebtoken": "^8.5.0",
"@types/jws": "^3.2.5",
"@types/mocha": "^8.1.1",
"@types/morgan": "^1.9.2",
"@types/multer": "^1.4.5",
"@types/node": "^17.0.36",
"@types/on-finished": "^2.3.1",
"@types/pdfkit": "^0.10.6",
"@types/portscanner": "^2.1.0",
"@types/pug": "^2.0.4",
"@types/request": "^2.48.5",
"@types/sanitize-html": "^1.27.0",
"@types/semver": "^7.3.4",
"@types/sequelize": "^4.28.11",
"@types/serve-index": "^1.7.30",
"@types/sinon": "^10.0.4",
"@types/sinon-chai": "^3.2.5",
"@types/socket.io": "^2.1.13",
"@types/socket.io-client": "^1.4.35",
"@types/swagger-ui-express": "^4.1.2",
"@types/unzipper": "^0.10.3",
"@types/validator": "^13.1.3",
"@types-exif": "^0.6.3",
"@types-express": "^4.17.11",
"@types-express-jwt": "6.0.0",
"@types-frisby": "^2.0.10",
"@types-fs-extra": "^9.0.6",
"@types-glob": "^7.1.6",
"@types-graceful-fs": "^1.4.5",
"@types-i18n": "^0.12.0",
"@types-jasmine": "~3.9.1",
"@types-jest": "^26.0.20",
"@types-js-yaml": "^3.12.6",
"@types-jsonwebtoken": "^8.5.0",
"@types-jws": "^3.2.5",
"@types-mocha": "^8.1.1",
"@types-morgan": "^1.9.2",
"@types-multer": "^1.4.5",
"@types-node": "^17.0.36",
"@types-on-finished": "^2.3.1",
"@types-pdfkit": "^0.10.6",
"@types-portscanner": "^2.1.0",
"@types-pug": "^2.0.4",
"@types-request": "^2.48.6",
"@types-sanitize-html": "^1.27.0",
"@types-semver": "^7.3.4",
"@types-sequelize": "^4.28.11",
"@types-serve-index": "^1.7.30",
"@types-sinon": "^10.0.4",
"@types-sinon-chai": "^3.2.25",
"@types-socket.io": "^2.1.13",
"@types-socket.io-client": "^1.4.35",
"@types-swagger-ui-express": "^4.1.2",
"@types-unzipper": "^0.10.3",
"@types-validator": "^13.1.3",
"@typescript-eslint/eslint-plugin": "^6.7.2",
"@typescript-eslint/parser": "^6.7.2",
"chai": "^4.2.0",
Expand Down Expand Up @@ -285,4 +286,4 @@
"inject"
]
}
}
}