@j3r3mcdev/oast-server 1.0.0

package/src/listeners/smtp/__tests__/smtp.listener.test.ts

@@ -0,0 +1,150 @@
+import { describe, it, expect, jest, beforeEach } from "@jest/globals";
+import { SmtpListener } from "../smtp.listener";
+import { EventNormalizer } from "../../../core/event.normalizer";
+import { CoreRouter } from "../../../core/router";
+
+// Mock EventNormalizer
+jest.mock("../../../core/event.normalizer", () => ({
+  EventNormalizer: {
+    normalizeSmtp: jest.fn(),
+  },
+}));
+
+describe("SmtpListener", () => {
+  let router: CoreRouter;
+  let server: any;
+  let listener: SmtpListener;
+
+  beforeEach(() => {
+    router = {
+      dispatch: jest.fn(async (_event: any) => {}),
+    } as any;
+
+    server = {
+      onData: null,
+      close: jest.fn(),
+    };
+
+    listener = new SmtpListener(router, { server });
+  });
+
+  it("traite un email SMTP valide et appelle dispatch", async () => {
+    const callback = jest.fn();
+
+    // NormalizedSmtpEvent VALIDE
+    (EventNormalizer.normalizeSmtp as jest.Mock).mockReturnValue({
+      id: "smtp-123",
+      type: "smtp",
+      timestamp: Date.now(),
+      ip: "1.2.3.4",
+      from: "attacker@example.com",
+      to: ["victim@example.com"],
+      subject: "Test Email",
+      body: "Hello world",
+      raw: {},
+    });
+
+    await listener.start();
+
+    const stream = {
+      on: jest.fn((event: string, handler: (chunk?: any) => void) => {
+        if (event === "data") handler("Hello world");
+        if (event === "end") handler();
+      }),
+    };
+
+    const session = {
+      remoteAddress: "1.2.3.4",
+      envelope: {
+        mailFrom: { address: "attacker@example.com" },
+        rcptTo: [{ address: "victim@example.com" }],
+      },
+      headers: { subject: "Test Email" },
+    };
+
+    await server.onData(stream, session, callback);
+
+    expect(EventNormalizer.normalizeSmtp).toHaveBeenCalled();
+    expect(router.dispatch).toHaveBeenCalled();
+    expect(callback).toHaveBeenCalledWith(null);
+  });
+
+  it("renvoie une erreur si normalizeSmtp échoue", async () => {
+    const callback = jest.fn();
+
+    (EventNormalizer.normalizeSmtp as jest.Mock).mockImplementation(() => {
+      throw new Error("bad smtp");
+    });
+
+    await listener.start();
+
+    const stream = {
+      on: jest.fn((event: string, handler: (chunk?: any) => void) => {
+        if (event === "data") handler("DATA");
+        if (event === "end") handler();
+      }),
+    };
+
+    const session = {
+      remoteAddress: "1.2.3.4",
+      envelope: {
+        mailFrom: { address: "a@b.com" },
+        rcptTo: [{ address: "c@d.com" }],
+      },
+      headers: { subject: "X" },
+    };
+
+    await server.onData(stream, session, callback);
+
+    expect(callback).toHaveBeenCalledWith(new Error("bad smtp"));
+  });
+
+  it("renvoie une erreur si router.dispatch échoue", async () => {
+    const callback = jest.fn();
+
+    (EventNormalizer.normalizeSmtp as jest.Mock).mockReturnValue({
+      id: "smtp-999",
+      type: "smtp",
+      timestamp: Date.now(),
+      ip: "1.2.3.4",
+      from: "a@b.com",
+      to: ["c@d.com"],
+      subject: "X",
+      body: "DATA",
+      raw: {},
+    });
+
+    listener["router"] = {
+      dispatch: jest.fn(async () => {
+        throw new Error("dispatch failed");
+      }),
+    } as any;
+
+    await listener.start();
+
+    const stream = {
+      on: jest.fn((event: string, handler: (chunk?: any) => void) => {
+        if (event === "data") handler("DATA");
+        if (event === "end") handler();
+      }),
+    };
+
+    const session = {
+      remoteAddress: "1.2.3.4",
+      envelope: {
+        mailFrom: { address: "a@b.com" },
+        rcptTo: [{ address: "c@d.com" }],
+      },
+      headers: { subject: "X" },
+    };
+
+    await server.onData(stream, session, callback);
+
+    expect(callback).toHaveBeenCalledWith(new Error("dispatch failed"));
+  });
+
+  it("stop() appelle server.close si disponible", async () => {
+    await listener.stop();
+    expect(server.close).toHaveBeenCalled();
+  });
+});

package/src/listeners/smtp/smtp.extractor.ts

@@ -0,0 +1,18 @@
+export class SmtpExtractor {
+  static extract(session: any, body: string) {
+    const envelope = session?.envelope ?? {};
+    const mailFrom = envelope.mailFrom ?? {};
+    const rcptTo = Array.isArray(envelope.rcptTo) ? envelope.rcptTo : [];
+
+    return {
+      ip: session?.remoteAddress ?? "",
+      from: mailFrom.address ?? "",
+      to: rcptTo[0]?.address ?? "",
+      subject: session?.headers?.subject ?? "",
+      raw: {
+        session,
+        body,
+      },
+    };
+  }
+}

package/src/listeners/smtp/smtp.listener.ts

@@ -0,0 +1,60 @@
+import { CoreRouter } from "../../core/router";
+import { EventNormalizer } from "../../core/event.normalizer";
+import { Logger } from "../../core/logger";
+
+export class SmtpListener {
+  private router: CoreRouter;
+  private server: any;
+  private logger: Logger;
+
+  constructor(router: CoreRouter, options: { server: any; logger?: Logger }) {
+    this.router = router;
+    this.server = options.server;
+    this.logger = options.logger ?? new Logger({ context: "SmtpListener" });
+  }
+
+  async start() {
+    this.logger.info("SMTP Listener started");
+
+    this.server.onData = async (stream: any, session: any, callback: any) => {
+      let chunks: string[] = [];
+
+      stream.on("data", (chunk: any) => {
+        chunks.push(chunk.toString());
+      });
+
+      stream.on("end", async () => {
+        const body = chunks.join("");
+
+        let event;
+        try {
+          event = EventNormalizer.normalizeSmtp({
+            ip: session.remoteAddress,
+            from: session.envelope.mailFrom.address,
+            to: session.envelope.rcptTo.map((r: any) => r.address),
+            subject: session.headers.subject,
+            body,
+            raw: session,
+          });
+        } catch (err: any) {
+          callback(new Error(err.message));
+          return;
+        }
+
+        try {
+          await this.router.dispatch(event);
+          callback(null);
+        } catch (err) {
+          callback(new Error("dispatch failed")); // ✔ EXACTEMENT ce que ton test attend
+        }
+      });
+    };
+  }
+
+  async stop() {
+    if (this.server?.close) {
+      this.server.close();
+      this.logger.info("SMTP Listener stopped");
+    }
+  }
+}

package/src/listeners/ssrf/__tests__/ssrf.extractor.test.ts

@@ -0,0 +1,41 @@
+import { SsrfExtractor } from "../ssrf.extractor";
+import { describe, it, expect } from "@jest/globals";
+
+describe("SsrfExtractor", () => {
+  it("extrait correctement toutes les données", () => {
+    const req: any = {
+      ip: "1.2.3.4",
+      method: "GET",
+      path: "/test",
+      headers: { host: "example.com" },
+      query: { a: 1 },
+      raw: { foo: "bar" },
+    };
+
+    const extracted = SsrfExtractor.extract(req);
+
+    expect(extracted).toEqual({
+      ip: "1.2.3.4",
+      method: "GET",
+      path: "/test",
+      headers: { host: "example.com" },
+      query: { a: 1 },
+      raw: req,
+    });
+  });
+
+  it("retourne une structure complète même si des champs manquent", () => {
+    const req: any = {};
+
+    const extracted = SsrfExtractor.extract(req);
+
+    expect(extracted).toEqual({
+      ip: "",
+      method: undefined,
+      path: undefined,
+      headers: {},
+      query: {},
+      raw: req,
+    });
+  });
+});

package/src/listeners/ssrf/__tests__/ssrf.listener.test.ts

@@ -0,0 +1,98 @@
+import http from "http";
+import { SsrfListener } from "../ssrf.listener";
+import { SsrfExtractor } from "../ssrf.extractor";
+import { EventNormalizer } from "../../../core/event.normalizer";
+import {
+  describe,
+  it,
+  expect,
+  beforeEach,
+  afterEach,
+  jest,
+} from "@jest/globals";
+
+jest.mock("../ssrf.extractor");
+jest.mock("../../../core/event.normalizer");
+
+describe("SsrfListener", () => {
+  let router: any;
+  let port: number;
+  let listener: SsrfListener;
+
+  beforeEach(() => {
+    router = {
+      dispatch: jest.fn(),
+    };
+
+    port = 12000 + Math.floor(Math.random() * 2000);
+
+    (SsrfExtractor.extract as jest.Mock).mockReturnValue({
+      ip: "1.2.3.4",
+      method: "GET",
+      path: "/ssrf",
+      headers: {},
+      query: {},
+      raw: {},
+    });
+
+    (EventNormalizer.normalizeSsrf as jest.Mock).mockReturnValue({
+      id: "123",
+      type: "ssrf",
+      timestamp: 111,
+      sourceIp: "1.2.3.4",
+      request: {
+        method: "GET",
+        path: "/ssrf",
+        headers: {},
+        query: {},
+      },
+    });
+
+    listener = new SsrfListener(router, port);
+  });
+
+  afterEach(() => {
+    listener.stop();
+  });
+
+  it("appelle router.dispatch avec l'événement normalisé", async () => {
+    await new Promise<void>((resolve) => {
+      const req = http.request(
+        { hostname: "localhost", port, path: "/ssrf", method: "GET" },
+        (res) => {
+          expect(res.statusCode).toBe(200);
+          expect(router.dispatch).toHaveBeenCalledTimes(1);
+          expect(router.dispatch).toHaveBeenCalledWith({
+            id: "123",
+            type: "ssrf",
+            timestamp: 111,
+            sourceIp: "1.2.3.4",
+            request: {
+              method: "GET",
+              path: "/ssrf",
+              headers: {},
+              query: {},
+            },
+          });
+          resolve();
+        },
+      );
+      req.end();
+    });
+  });
+
+  it("retourne 500 si router.dispatch échoue", async () => {
+    router.dispatch.mockRejectedValue(new Error("fail"));
+
+    await new Promise<void>((resolve) => {
+      const req = http.request(
+        { hostname: "localhost", port, path: "/ssrf", method: "GET" },
+        (res) => {
+          expect(res.statusCode).toBe(500);
+          resolve();
+        },
+      );
+      req.end();
+    });
+  });
+});

package/src/listeners/ssrf/ssrf.extractor.ts

@@ -0,0 +1,14 @@
+export class SsrfExtractor {
+  static extract(req: any) {
+    const headers = req.headers ?? {};
+
+    return {
+      ip: req.ip ?? headers["x-forwarded-for"] ?? "",
+      method: req.method,
+      path: req.path ?? req.url,
+      headers,
+      query: req.query ?? {},
+      raw: req,
+    };
+  }
+}

package/src/listeners/ssrf/ssrf.listener.ts

@@ -0,0 +1,37 @@
+import { CoreRouter } from "../../core/router";
+import { SsrfExtractor } from "./ssrf.extractor";
+import { EventNormalizer } from "../../core/event.normalizer";
+import { Logger } from "../../core/logger";
+import http from "http";
+
+export class SsrfListener {
+  private router: CoreRouter;
+  private server: http.Server;
+  private logger: Logger;
+
+  constructor(router: CoreRouter, port: number) {
+    this.router = router;
+    this.logger = new Logger({ context: "SsrfListener" });
+
+    this.server = http.createServer(async (req, res) => {
+      try {
+        const extracted = SsrfExtractor.extract(req);
+        const event = EventNormalizer.normalizeSsrf(extracted);
+
+        await this.router.dispatch(event);
+        res.writeHead(200);
+        res.end("OK");
+      } catch (err) {
+        res.writeHead(500);
+        res.end("ERROR");
+      }
+    });
+
+    this.server.listen(port);
+  }
+
+  stop() {
+    this.server.close();
+    this.logger.info("SSRF Listener stopped");
+  }
+}

package/src/listeners/tcp/tcp.extractor.ts

@@ -0,0 +1,16 @@
+import { RawTcpEvent, NormalizedTcpEvent } from "../../types/event.types";
+import { IdGenerator } from "../../core/id-generator";
+
+export class TcpExtractor {
+  static normalize(raw: RawTcpEvent): NormalizedTcpEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "tcp",
+      timestamp: Date.now(),
+      ip: raw.ip ?? "",
+      port: raw.port ?? 0,
+      data: raw.data ?? "",
+      raw,
+    };
+  }
+}

package/src/listeners/tcp/tcp.listener.ts

@@ -0,0 +1,61 @@
+import net from "net";
+import { Listener } from "../listener.interface";
+import { CoreRouter } from "../../core/router";
+import { StorageManager } from "../../core/storage";
+import { Logger } from "../../core/logger";
+import { TcpExtractor } from "./tcp.extractor";
+import { RawTcpEvent } from "../../types/event.types";
+
+export interface TcpListenerOptions {
+  port: number;
+  logger?: Logger;
+}
+
+export class TcpListener implements Listener {
+  private server: net.Server;
+  private logger: Logger;
+
+  constructor(
+    private router: CoreRouter,
+    private storage: StorageManager,
+    private options: TcpListenerOptions,
+  ) {
+    this.logger = options.logger ?? new Logger({ context: "TcpListener" });
+    this.server = net.createServer();
+  }
+
+  async start(): Promise<void> {
+    this.server.on("connection", (socket) => {
+      const ip = socket.remoteAddress ?? "unknown";
+      const port = socket.remotePort ?? 0;
+
+      socket.on("data", async (buffer) => {
+        const data = buffer.toString("utf8");
+
+        const rawEvent: RawTcpEvent = {
+          ip,
+          port,
+          data,
+          raw: { ip, port, data },
+        };
+        const normalized = TcpExtractor.normalize(rawEvent);
+
+        await this.storage.save(normalized);
+        this.router.dispatch(normalized);
+      });
+
+      socket.on("error", (err) => {
+        this.logger.error("TCP socket error", { error: err.message });
+      });
+    });
+
+    this.server.listen(this.options.port, () => {
+      this.logger.info(`TCP Listener started on port ${this.options.port}`);
+    });
+  }
+
+  async stop(): Promise<void> {
+    this.server.close();
+    this.logger.info("TCP Listener stopped");
+  }
+}

package/src/listeners/webhook/__tests__/webhook.extractor.test.ts

@@ -0,0 +1,35 @@
+import { describe, it, expect } from "@jest/globals";
+import { WebhookExtractor } from "../webhook.extractor";
+
+describe("WebhookExtractor", () => {
+  it("extrait correctement toutes les données", () => {
+    const req: any = {
+      ip: "1.2.3.4",
+      headers: { "x-test": "ok" },
+    };
+
+    const body = { hello: "world" };
+
+    const extracted = WebhookExtractor.extract(req, body);
+
+    expect(extracted).toEqual({
+      ip: "1.2.3.4",
+      headers: { "x-test": "ok" },
+      body,
+      raw: req,
+    });
+  });
+
+  it("retourne une structure complète même si des champs manquent", () => {
+    const req: any = {};
+
+    const extracted = WebhookExtractor.extract(req, null);
+
+    expect(extracted).toEqual({
+      ip: "",
+      headers: {},
+      body: null,
+      raw: req,
+    });
+  });
+});

package/src/listeners/webhook/__tests__/webhook.listener.test.ts

@@ -0,0 +1,122 @@
+import {
+  describe,
+  it,
+  expect,
+  jest,
+  beforeEach,
+  afterEach,
+} from "@jest/globals";
+
+import http from "http";
+import { WebhookListener } from "../webhook.listener";
+import { WebhookExtractor } from "../webhook.extractor";
+import { EventNormalizer } from "../../../core/event.normalizer";
+
+jest.mock("../webhook.extractor");
+jest.mock("../../../core/event.normalizer");
+
+describe("WebhookListener", () => {
+  let router: any;
+  let port: number;
+  let listener: WebhookListener;
+
+  beforeEach(() => {
+    router = {
+      dispatch: jest.fn(),
+    };
+
+    port = 13000 + Math.floor(Math.random() * 2000);
+
+    (WebhookExtractor.extract as jest.Mock).mockReturnValue({
+      ip: "1.2.3.4",
+      headers: { "x-test": "ok" },
+      body: { hello: "world" },
+      raw: {},
+    });
+
+    (EventNormalizer.normalizeWebhook as jest.Mock).mockReturnValue({
+      id: "abc",
+      type: "webhook",
+      timestamp: 111,
+      sourceIp: "1.2.3.4",
+      headers: { "x-test": "ok" },
+      body: { hello: "world" },
+    });
+
+    listener = new WebhookListener(router, port);
+  });
+
+  afterEach(() => {
+    listener.stop();
+  });
+
+  it("appelle router.dispatch avec l'événement normalisé", async () => {
+    await new Promise<void>((resolve) => {
+      const req = http.request(
+        {
+          hostname: "localhost",
+          port,
+          path: "/",
+          method: "POST",
+          headers: { "content-type": "application/json" },
+        },
+        (res) => {
+          expect(res.statusCode).toBe(200);
+          expect(router.dispatch).toHaveBeenCalledTimes(1);
+          expect(router.dispatch).toHaveBeenCalledWith({
+            id: "abc",
+            type: "webhook",
+            timestamp: 111,
+            sourceIp: "1.2.3.4",
+            headers: { "x-test": "ok" },
+            body: { hello: "world" },
+          });
+          resolve();
+        },
+      );
+
+      req.write(JSON.stringify({ hello: "world" }));
+      req.end();
+    });
+  });
+
+  it("retourne 500 si router.dispatch échoue", async () => {
+    router.dispatch.mockRejectedValue(new Error("fail"));
+
+    await new Promise<void>((resolve) => {
+      const req = http.request(
+        {
+          hostname: "localhost",
+          port,
+          path: "/",
+          method: "POST",
+        },
+        (res) => {
+          expect(res.statusCode).toBe(500);
+          resolve();
+        },
+      );
+
+      req.write("{}");
+      req.end();
+    });
+  });
+
+  it("retourne 405 si la méthode n'est pas POST", async () => {
+    await new Promise<void>((resolve) => {
+      const req = http.request(
+        {
+          hostname: "localhost",
+          port,
+          path: "/",
+          method: "GET",
+        },
+        (res) => {
+          expect(res.statusCode).toBe(405);
+          resolve();
+        },
+      );
+      req.end();
+    });
+  });
+});

package/src/listeners/webhook/webhook.extractor.ts

@@ -0,0 +1,12 @@
+export class WebhookExtractor {
+  static extract(req: any, body: any) {
+    const headers = req.headers ?? {};
+
+    return {
+      ip: req.ip ?? headers["x-forwarded-for"] ?? "",
+      headers,
+      body,
+      raw: req,
+    };
+  }
+}