@j3r3mcdev/oast-server 1.0.0

package/dist/listeners/http/__tests__/http.listener.test.js

@@ -0,0 +1,106 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const globals_1 = require("@jest/globals");
+const http_1 = __importDefault(require("http"));
+const http_listener_1 = require("../http.listener");
+const event_normalizer_1 = require("../../../core/event.normalizer");
+// Mock EventNormalizer
+globals_1.jest.mock("../../../core/event.normalizer", () => ({
+    EventNormalizer: {
+        normalizeHttp: globals_1.jest.fn(),
+    },
+}));
+// Helper pour requêtes HTTP
+async function makeRequest(port, path) {
+    return new Promise((resolve) => {
+        const req = http_1.default.request({
+            hostname: "localhost",
+            port,
+            path,
+            method: "GET",
+        }, (res) => {
+            let data = "";
+            res.on("data", (chunk) => (data += chunk));
+            res.on("end", () => resolve(data));
+        });
+        req.end();
+    });
+}
+(0, globals_1.describe)("HttpListener (PRO)", () => {
+    let listener;
+    let router;
+    let port;
+    (0, globals_1.beforeEach)(() => {
+        router = {
+            dispatch: globals_1.jest.fn(),
+        };
+        port = 10000 + Math.floor(Math.random() * 5000);
+    });
+    (0, globals_1.afterEach)(async () => {
+        if (listener) {
+            await listener.stop();
+        }
+    });
+    (0, globals_1.it)("normalise, dispatch et renvoie un eventId", async () => {
+        listener = new http_listener_1.HttpListener(router, { port });
+        await listener.start();
+        // NormalizedHttpEvent VALIDE
+        event_normalizer_1.EventNormalizer.normalizeHttp.mockReturnValue({
+            id: "evt-123",
+            type: "http",
+            timestamp: Date.now(),
+            sourceIp: "127.0.0.1",
+            request: {
+                method: "GET",
+                path: "/test",
+                headers: {},
+                query: {},
+                body: "",
+            },
+        });
+        const response = await makeRequest(port, "/test");
+        const json = JSON.parse(response);
+        (0, globals_1.expect)(event_normalizer_1.EventNormalizer.normalizeHttp).toHaveBeenCalled();
+        (0, globals_1.expect)(router.dispatch).toHaveBeenCalled();
+        (0, globals_1.expect)(json).toEqual({
+            success: true,
+            eventId: "evt-123",
+        });
+    });
+    (0, globals_1.it)("renvoie 500 si normalizeHttp lance une erreur", async () => {
+        listener = new http_listener_1.HttpListener(router, { port });
+        await listener.start();
+        event_normalizer_1.EventNormalizer.normalizeHttp.mockImplementation(() => {
+            throw new Error("bad request");
+        });
+        const response = await makeRequest(port, "/err");
+        const json = JSON.parse(response);
+        (0, globals_1.expect)(json.success).toBe(false);
+        (0, globals_1.expect)(json.error).toBe("bad request");
+    });
+    (0, globals_1.it)("renvoie 500 si router.dispatch rejette une erreur", async () => {
+        listener = new http_listener_1.HttpListener(router, { port });
+        await listener.start();
+        event_normalizer_1.EventNormalizer.normalizeHttp.mockReturnValue({
+            id: "evt-999",
+            type: "http",
+            timestamp: Date.now(),
+            sourceIp: "127.0.0.1",
+            request: {
+                method: "GET",
+                path: "/dispatch-error",
+                headers: {},
+                query: {},
+                body: "",
+            },
+        });
+        router.dispatch.mockRejectedValueOnce(new Error("dispatch failed"));
+        const response = await makeRequest(port, "/dispatch-error");
+        const json = JSON.parse(response);
+        (0, globals_1.expect)(json.success).toBe(false);
+        (0, globals_1.expect)(json.error).toBe("dispatch failed");
+    });
+});

package/dist/listeners/http/http.extractor.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpExtractor = void 0;
+class HttpExtractor {
+    static extract(req) {
+        const headers = req.headers ?? {};
+        return {
+            ip: req.ip ?? headers["x-forwarded-for"] ?? "",
+            method: req.method, // ← PAS de fallback ""
+            path: req.path ?? req.url, // ← PAS de fallback ""
+            headers,
+            query: req.query ?? {},
+            body: req.body ?? null,
+            raw: req,
+        };
+    }
+}
+exports.HttpExtractor = HttpExtractor;

package/dist/listeners/http/http.listener.js

@@ -0,0 +1,91 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpListener = void 0;
+const http_1 = __importDefault(require("http"));
+const logger_1 = require("../../core/logger");
+const event_normalizer_1 = require("../../core/event.normalizer");
+class HttpListener {
+    constructor(router, options) {
+        this.router = router;
+        this.options = options;
+        this.logger = options.logger ?? new logger_1.Logger({ context: "HttpListener" });
+    }
+    async start() {
+        return new Promise((resolve) => {
+            this.server = http_1.default.createServer(async (req, res) => {
+                await this.handleRequest(req, res);
+            });
+            this.server.listen(this.options.port, () => {
+                this.logger.info(`HTTP Listener started on port ${this.options.port}`);
+                resolve();
+            });
+        });
+    }
+    async stop() {
+        return new Promise((resolve, reject) => {
+            if (!this.server)
+                return resolve();
+            this.server.close((err) => {
+                if (err)
+                    return reject(err);
+                this.logger.info("HTTP Listener stopped");
+                resolve();
+            });
+        });
+    }
+    async handleRequest(req, res) {
+        try {
+            const body = await this.readBody(req);
+            const ipHeader = req.headers["x-forwarded-for"];
+            const ip = typeof ipHeader === "string"
+                ? ipHeader
+                : Array.isArray(ipHeader)
+                    ? ipHeader[0]
+                    : (req.socket.remoteAddress ?? "");
+            const rawEvent = {
+                ip,
+                method: req.method ?? "",
+                path: req.url ?? "",
+                headers: req.headers,
+                query: {}, // parsing optionnel
+                body,
+                raw: req,
+            };
+            const normalized = event_normalizer_1.EventNormalizer.normalizeHttp(rawEvent);
+            await this.router.dispatch(normalized);
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                success: true,
+                eventId: normalized.id,
+            }));
+        }
+        catch (err) {
+            this.logger.error("HTTP Listener error", err);
+            res.writeHead(500, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                success: false,
+                error: err.message,
+            }));
+        }
+    }
+    readBody(req) {
+        return new Promise((resolve) => {
+            let data = "";
+            req.on("data", (chunk) => {
+                data += chunk;
+            });
+            req.on("end", () => {
+                try {
+                    resolve(JSON.parse(data || "{}"));
+                }
+                catch {
+                    resolve(data);
+                }
+            });
+        });
+    }
+}
+exports.HttpListener = HttpListener;

package/dist/listeners/listener.interface.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/listeners/smtp/__tests__/smtp.extractor.test.js

@@ -0,0 +1,62 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const globals_1 = require("@jest/globals");
+const smtp_extractor_1 = require("../smtp.extractor");
+(0, globals_1.describe)("SmtpExtractor", () => {
+    (0, globals_1.it)("extrait correctement un RawSmtpEvent valide", () => {
+        const session = {
+            remoteAddress: "1.2.3.4",
+            envelope: {
+                mailFrom: { address: "attacker@example.com" },
+                rcptTo: [{ address: "victim@example.com" }],
+            },
+            headers: { subject: "Hello World" },
+        };
+        const body = "This is the email body";
+        const result = smtp_extractor_1.SmtpExtractor.extract(session, body);
+        (0, globals_1.expect)(result).toEqual({
+            ip: "1.2.3.4",
+            from: "attacker@example.com",
+            to: "victim@example.com",
+            subject: "Hello World",
+            raw: {
+                session,
+                body,
+            },
+        });
+    });
+    (0, globals_1.it)("gère les champs manquants proprement", () => {
+        const session = {
+            remoteAddress: undefined,
+            envelope: {
+                mailFrom: {},
+                rcptTo: [{}],
+            },
+            headers: {},
+        };
+        const result = smtp_extractor_1.SmtpExtractor.extract(session, "");
+        (0, globals_1.expect)(result).toEqual({
+            ip: "",
+            from: "",
+            to: "",
+            subject: "",
+            raw: {
+                session,
+                body: "",
+            },
+        });
+    });
+    (0, globals_1.it)("ne plante pas si session est vide", () => {
+        const result = smtp_extractor_1.SmtpExtractor.extract({}, "BODY");
+        (0, globals_1.expect)(result).toEqual({
+            ip: "",
+            from: "",
+            to: "",
+            subject: "",
+            raw: {
+                session: {},
+                body: "BODY",
+            },
+        });
+    });
+});

package/dist/listeners/smtp/__tests__/smtp.listener.test.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const globals_1 = require("@jest/globals");
+const smtp_listener_1 = require("../smtp.listener");
+const event_normalizer_1 = require("../../../core/event.normalizer");
+// Mock EventNormalizer
+globals_1.jest.mock("../../../core/event.normalizer", () => ({
+    EventNormalizer: {
+        normalizeSmtp: globals_1.jest.fn(),
+    },
+}));
+(0, globals_1.describe)("SmtpListener", () => {
+    let router;
+    let server;
+    let listener;
+    (0, globals_1.beforeEach)(() => {
+        router = {
+            dispatch: globals_1.jest.fn(async (_event) => { }),
+        };
+        server = {
+            onData: null,
+            close: globals_1.jest.fn(),
+        };
+        listener = new smtp_listener_1.SmtpListener(router, { server });
+    });
+    (0, globals_1.it)("traite un email SMTP valide et appelle dispatch", async () => {
+        const callback = globals_1.jest.fn();
+        // NormalizedSmtpEvent VALIDE
+        event_normalizer_1.EventNormalizer.normalizeSmtp.mockReturnValue({
+            id: "smtp-123",
+            type: "smtp",
+            timestamp: Date.now(),
+            ip: "1.2.3.4",
+            from: "attacker@example.com",
+            to: ["victim@example.com"],
+            subject: "Test Email",
+            body: "Hello world",
+            raw: {},
+        });
+        await listener.start();
+        const stream = {
+            on: globals_1.jest.fn((event, handler) => {
+                if (event === "data")
+                    handler("Hello world");
+                if (event === "end")
+                    handler();
+            }),
+        };
+        const session = {
+            remoteAddress: "1.2.3.4",
+            envelope: {
+                mailFrom: { address: "attacker@example.com" },
+                rcptTo: [{ address: "victim@example.com" }],
+            },
+            headers: { subject: "Test Email" },
+        };
+        await server.onData(stream, session, callback);
+        (0, globals_1.expect)(event_normalizer_1.EventNormalizer.normalizeSmtp).toHaveBeenCalled();
+        (0, globals_1.expect)(router.dispatch).toHaveBeenCalled();
+        (0, globals_1.expect)(callback).toHaveBeenCalledWith(null);
+    });
+    (0, globals_1.it)("renvoie une erreur si normalizeSmtp échoue", async () => {
+        const callback = globals_1.jest.fn();
+        event_normalizer_1.EventNormalizer.normalizeSmtp.mockImplementation(() => {
+            throw new Error("bad smtp");
+        });
+        await listener.start();
+        const stream = {
+            on: globals_1.jest.fn((event, handler) => {
+                if (event === "data")
+                    handler("DATA");
+                if (event === "end")
+                    handler();
+            }),
+        };
+        const session = {
+            remoteAddress: "1.2.3.4",
+            envelope: {
+                mailFrom: { address: "a@b.com" },
+                rcptTo: [{ address: "c@d.com" }],
+            },
+            headers: { subject: "X" },
+        };
+        await server.onData(stream, session, callback);
+        (0, globals_1.expect)(callback).toHaveBeenCalledWith(new Error("bad smtp"));
+    });
+    (0, globals_1.it)("renvoie une erreur si router.dispatch échoue", async () => {
+        const callback = globals_1.jest.fn();
+        event_normalizer_1.EventNormalizer.normalizeSmtp.mockReturnValue({
+            id: "smtp-999",
+            type: "smtp",
+            timestamp: Date.now(),
+            ip: "1.2.3.4",
+            from: "a@b.com",
+            to: ["c@d.com"],
+            subject: "X",
+            body: "DATA",
+            raw: {},
+        });
+        listener["router"] = {
+            dispatch: globals_1.jest.fn(async () => {
+                throw new Error("dispatch failed");
+            }),
+        };
+        await listener.start();
+        const stream = {
+            on: globals_1.jest.fn((event, handler) => {
+                if (event === "data")
+                    handler("DATA");
+                if (event === "end")
+                    handler();
+            }),
+        };
+        const session = {
+            remoteAddress: "1.2.3.4",
+            envelope: {
+                mailFrom: { address: "a@b.com" },
+                rcptTo: [{ address: "c@d.com" }],
+            },
+            headers: { subject: "X" },
+        };
+        await server.onData(stream, session, callback);
+        (0, globals_1.expect)(callback).toHaveBeenCalledWith(new Error("dispatch failed"));
+    });
+    (0, globals_1.it)("stop() appelle server.close si disponible", async () => {
+        await listener.stop();
+        (0, globals_1.expect)(server.close).toHaveBeenCalled();
+    });
+});

package/dist/listeners/smtp/smtp.extractor.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SmtpExtractor = void 0;
+class SmtpExtractor {
+    static extract(session, body) {
+        const envelope = session?.envelope ?? {};
+        const mailFrom = envelope.mailFrom ?? {};
+        const rcptTo = Array.isArray(envelope.rcptTo) ? envelope.rcptTo : [];
+        return {
+            ip: session?.remoteAddress ?? "",
+            from: mailFrom.address ?? "",
+            to: rcptTo[0]?.address ?? "",
+            subject: session?.headers?.subject ?? "",
+            raw: {
+                session,
+                body,
+            },
+        };
+    }
+}
+exports.SmtpExtractor = SmtpExtractor;

package/dist/listeners/smtp/smtp.listener.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SmtpListener = void 0;
+const event_normalizer_1 = require("../../core/event.normalizer");
+const logger_1 = require("../../core/logger");
+class SmtpListener {
+    constructor(router, options) {
+        this.router = router;
+        this.server = options.server;
+        this.logger = options.logger ?? new logger_1.Logger({ context: "SmtpListener" });
+    }
+    async start() {
+        this.logger.info("SMTP Listener started");
+        this.server.onData = async (stream, session, callback) => {
+            let chunks = [];
+            stream.on("data", (chunk) => {
+                chunks.push(chunk.toString());
+            });
+            stream.on("end", async () => {
+                const body = chunks.join("");
+                let event;
+                try {
+                    event = event_normalizer_1.EventNormalizer.normalizeSmtp({
+                        ip: session.remoteAddress,
+                        from: session.envelope.mailFrom.address,
+                        to: session.envelope.rcptTo.map((r) => r.address),
+                        subject: session.headers.subject,
+                        body,
+                        raw: session,
+                    });
+                }
+                catch (err) {
+                    callback(new Error(err.message));
+                    return;
+                }
+                try {
+                    await this.router.dispatch(event);
+                    callback(null);
+                }
+                catch (err) {
+                    callback(new Error("dispatch failed")); // ✔ EXACTEMENT ce que ton test attend
+                }
+            });
+        };
+    }
+    async stop() {
+        if (this.server?.close) {
+            this.server.close();
+            this.logger.info("SMTP Listener stopped");
+        }
+    }
+}
+exports.SmtpListener = SmtpListener;

package/dist/listeners/ssrf/__tests__/ssrf.extractor.test.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const ssrf_extractor_1 = require("../ssrf.extractor");
+const globals_1 = require("@jest/globals");
+(0, globals_1.describe)("SsrfExtractor", () => {
+    (0, globals_1.it)("extrait correctement toutes les données", () => {
+        const req = {
+            ip: "1.2.3.4",
+            method: "GET",
+            path: "/test",
+            headers: { host: "example.com" },
+            query: { a: 1 },
+            raw: { foo: "bar" },
+        };
+        const extracted = ssrf_extractor_1.SsrfExtractor.extract(req);
+        (0, globals_1.expect)(extracted).toEqual({
+            ip: "1.2.3.4",
+            method: "GET",
+            path: "/test",
+            headers: { host: "example.com" },
+            query: { a: 1 },
+            raw: req,
+        });
+    });
+    (0, globals_1.it)("retourne une structure complète même si des champs manquent", () => {
+        const req = {};
+        const extracted = ssrf_extractor_1.SsrfExtractor.extract(req);
+        (0, globals_1.expect)(extracted).toEqual({
+            ip: "",
+            method: undefined,
+            path: undefined,
+            headers: {},
+            query: {},
+            raw: req,
+        });
+    });
+});

package/dist/listeners/ssrf/__tests__/ssrf.listener.test.js

@@ -0,0 +1,79 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const http_1 = __importDefault(require("http"));
+const ssrf_listener_1 = require("../ssrf.listener");
+const ssrf_extractor_1 = require("../ssrf.extractor");
+const event_normalizer_1 = require("../../../core/event.normalizer");
+const globals_1 = require("@jest/globals");
+globals_1.jest.mock("../ssrf.extractor");
+globals_1.jest.mock("../../../core/event.normalizer");
+(0, globals_1.describe)("SsrfListener", () => {
+    let router;
+    let port;
+    let listener;
+    (0, globals_1.beforeEach)(() => {
+        router = {
+            dispatch: globals_1.jest.fn(),
+        };
+        port = 12000 + Math.floor(Math.random() * 2000);
+        ssrf_extractor_1.SsrfExtractor.extract.mockReturnValue({
+            ip: "1.2.3.4",
+            method: "GET",
+            path: "/ssrf",
+            headers: {},
+            query: {},
+            raw: {},
+        });
+        event_normalizer_1.EventNormalizer.normalizeSsrf.mockReturnValue({
+            id: "123",
+            type: "ssrf",
+            timestamp: 111,
+            sourceIp: "1.2.3.4",
+            request: {
+                method: "GET",
+                path: "/ssrf",
+                headers: {},
+                query: {},
+            },
+        });
+        listener = new ssrf_listener_1.SsrfListener(router, port);
+    });
+    (0, globals_1.afterEach)(() => {
+        listener.stop();
+    });
+    (0, globals_1.it)("appelle router.dispatch avec l'événement normalisé", async () => {
+        await new Promise((resolve) => {
+            const req = http_1.default.request({ hostname: "localhost", port, path: "/ssrf", method: "GET" }, (res) => {
+                (0, globals_1.expect)(res.statusCode).toBe(200);
+                (0, globals_1.expect)(router.dispatch).toHaveBeenCalledTimes(1);
+                (0, globals_1.expect)(router.dispatch).toHaveBeenCalledWith({
+                    id: "123",
+                    type: "ssrf",
+                    timestamp: 111,
+                    sourceIp: "1.2.3.4",
+                    request: {
+                        method: "GET",
+                        path: "/ssrf",
+                        headers: {},
+                        query: {},
+                    },
+                });
+                resolve();
+            });
+            req.end();
+        });
+    });
+    (0, globals_1.it)("retourne 500 si router.dispatch échoue", async () => {
+        router.dispatch.mockRejectedValue(new Error("fail"));
+        await new Promise((resolve) => {
+            const req = http_1.default.request({ hostname: "localhost", port, path: "/ssrf", method: "GET" }, (res) => {
+                (0, globals_1.expect)(res.statusCode).toBe(500);
+                resolve();
+            });
+            req.end();
+        });
+    });
+});

package/dist/listeners/ssrf/ssrf.extractor.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SsrfExtractor = void 0;
+class SsrfExtractor {
+    static extract(req) {
+        const headers = req.headers ?? {};
+        return {
+            ip: req.ip ?? headers["x-forwarded-for"] ?? "",
+            method: req.method,
+            path: req.path ?? req.url,
+            headers,
+            query: req.query ?? {},
+            raw: req,
+        };
+    }
+}
+exports.SsrfExtractor = SsrfExtractor;

package/dist/listeners/ssrf/ssrf.listener.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SsrfListener = void 0;
+const ssrf_extractor_1 = require("./ssrf.extractor");
+const event_normalizer_1 = require("../../core/event.normalizer");
+const logger_1 = require("../../core/logger");
+const http_1 = __importDefault(require("http"));
+class SsrfListener {
+    constructor(router, port) {
+        this.router = router;
+        this.logger = new logger_1.Logger({ context: "SsrfListener" });
+        this.server = http_1.default.createServer(async (req, res) => {
+            try {
+                const extracted = ssrf_extractor_1.SsrfExtractor.extract(req);
+                const event = event_normalizer_1.EventNormalizer.normalizeSsrf(extracted);
+                await this.router.dispatch(event);
+                res.writeHead(200);
+                res.end("OK");
+            }
+            catch (err) {
+                res.writeHead(500);
+                res.end("ERROR");
+            }
+        });
+        this.server.listen(port);
+    }
+    stop() {
+        this.server.close();
+        this.logger.info("SSRF Listener stopped");
+    }
+}
+exports.SsrfListener = SsrfListener;

package/dist/listeners/tcp/tcp.extractor.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TcpExtractor = void 0;
+const id_generator_1 = require("../../core/id-generator");
+class TcpExtractor {
+    static normalize(raw) {
+        return {
+            id: id_generator_1.IdGenerator.generate(),
+            type: "tcp",
+            timestamp: Date.now(),
+            ip: raw.ip ?? "",
+            port: raw.port ?? 0,
+            data: raw.data ?? "",
+            raw,
+        };
+    }
+}
+exports.TcpExtractor = TcpExtractor;