Spaces:
Running
Running
| import '../models/kavacha_models.dart'; | |
| class Layer1Firewall implements KavachaLayer { | |
| Future<LayerResult> inspect(SmsContext ctx) async { | |
| List<String> violations = []; | |
| final lowerBody = ctx.body.toLowerCase(); | |
| // 1. Sender format | |
| if (ctx.sender.startsWith('+') && ctx.sender.length > 13) { | |
| violations.add("unknown_sender_format"); | |
| } | |
| // 2. Domain reputation (simple mock matching) | |
| if (lowerBody.contains("http") && !lowerBody.contains("hdfcbank.com") && lowerBody.contains("hdfc")) { | |
| violations.add("domain_reputation_mismatch"); | |
| } | |
| // 3. Urgency language | |
| if (lowerBody.contains("urgent") || lowerBody.contains("blocked") || lowerBody.contains("suspend")) { | |
| violations.add("urgency_language"); | |
| } | |
| // 4. Money pattern | |
| if (ctx.body.contains("₹") && (lowerBody.contains("pay") || lowerBody.contains("collect"))) { | |
| violations.add("money_pattern"); | |
| } | |
| // 5. Temporal anomaly | |
| final hour = DateTime.now().hour; | |
| if (hour < 6 || hour > 22) { | |
| if (lowerBody.contains("kyc") || lowerBody.contains("account")) { | |
| violations.add("temporal_anomaly"); | |
| } | |
| } | |
| if (violations.length >= 3) { | |
| return LayerResult.block("5-Tuple Firewall Violation", 0.95, violations, 1); | |
| } | |
| return LayerResult.continueInspection(); | |
| } | |
| } | |