npm - @j3r3mcdev/oast-server - Versions diffs - 1.1.6 → 1.1.8 - Mend

@j3r3mcdev/oast-server 1.1.6 → 1.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/.github/workflows/ci.yml +29 -29
package/.github/workflows/publish.yml +31 -31
package/README.md +192 -192
package/dist/core/router.d.ts +1 -0
package/dist/core/router.js +3 -3
package/dist/index.d.ts +1 -0
package/dist/index.js +16 -1
package/jest.config.js +14 -14
package/package.json +45 -45
package/sadmin list shadows +9 -9
package/src/api/controllers/__tests__/tasks.controller.test.ts +74 -74
package/src/api/controllers/events.controller.ts +10 -10
package/src/api/controllers/health.controller.ts +7 -7
package/src/api/controllers/tasks.controller.ts +41 -41
package/src/api/dto/__tests__/create-task.dto.test.ts +41 -41
package/src/api/dto/__tests__/filter-tasks.dto.test.ts +35 -35
package/src/api/dto/create-task.dto.ts +33 -33
package/src/api/dto/filter-tasks.dto.ts +33 -33
package/src/api/services/__tests__/events.service.test.ts +41 -41
package/src/api/services/__tests__/tasks.service.test.ts +41 -41
package/src/api/services/events.service.ts +17 -17
package/src/api/services/tasks.service.ts +79 -79
package/src/api/sse/events.stream.ts +90 -90
package/src/bootstrap.ts +89 -89
package/src/core/__tests__/core-router.test.ts +30 -30
package/src/core/__tests__/core-server.test.ts +44 -44
package/src/core/__tests__/event.normalizer.test.ts +56 -56
package/src/core/__tests__/event.router.test.ts +89 -89
package/src/core/__tests__/logger.test.ts +32 -32
package/src/core/__tests__/storage-manager.test.ts +74 -74
package/src/core/event.normalizer.ts +147 -147
package/src/core/event.router.ts +13 -13
package/src/core/http/__tests__/adapter-node.test.ts +52 -52
package/src/core/http/__tests__/body-parser-multipart.test.ts +41 -41
package/src/core/http/__tests__/body-parser-raw.test.ts +28 -28
package/src/core/http/__tests__/body-parser-text.test.ts +28 -28
package/src/core/http/__tests__/compile-path.test.ts +39 -39
package/src/core/http/__tests__/middleware-pipeline.test.ts +51 -51
package/src/core/http/__tests__/request.test.ts +34 -34
package/src/core/http/__tests__/response.test.ts +35 -35
package/src/core/http/__tests__/router-match.test.ts +171 -171
package/src/core/http/adapter-node.ts +51 -51
package/src/core/http/buildRequest.ts +18 -18
package/src/core/http/compile-path.ts +32 -32
package/src/core/http/errors.ts +37 -37
package/src/core/http/http-server.ts +52 -52
package/src/core/http/middleware.ts +160 -160
package/src/core/http/request.ts +55 -55
package/src/core/http/response.ts +93 -93
package/src/core/http/router.ts +138 -138
package/src/core/id-generator.ts +8 -8
package/src/core/logger.ts +113 -113
package/src/core/router.ts +44 -44
package/src/core/server.ts +85 -85
package/src/core/storage.ts +64 -64
package/src/index.ts +14 -14
package/src/listeners/api/__tests__/api.controller.test.ts +116 -116
package/src/listeners/api/__tests__/api.extractor.test.ts +46 -46
package/src/listeners/api/__tests__/api.listener.test.ts +82 -82
package/src/listeners/api/__tests__/api.routes.test.ts +155 -155
package/src/listeners/api/__tests__/api.sse.test.ts +105 -105
package/src/listeners/api/api.controllers.ts +67 -67
package/src/listeners/api/api.extractor.ts +43 -43
package/src/listeners/api/api.listener.ts +50 -50
package/src/listeners/api/api.routes.ts +76 -76
package/src/listeners/api/api.sse.ts +38 -38
package/src/listeners/dns/__tests__/dns.test.ts +118 -118
package/src/listeners/dns/dns.extractor.ts +14 -14
package/src/listeners/dns/dns.listener.ts +61 -61
package/src/listeners/http/__tests__/http.extractor.test.ts +59 -59
package/src/listeners/http/__tests__/http.listener.test.ts +133 -133
package/src/listeners/http/http.extractor.ts +15 -15
package/src/listeners/http/http.listener.ts +110 -110
package/src/listeners/listener.interface.ts +4 -4
package/src/listeners/smtp/__tests__/smtp.extractor.test.ts +69 -69
package/src/listeners/smtp/__tests__/smtp.listener.test.ts +150 -150
package/src/listeners/smtp/smtp.extractor.ts +18 -18
package/src/listeners/smtp/smtp.listener.ts +60 -60
package/src/listeners/ssrf/__tests__/ssrf.extractor.test.ts +41 -41
package/src/listeners/ssrf/__tests__/ssrf.listener.test.ts +87 -87
package/src/listeners/ssrf/ssrf.extractor.ts +14 -14
package/src/listeners/ssrf/ssrf.listener.ts +37 -37
package/src/listeners/tcp/tcp.extractor.ts +16 -16
package/src/listeners/tcp/tcp.listener.ts +61 -61
package/src/listeners/webhook/__tests__/webhook.extractor.test.ts +35 -35
package/src/listeners/webhook/__tests__/webhook.listener.test.ts +122 -122
package/src/listeners/webhook/webhook.extractor.ts +12 -12
package/src/listeners/webhook/webhook.listener.ts +58 -58
package/src/listeners/websocket/__tests__/websocket.extractor.test.ts +33 -33
package/src/listeners/websocket/__tests__/websocket.listener.test.ts +90 -90
package/src/listeners/websocket/websocket.extractor.ts +11 -11
package/src/listeners/websocket/websocket.listener.ts +40 -40
package/src/storage-adapters/adapters/__tests__/memory.storage.test.ts +75 -75
package/src/storage-adapters/adapters/memory.storage.ts +64 -64
package/src/storage-adapters/storage.interface.ts +26 -26
package/src/types/event.types.ts +147 -147
package/tsconfig.json +20 -21

package/src/core/__tests__/logger.test.ts CHANGED Viewed

@@ -1,32 +1,32 @@
-import { Logger, LogEntry } from "../../core/logger";
-import { describe, it, expect, jest } from "@jest/globals";
-describe("Logger", () => {
-  it("appelle les hooks", () => {
-    const hook = jest.fn<(entry: LogEntry) => void>();
-    const logger = new Logger({ hooks: [hook], enabled: true });
-    logger.info("hello");
-    expect(hook).toHaveBeenCalled();
-    expect(hook.mock.calls[0][0].message).toBe("hello");
-  });
-  it("respecte le niveau de logs", () => {
-    const hook = jest.fn<(entry: LogEntry) => void>();
-    const logger = new Logger({ level: "warn", hooks: [hook] });
-    logger.info("should not log");
-    logger.error("should log");
-    expect(hook).toHaveBeenCalledTimes(1);
-    expect(hook.mock.calls[0][0].level).toBe("error");
-  });
-  it("crée un logger enfant avec contexte", () => {
-    const logger = new Logger({ context: "root" });
-    const child = logger.withContext("child");
-    expect(child).not.toBe(logger);
-  });
-});
+import { Logger, LogEntry } from "../../core/logger";
+import { describe, it, expect, jest } from "@jest/globals";
+describe("Logger", () => {
+  it("appelle les hooks", () => {
+    const hook = jest.fn<(entry: LogEntry) => void>();
+    const logger = new Logger({ hooks: [hook], enabled: true });
+    logger.info("hello");
+    expect(hook).toHaveBeenCalled();
+    expect(hook.mock.calls[0][0].message).toBe("hello");
+  });
+  it("respecte le niveau de logs", () => {
+    const hook = jest.fn<(entry: LogEntry) => void>();
+    const logger = new Logger({ level: "warn", hooks: [hook] });
+    logger.info("should not log");
+    logger.error("should log");
+    expect(hook).toHaveBeenCalledTimes(1);
+    expect(hook.mock.calls[0][0].level).toBe("error");
+  });
+  it("crée un logger enfant avec contexte", () => {
+    const logger = new Logger({ context: "root" });
+    const child = logger.withContext("child");
+    expect(child).not.toBe(logger);
+  });
+});

package/src/core/__tests__/storage-manager.test.ts CHANGED Viewed

@@ -1,74 +1,74 @@
-import { describe, test, expect } from "@jest/globals";
-import { StorageManager } from "../storage"; // si ton fichier s'appelle storage-manager.ts
-import { NormalizedHttpEvent } from "../../types/event.types";
-function makeHttpEvent(id: string): NormalizedHttpEvent {
-  return {
-    id,
-    type: "http",
-    timestamp: Date.now(),
-    sourceIp: "127.0.0.1",
-    request: {
-      method: "GET",
-      path: "/",
-      headers: {},
-      query: {},
-      body: "",
-    },
-  };
-}
-describe("StorageManager", () => {
-  test("save + getEvent", async () => {
-    const storage = new StorageManager();
-    const event = makeHttpEvent("1");
-    await storage.save(event);
-    const found = await storage.getEvent("1");
-    expect(found).not.toBeNull();
-    expect(found?.id).toBe("1");
-  });
-  test("listEvents returns events", async () => {
-    const storage = new StorageManager();
-    await storage.save(makeHttpEvent("1"));
-    const list = await storage.listEvents({});
-    expect(list.length).toBe(1);
-  });
-  test("deleteEvent removes event", async () => {
-    const storage = new StorageManager();
-    await storage.save(makeHttpEvent("1"));
-    let list = await storage.listEvents({});
-    expect(list.length).toBe(1);
-    await storage.deleteEvent("1");
-    list = await storage.listEvents({});
-    expect(list.length).toBe(0);
-  });
-  test("clearEvents empties storage", async () => {
-    const storage = new StorageManager();
-    await storage.save(makeHttpEvent("1"));
-    await storage.clearEvents();
-    const list = await storage.listEvents({});
-    expect(list.length).toBe(0);
-  });
-  test("getStats returns correct structure", async () => {
-    const storage = new StorageManager();
-    const stats = await storage.getStats();
-    expect(stats.total).toBe(0);
-    expect(stats.byType).toEqual({});
-  });
-});
+import { describe, test, expect } from "@jest/globals";
+import { StorageManager } from "../storage"; // si ton fichier s'appelle storage-manager.ts
+import { NormalizedHttpEvent } from "../../types/event.types";
+function makeHttpEvent(id: string): NormalizedHttpEvent {
+  return {
+    id,
+    type: "http",
+    timestamp: Date.now(),
+    sourceIp: "127.0.0.1",
+    request: {
+      method: "GET",
+      path: "/",
+      headers: {},
+      query: {},
+      body: "",
+    },
+  };
+}
+describe("StorageManager", () => {
+  test("save + getEvent", async () => {
+    const storage = new StorageManager();
+    const event = makeHttpEvent("1");
+    await storage.save(event);
+    const found = await storage.getEvent("1");
+    expect(found).not.toBeNull();
+    expect(found?.id).toBe("1");
+  });
+  test("listEvents returns events", async () => {
+    const storage = new StorageManager();
+    await storage.save(makeHttpEvent("1"));
+    const list = await storage.listEvents({});
+    expect(list.length).toBe(1);
+  });
+  test("deleteEvent removes event", async () => {
+    const storage = new StorageManager();
+    await storage.save(makeHttpEvent("1"));
+    let list = await storage.listEvents({});
+    expect(list.length).toBe(1);
+    await storage.deleteEvent("1");
+    list = await storage.listEvents({});
+    expect(list.length).toBe(0);
+  });
+  test("clearEvents empties storage", async () => {
+    const storage = new StorageManager();
+    await storage.save(makeHttpEvent("1"));
+    await storage.clearEvents();
+    const list = await storage.listEvents({});
+    expect(list.length).toBe(0);
+  });
+  test("getStats returns correct structure", async () => {
+    const storage = new StorageManager();
+    const stats = await storage.getStats();
+    expect(stats.total).toBe(0);
+    expect(stats.byType).toEqual({});
+  });
+});

package/src/core/event.normalizer.ts CHANGED Viewed

@@ -1,147 +1,147 @@
-import {
-  RawEvent,
-  RawDnsEvent,
-  RawSmtpEvent,
-  RawTcpEvent,
-  RawSsrfEvent,
-  NormalizedHttpEvent,
-  NormalizedDnsEvent,
-  NormalizedSmtpEvent,
-  NormalizedTcpEvent,
-  NormalizedSsrfEvent,
-  NormalizedWebhookEvent,
-  RawWebhookEvent,
-  NormalizedWebSocketEvent,
-  RawWebSocketEvent,
-} from "../types/event.types";
-import { IdGenerator } from "./id-generator";
-export class EventNormalizer {
-  //
-  // -------------------------
-  // DNS
-  // -------------------------
-  //
-  static normalizeDns(event: RawDnsEvent): NormalizedDnsEvent {
-    return {
-      id: IdGenerator.generate(),
-      type: "dns",
-      timestamp: Date.now(),
-      ip: event.ip ?? "",
-      query: event.query ?? "",
-      recordType: event.recordType ?? "",
-      raw: event.raw,
-    };
-  }
-  //
-  // -------------------------
-  // HTTP
-  // -------------------------
-  //
-  static normalizeHttp(event: RawEvent): NormalizedHttpEvent {
-    const sourceIp = event.ip && event.ip.trim() !== "" ? event.ip : "unknown";
-    return {
-      id: IdGenerator.generate(),
-      type: "http",
-      timestamp: Date.now(),
-      sourceIp,
-      request: {
-        method: event.method,
-        path: event.path,
-        headers: event.headers,
-        query: event.query,
-        body: event.body,
-      },
-    };
-  }
-  //
-  // -------------------------
-  // SMTP
-  // -------------------------
-  //
-  static normalizeSmtp(event: RawSmtpEvent): NormalizedSmtpEvent {
-    return {
-      id: IdGenerator.generate(),
-      type: "smtp",
-      timestamp: Date.now(),
-      ip: event.ip ?? "",
-      from: event.from ?? "",
-      to: event.to ?? [],
-      subject: event.subject ?? "",
-      body: event.body ?? "",
-      raw: event.raw,
-    };
-  }
-  //
-  // -------------------------
-  // TCP
-  // -------------------------
-  //
-  static normalizeTcp(event: RawTcpEvent): NormalizedTcpEvent {
-    return {
-      id: IdGenerator.generate(),
-      type: "tcp",
-      timestamp: Date.now(),
-      ip: event.ip ?? "",
-      port: event.port ?? 0,
-      data: event.data ?? "",
-      raw: event.raw,
-    };
-  }
-  //
-  // -------------------------
-  // SSRF
-  // -------------------------
-  //
-  static normalizeSsrf(raw: RawSsrfEvent): NormalizedSsrfEvent {
-    return {
-      id: IdGenerator.generate(),
-      type: "ssrf",
-      timestamp: Date.now(),
-      sourceIp: raw.ip,
-      request: {
-        method: raw.method,
-        path: raw.path,
-        headers: raw.headers,
-        query: raw.query,
-      },
-    };
-  }
-  //
-  // -------------------------
-  // webhook
-  // -------------------------
-  //
-  static normalizeWebhook(raw: RawWebhookEvent): NormalizedWebhookEvent {
-    return {
-      id: IdGenerator.generate(),
-      type: "webhook",
-      timestamp: Date.now(),
-      sourceIp: raw.ip,
-      headers: raw.headers,
-      body: raw.body,
-    };
-  }
-  //
-  // -------------------------
-  // websocket
-  // -------------------------
-  //
-  static normalizeWebSocket(raw: RawWebSocketEvent): NormalizedWebSocketEvent {
-    return {
-      id: IdGenerator.generate(),
-      type: "websocket",
-      timestamp: Date.now(),
-      sourceIp: raw.ip,
-      message: raw.message,
-    };
-  }
-}
+import {
+  RawEvent,
+  RawDnsEvent,
+  RawSmtpEvent,
+  RawTcpEvent,
+  RawSsrfEvent,
+  NormalizedHttpEvent,
+  NormalizedDnsEvent,
+  NormalizedSmtpEvent,
+  NormalizedTcpEvent,
+  NormalizedSsrfEvent,
+  NormalizedWebhookEvent,
+  RawWebhookEvent,
+  NormalizedWebSocketEvent,
+  RawWebSocketEvent,
+} from "../types/event.types";
+import { IdGenerator } from "./id-generator";
+export class EventNormalizer {
+  //
+  // -------------------------
+  // DNS
+  // -------------------------
+  //
+  static normalizeDns(event: RawDnsEvent): NormalizedDnsEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "dns",
+      timestamp: Date.now(),
+      ip: event.ip ?? "",
+      query: event.query ?? "",
+      recordType: event.recordType ?? "",
+      raw: event.raw,
+    };
+  }
+  //
+  // -------------------------
+  // HTTP
+  // -------------------------
+  //
+  static normalizeHttp(event: RawEvent): NormalizedHttpEvent {
+    const sourceIp = event.ip && event.ip.trim() !== "" ? event.ip : "unknown";
+    return {
+      id: IdGenerator.generate(),
+      type: "http",
+      timestamp: Date.now(),
+      sourceIp,
+      request: {
+        method: event.method,
+        path: event.path,
+        headers: event.headers,
+        query: event.query,
+        body: event.body,
+      },
+    };
+  }
+  //
+  // -------------------------
+  // SMTP
+  // -------------------------
+  //
+  static normalizeSmtp(event: RawSmtpEvent): NormalizedSmtpEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "smtp",
+      timestamp: Date.now(),
+      ip: event.ip ?? "",
+      from: event.from ?? "",
+      to: event.to ?? [],
+      subject: event.subject ?? "",
+      body: event.body ?? "",
+      raw: event.raw,
+    };
+  }
+  //
+  // -------------------------
+  // TCP
+  // -------------------------
+  //
+  static normalizeTcp(event: RawTcpEvent): NormalizedTcpEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "tcp",
+      timestamp: Date.now(),
+      ip: event.ip ?? "",
+      port: event.port ?? 0,
+      data: event.data ?? "",
+      raw: event.raw,
+    };
+  }
+  //
+  // -------------------------
+  // SSRF
+  // -------------------------
+  //
+  static normalizeSsrf(raw: RawSsrfEvent): NormalizedSsrfEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "ssrf",
+      timestamp: Date.now(),
+      sourceIp: raw.ip,
+      request: {
+        method: raw.method,
+        path: raw.path,
+        headers: raw.headers,
+        query: raw.query,
+      },
+    };
+  }
+  //
+  // -------------------------
+  // webhook
+  // -------------------------
+  //
+  static normalizeWebhook(raw: RawWebhookEvent): NormalizedWebhookEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "webhook",
+      timestamp: Date.now(),
+      sourceIp: raw.ip,
+      headers: raw.headers,
+      body: raw.body,
+    };
+  }
+  //
+  // -------------------------
+  // websocket
+  // -------------------------
+  //
+  static normalizeWebSocket(raw: RawWebSocketEvent): NormalizedWebSocketEvent {
+    return {
+      id: IdGenerator.generate(),
+      type: "websocket",
+      timestamp: Date.now(),
+      sourceIp: raw.ip,
+      message: raw.message,
+    };
+  }
+}

package/src/core/event.router.ts CHANGED Viewed

@@ -1,13 +1,13 @@
-import { EventNormalizer } from "./event.normalizer";
-import { Storage } from "../storage-adapters/storage.interface";
-import { RawEvent, NormalizedHttpEvent } from "../types/event.types";
-export class EventRouter {
-  constructor(private storage: Storage) {}
-  async handleHttp(event: RawEvent): Promise<NormalizedHttpEvent> {
-    const normalized = EventNormalizer.normalizeHttp(event);
-    await this.storage.save(normalized);
-    return normalized;
-  }
-}
+import { EventNormalizer } from "./event.normalizer";
+import { Storage } from "../storage-adapters/storage.interface";
+import { RawEvent, NormalizedHttpEvent } from "../types/event.types";
+export class EventRouter {
+  constructor(private storage: Storage) {}
+  async handleHttp(event: RawEvent): Promise<NormalizedHttpEvent> {
+    const normalized = EventNormalizer.normalizeHttp(event);
+    await this.storage.save(normalized);
+    return normalized;
+  }
+}

package/src/core/http/__tests__/adapter-node.test.ts CHANGED Viewed

@@ -1,52 +1,52 @@
-import { NodeAdapter } from "../adapter-node";
-import { MiddlewarePipeline } from "../middleware";
-import { Router } from "../router";
-import { Request } from "../request";
-import { Response } from "../response";
-import { describe, it, expect, jest } from "@jest/globals";
-import * as Build from "../buildRequest";
-describe("NodeAdapter.handle", () => {
-  it("appelle le handler quand la route match", async () => {
-    const router = new Router();
-    const pipeline = new MiddlewarePipeline();
-    // mock buildRequest
-    const buildRequestMock = jest
-      .spyOn(Build, "buildRequest")
-      .mockImplementation(
-        (raw: any, params?: Record<string, string>) =>
-          new Request({
-            method: "GET",
-            path: "/test",
-            headers: {},
-            params: params ?? {},
-          }),
-      );
-    const handler = jest.fn();
-    router.match = jest.fn(() => ({
-      handler,
-      params: { id: "42" },
-      middlewares: [],
-    })) as any;
-    pipeline.run = jest.fn(async () => {}) as any;
-    const res = {
-      writableEnded: false,
-      setHeader: jest.fn(),
-      end: jest.fn(),
-      statusCode: 200,
-    };
-    const adapter = new NodeAdapter(router, pipeline);
-    await adapter.handle({ url: "/test", method: "GET", headers: {} }, res);
-    expect(handler).toHaveBeenCalled();
-    expect(pipeline.run).toHaveBeenCalled();
-    expect(buildRequestMock).toHaveBeenCalledTimes(2);
-  });
-});
+import { NodeAdapter } from "../adapter-node";
+import { MiddlewarePipeline } from "../middleware";
+import { Router } from "../router";
+import { Request } from "../request";
+import { Response } from "../response";
+import { describe, it, expect, jest } from "@jest/globals";
+import * as Build from "../buildRequest";
+describe("NodeAdapter.handle", () => {
+  it("appelle le handler quand la route match", async () => {
+    const router = new Router();
+    const pipeline = new MiddlewarePipeline();
+    // mock buildRequest
+    const buildRequestMock = jest
+      .spyOn(Build, "buildRequest")
+      .mockImplementation(
+        (raw: any, params?: Record<string, string>) =>
+          new Request({
+            method: "GET",
+            path: "/test",
+            headers: {},
+            params: params ?? {},
+          }),
+      );
+    const handler = jest.fn();
+    router.match = jest.fn(() => ({
+      handler,
+      params: { id: "42" },
+      middlewares: [],
+    })) as any;
+    pipeline.run = jest.fn(async () => {}) as any;
+    const res = {
+      writableEnded: false,
+      setHeader: jest.fn(),
+      end: jest.fn(),
+      statusCode: 200,
+    };
+    const adapter = new NodeAdapter(router, pipeline);
+    await adapter.handle({ url: "/test", method: "GET", headers: {} }, res);
+    expect(handler).toHaveBeenCalled();
+    expect(pipeline.run).toHaveBeenCalled();
+    expect(buildRequestMock).toHaveBeenCalledTimes(2);
+  });
+});