@j3r3mcdev/oast-server 1.0.0

package/src/listeners/webhook/webhook.listener.ts

@@ -0,0 +1,58 @@
+import http from "http";
+import { CoreRouter } from "../../core/router";
+import { WebhookExtractor } from "./webhook.extractor";
+import { EventNormalizer } from "../../core/event.normalizer";
+import { Logger } from "../../core/logger";
+
+export class WebhookListener {
+  private router: CoreRouter;
+  private server: http.Server;
+  private logger: Logger;
+
+  constructor(router: CoreRouter, port: number) {
+    this.router = router;
+    this.logger = new Logger({ context: "WebhookListener" });
+
+    this.server = http.createServer(async (req, res) => {
+      if (req.method !== "POST") {
+        res.writeHead(405);
+        return res.end("Method Not Allowed");
+      }
+
+      let chunks: Buffer[] = [];
+
+      req.on("data", (chunk) => chunks.push(chunk));
+
+      req.on("end", async () => {
+        try {
+          const bodyRaw = Buffer.concat(chunks).toString();
+          let body: any = null;
+
+          try {
+            body = JSON.parse(bodyRaw);
+          } catch {
+            body = bodyRaw;
+          }
+
+          const extracted = WebhookExtractor.extract(req, body);
+          const event = EventNormalizer.normalizeWebhook(extracted);
+
+          await this.router.dispatch(event);
+
+          res.writeHead(200);
+          res.end("OK");
+        } catch (err) {
+          res.writeHead(500);
+          res.end("ERROR");
+        }
+      });
+    });
+
+    this.server.listen(port);
+  }
+
+  stop() {
+    this.server.close();
+    this.logger.info("Webhook Listener stopped");
+  }
+}

package/src/listeners/websocket/__tests__/websocket.extractor.test.ts

@@ -0,0 +1,33 @@
+import { describe, it, expect } from "@jest/globals";
+import { WebSocketExtractor } from "../websocket.extractor";
+
+describe("WebSocketExtractor", () => {
+  it("extrait correctement les données", () => {
+    const ws: any = {};
+    const req: any = {
+      socket: { remoteAddress: "1.2.3.4" },
+      headers: { host: "example.com" },
+    };
+
+    const extracted = WebSocketExtractor.extract(ws, req, "hello");
+
+    expect(extracted).toEqual({
+      ip: "1.2.3.4",
+      message: "hello",
+      raw: { ws, req },
+    });
+  });
+
+  it("retourne une structure complète même si des champs manquent", () => {
+    const ws: any = {};
+    const req: any = {};
+
+    const extracted = WebSocketExtractor.extract(ws, req, "test");
+
+    expect(extracted).toEqual({
+      ip: "",
+      message: "test",
+      raw: { ws, req },
+    });
+  });
+});

package/src/listeners/websocket/__tests__/websocket.listener.test.ts

@@ -0,0 +1,90 @@
+import {
+  describe,
+  it,
+  expect,
+  jest,
+  beforeEach,
+  afterEach,
+} from "@jest/globals";
+
+import { WebSocketServer } from "ws";
+import WebSocket from "ws";
+import { WebSocketListener } from "../websocket.listener";
+import { WebSocketExtractor } from "../websocket.extractor";
+import { EventNormalizer } from "../../../core/event.normalizer";
+
+jest.mock("../websocket.extractor");
+jest.mock("../../../core/event.normalizer");
+
+describe("WebSocketListener", () => {
+  let router: any;
+  let port: number;
+  let listener: WebSocketListener;
+
+  beforeEach(() => {
+    router = {
+      dispatch: jest.fn(),
+    };
+
+    port = 14000 + Math.floor(Math.random() * 2000);
+
+    (WebSocketExtractor.extract as jest.Mock).mockReturnValue({
+      ip: "1.2.3.4",
+      message: "hello",
+      raw: {},
+    });
+
+    (EventNormalizer.normalizeWebSocket as jest.Mock).mockReturnValue({
+      id: "ws123",
+      type: "websocket",
+      timestamp: 111,
+      sourceIp: "1.2.3.4",
+      message: "hello",
+    });
+
+    listener = new WebSocketListener(router, port);
+  });
+
+  afterEach(() => {
+    listener.stop();
+  });
+
+  it("appelle router.dispatch quand un message est reçu", async () => {
+    const client = new WebSocket(`ws://localhost:${port}`);
+
+    await new Promise<void>((resolve) => {
+      client.on("open", () => {
+        client.send("hello");
+        setTimeout(() => {
+          expect(router.dispatch).toHaveBeenCalledTimes(1);
+          expect(router.dispatch).toHaveBeenCalledWith({
+            id: "ws123",
+            type: "websocket",
+            timestamp: 111,
+            sourceIp: "1.2.3.4",
+            message: "hello",
+          });
+          client.close();
+          resolve();
+        }, 50);
+      });
+    });
+  });
+
+  it("ne plante pas si dispatch échoue", async () => {
+    router.dispatch.mockRejectedValue(new Error("fail"));
+
+    const client = new WebSocket(`ws://localhost:${port}`);
+
+    await new Promise<void>((resolve) => {
+      client.on("open", () => {
+        client.send("hello");
+        setTimeout(() => {
+          expect(router.dispatch).toHaveBeenCalledTimes(1);
+          client.close();
+          resolve();
+        }, 50);
+      });
+    });
+  });
+});

package/src/listeners/websocket/websocket.extractor.ts

@@ -0,0 +1,11 @@
+export class WebSocketExtractor {
+  static extract(ws: any, req: any, message: string) {
+    const headers = req.headers ?? {};
+
+    return {
+      ip: req.socket?.remoteAddress ?? headers["x-forwarded-for"] ?? "",
+      message,
+      raw: { ws, req },
+    };
+  }
+}

package/src/listeners/websocket/websocket.listener.ts

@@ -0,0 +1,40 @@
+import { WebSocketServer, WebSocket, RawData } from "ws";
+import type { IncomingMessage } from "http";
+import { CoreRouter } from "../../core/router";
+import { WebSocketExtractor } from "./websocket.extractor";
+import { EventNormalizer } from "../../core/event.normalizer";
+import { Logger } from "../../core/logger";
+
+export class WebSocketListener {
+  private router: CoreRouter;
+  private server: WebSocketServer;
+  private logger: Logger;
+
+  constructor(router: CoreRouter, port: number) {
+    this.router = router;
+    this.logger = new Logger({ context: "WebSocketListener" });
+
+    this.server = new WebSocketServer({ port });
+
+    this.server.on("connection", (ws: WebSocket, req: IncomingMessage) => {
+      ws.on("message", async (data: RawData) => {
+        try {
+          const message = data.toString();
+          const extracted = WebSocketExtractor.extract(ws, req, message);
+          const event = EventNormalizer.normalizeWebSocket(extracted);
+
+          await this.router.dispatch(event);
+        } catch (err) {
+          this.logger.error("WebSocket error", err);
+        }
+      });
+    });
+
+    this.logger.info(`WebSocket Listener listening on port ${port}`);
+  }
+
+  stop() {
+    this.server.close();
+    this.logger.info("WebSocket Listener stopped");
+  }
+}

package/src/storage-adapters/adapters/__tests__/memory.storage.test.ts

@@ -0,0 +1,75 @@
+import { MemoryStorage } from "../memory.storage";
+import { describe, it, expect } from "@jest/globals";
+import { NormalizedHttpEvent } from "../../../types/event.types";
+
+describe("MemoryStorage", () => {
+  it("sauvegarde un événement", async () => {
+    const storage = new MemoryStorage();
+
+    const event: NormalizedHttpEvent = {
+      id: "1",
+      type: "http",
+      timestamp: 123,
+      sourceIp: "1.1.1.1",
+      request: {
+        method: "GET",
+        path: "/",
+        headers: {},
+        query: {},
+        body: {},
+      },
+    };
+
+    await storage.save(event);
+
+    const all = await storage.getAll();
+    expect(all).toEqual([event]);
+  });
+
+  it("retourne un événement par ID", async () => {
+    const storage = new MemoryStorage();
+
+    const event: NormalizedHttpEvent = {
+      id: "1",
+      type: "http",
+      timestamp: Date.now(),
+      sourceIp: "1.1.1.1",
+      request: {
+        method: "GET",
+        path: "/test",
+        headers: {},
+        query: {},
+        body: "",
+      },
+    };
+
+    await storage.save(event);
+
+    const found = await storage.getById("1");
+    expect(found).toEqual(event);
+  });
+
+  it("supprime un événement", async () => {
+    const storage = new MemoryStorage();
+
+    const event: NormalizedHttpEvent = {
+      id: "1",
+      type: "http",
+      timestamp: Date.now(),
+      sourceIp: "1.1.1.1",
+      request: {
+        method: "GET",
+        path: "/test",
+        headers: {},
+        query: {},
+        body: "",
+      },
+    };
+
+    await storage.save(event);
+    await storage.delete("1");
+
+    const all = await storage.getAll();
+    expect(all).toEqual([]);
+  });
+});

package/src/storage-adapters/adapters/memory.storage.ts

@@ -0,0 +1,64 @@
+import { Storage } from "../storage.interface";
+import { AnyNormalizedEvent } from "../../types/event.types";
+
+export class MemoryStorage implements Storage {
+  private events = new Map<string, AnyNormalizedEvent>();
+
+  async save(event: AnyNormalizedEvent): Promise<void> {
+    this.events.set(event.id, event);
+  }
+
+  async getEvent(id: string): Promise<AnyNormalizedEvent | null> {
+    return this.events.get(id) ?? null;
+  }
+
+  async listEvents(params: {
+    type?: string;
+    page?: number;
+    limit?: number;
+  }): Promise<AnyNormalizedEvent[]> {
+    const { type, page = 1, limit = 50 } = params;
+
+    const all = Array.from(this.events.values());
+    const filtered = type ? all.filter((e) => e.type === type) : all;
+
+    const start = (page - 1) * limit;
+    return filtered.slice(start, start + limit);
+  }
+
+  async getAll(): Promise<AnyNormalizedEvent[]> {
+    return Array.from(this.events.values());
+  }
+
+  async deleteEvent(id: string): Promise<boolean> {
+    return this.events.delete(id);
+  }
+
+  async clearEvents(): Promise<void> {
+    this.events.clear();
+  }
+
+  async getStats(): Promise<{
+    total: number;
+    byType: Record<string, number>;
+  }> {
+    const all = Array.from(this.events.values());
+    const byType: Record<string, number> = {};
+
+    for (const e of all) {
+      byType[e.type] = (byType[e.type] ?? 0) + 1;
+    }
+
+    return {
+      total: all.length,
+      byType,
+    };
+  }
+  async getById(id: string) {
+    return this.getEvent(id);
+  }
+
+  async delete(id: string) {
+    return this.deleteEvent(id);
+  }
+}

package/src/storage-adapters/storage.interface.ts

@@ -0,0 +1,26 @@
+import { AnyNormalizedEvent } from "../types/event.types";
+
+export interface StorageListParams {
+  type?: string;
+  page?: number;
+  limit?: number;
+}
+
+export interface Storage {
+  save(event: AnyNormalizedEvent): Promise<void>;
+
+  getEvent(id: string): Promise<AnyNormalizedEvent | null>;
+
+  listEvents(params: StorageListParams): Promise<AnyNormalizedEvent[]>;
+
+  deleteEvent(id: string): Promise<boolean>;
+
+  clearEvents(): Promise<void>;
+
+  getAll(): Promise<AnyNormalizedEvent[]>;
+
+  getStats(): Promise<{
+    total: number;
+    byType: Record<string, number>;
+  }>;
+}

package/src/types/event.types.ts

@@ -0,0 +1,147 @@
+//
+// RAW EVENTS
+//
+export interface RawEvent {
+  ip: string;
+  method: string;
+  path: string;
+  headers: Record<string, string | string[] | undefined>;
+  query: Record<string, any>;
+  body: any;
+  raw: any;
+}
+
+export interface RawDnsEvent {
+  ip: string;
+  query: string;
+  recordType: string;
+  raw: any;
+}
+
+export interface RawSmtpEvent {
+  ip: string;
+  from: string;
+  to: string[];
+  subject: string;
+  body: string;
+  raw: any;
+}
+
+export interface RawTcpEvent {
+  ip: string;
+  port: number;
+  data: string;
+  raw: any;
+}
+
+export interface RawSsrfEvent {
+  ip: string;
+  method: string | undefined;
+  path: string | undefined;
+  headers: Record<string, string | string[] | undefined>;
+  query: Record<string, any>;
+  raw: any;
+}
+
+export interface RawWebhookEvent {
+  ip: string;
+  headers: Record<string, string | string[] | undefined>;
+  body: any;
+  raw: any;
+}
+
+export interface RawWebSocketEvent {
+  ip: string;
+  message: string;
+  raw: any;
+}
+
+//
+// NORMALIZED EVENTS
+//
+export interface NormalizedHttpEvent {
+  id: string;
+  type: "http";
+  timestamp: number;
+  sourceIp: string;
+  request: {
+    method: string;
+    path: string;
+    headers: Record<string, string | string[] | undefined>;
+    query: Record<string, any>;
+    body: any;
+  };
+}
+
+export interface NormalizedDnsEvent {
+  id: string;
+  type: "dns";
+  timestamp: number;
+  ip: string;
+  query: string;
+  recordType: string;
+  raw: any;
+}
+
+export interface NormalizedSmtpEvent {
+  id: string;
+  type: "smtp";
+  timestamp: number;
+  ip: string;
+  from: string;
+  to: string[];
+  subject: string;
+  body: string;
+  raw: any;
+}
+
+export interface NormalizedTcpEvent {
+  id: string;
+  type: "tcp";
+  timestamp: number;
+  ip: string;
+  port: number;
+  data: string;
+  raw: any;
+}
+export interface NormalizedSsrfEvent {
+  id: string;
+  type: "ssrf";
+  timestamp: number;
+  sourceIp: string;
+  request: {
+    method: string | undefined;
+    path: string | undefined;
+    headers: Record<string, string | string[] | undefined>;
+    query: Record<string, any>;
+  };
+}
+
+export interface NormalizedWebhookEvent {
+  id: string;
+  type: "webhook";
+  timestamp: number;
+  sourceIp: string;
+  headers: Record<string, string | string[] | undefined>;
+  body: any;
+}
+
+export interface NormalizedWebSocketEvent {
+  id: string;
+  type: "websocket";
+  timestamp: number;
+  sourceIp: string;
+  message: string;
+}
+
+//
+// UNION
+//
+export type AnyNormalizedEvent =
+  | NormalizedHttpEvent
+  | NormalizedDnsEvent
+  | NormalizedSmtpEvent
+  | NormalizedTcpEvent
+  | NormalizedSsrfEvent
+  | NormalizedWebhookEvent
+  | NormalizedWebSocketEvent;

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "module": "CommonJS",
+    "rootDir": "src",
+    "outDir": "dist",
+    "strict": true,
+    "esModuleInterop": true,
+    "forceConsistentCasingInFileNames": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}