AikidoSec · willem-delbare · Sep 4, 2024 · Sep 3, 2024 · Sep 3, 2024 · Sep 4, 2024
diff --git a/aikido_firewall/background_process/aikido_background_process.py b/aikido_firewall/background_process/aikido_background_process.py
@@ -15,7 +15,9 @@
 )
 from aikido_firewall.helpers.check_env_for_blocking import check_env_for_blocking
 from aikido_firewall.helpers.token import get_token_from_env
-from aikido_firewall.background_process.api.http_api import ReportingApiHTTP
+from aikido_firewall.background_process.api.http_api_ratelimited import (
+    ReportingApiHTTPRatelimited,
+)
 from .commands import process_incoming_command
 
 EMPTY_QUEUE_INTERVAL = 5  # 5 seconds
@@ -70,7 +72,11 @@
         )  # Create an event scheduler
         self.send_to_connection_manager(event_scheduler)
 
-        api = ReportingApiHTTP("https://guard.aikido.dev/")
+        api = ReportingApiHTTPRatelimited(
+            "https://guard.aikido.dev/",
+            max_events_per_interval=2,
+            interval_in_ms=15 * 1000,
+        )
         # We need to pass along the scheduler so that the heartbeat also gets sent
         self.connection_manager = CloudConnectionManager(
             block=check_env_for_blocking(),

diff --git a/aikido_firewall/background_process/api/http_api_ratelimited.py b/aikido_firewall/background_process/api/http_api_ratelimited.py
@@ -0,0 +1,33 @@
+"""
+Exports ReportingApiHTTPRatelimited
+"""
+
+from aikido_firewall.background_process.api.http_api import ReportingApiHTTP
+import aikido_firewall.helpers.get_current_unixtime_ms as t
+
+
+class ReportingApiHTTPRatelimited(ReportingApiHTTP):
+    """HTTP Reporting API that has ratelimiting support"""
+
+    def __init__(self, reporting_url, max_events_per_interval, interval_in_ms):
+        super().__init__(reporting_url)
+        self.interval_in_ms = interval_in_ms
+        self.max_events_per_interval = max_events_per_interval
+        self.events = []
+
+    def report(self, token, event, timeout_in_sec):
+        if event["type"] == "detected_attack":
+            # Remove all outdated events :
+            current_time = t.get_unixtime_ms()
+
+            def event_in_interval_filter(e):
+                return e["time"] > current_time - self.interval_in_ms
+
+            self.events = list(filter(event_in_interval_filter, self.events))
+
+            # Check if interval is exceeded :
+            if len(self.events) >= self.max_events_per_interval:
+                return {"success": False, "error": "max_attacks_reached"}
+
+            self.events.append(event)
+        return super().report(token, event, timeout_in_sec)