whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into feature/access-token-detector

Browse source
This commit is contained in:
KMINGON 2025-06-04 17:02:13 +09:00
commit ba98eef694
6 changed files with 335 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

191
packages/backend/src/controller/PKCECheck.ts
View file

@ -2,138 +2,94 @@ import type { SDK } from "caido:plugin";
import { Body, RequestSpec, type Request } from "caido:utils";
export class PKCECheck {
// 필요한 PKCE 파라미터 목록
private readonly requiredPKCEKeys = ["client_id", "response_type", "code_challenge", "code_challenge_method"];
// PKCE 취약점 테스트 메인 함수
async test(sdk: SDK, req: Request): Promise<boolean> {
const method = req.getMethod();
const url = req.getUrl();
// GET 요청이 아니면 검사하지 않음
if (method !== "GET") {
sdk.console.log("[PKCEDowngradeCheck] Not a GET request. Skipping.");
return false;
}
const query = req.getQuery();
const searchParams = new URLSearchParams(query);
const requiredKeys = ["client_id", "response_type", "code_challenge", "code_challenge_method"];
const searchParams = new URLSearchParams(req.getQuery());
if (!requiredKeys.every((key) => searchParams.has(key))) {
// 필수 PKCE 파라미터들이 모두 있는지 확인
if (!this.requiredPKCEKeys.every(key => searchParams.has(key))) {
sdk.console.log("[PKCEDowngradeCheck] Required PKCE parameters missing. Skipping.");
return false;
}
const url = req.getUrl();
// OpenID 여부 확인
const isOpenID = searchParams.get("scope")?.includes("openid") || url.includes("id_token");
const methodVal = searchParams.get("code_challenge_method");
const challengeVal = searchParams.get("code_challenge");
// 파라미터가 없으면 경고 리포트 생성
if (!methodVal || !challengeVal) {
sdk.console.log("[PKCEDowngradeCheck] code_challenge or method missing. Skipping.");
await sdk.findings.create({
title: isOpenID
? "[WARN] OpenID Flow PKCE Parameters Missing"
: "[WARN] OAuth2 Flow PKCE Parameters Missing",
description: `PKCE parameters are missing or incomplete for ${url}. This may indicate a misconfiguration.`,
request: req,
reporter: "PKCE Checker",
});
await this.reportFinding(sdk, req, url, isOpenID, "[WARN] PKCE Parameters Missing", "PKCE parameters are missing or incomplete.");
return false;
}
// code_challenge_method가 'plain'이면 취약할 수 있음
if (methodVal === "plain") {
sdk.console.log("[PKCEDowngradeCheck] code_challenge_method is 'plain'. Skipping.");
await sdk.findings.create({
title: isOpenID
? "[WARN] OpenID Flow PKCE Method is 'plain'"
: "[WARN] OAuth2 Flow PKCE Method is 'plain'",
description: `PKCE method is set to 'plain' for ${url}. This may indicate a downgrade vulnerability.`,
request: req,
reporter: "PKCE Checker",
});
await this.reportFinding(sdk, req, url, isOpenID, "[WARN] PKCE Method is 'plain'", "PKCE method is set to 'plain'. This may indicate a downgrade vulnerability.");
return false;
}
// Remove PKCE parameters to simulate a downgraded request
// PKCE 관련 파라미터 제거하여 다운그레이드된 URL 생성
searchParams.delete("code_challenge");
searchParams.delete("code_challenge_method");
const downgradedQuery = searchParams.toString();
const scheme = req.getUrl().startsWith("https") ? "https" : "http";
const scheme = url.startsWith("https") ? "https" : "http";
const downgradedUrl = `${scheme}://${req.getHost()}:${req.getPort()}${req.getPath()}?${downgradedQuery}`;
sdk.console.log(`${req.getHost()} Original URL: ` + url);
sdk.console.log(`${req.getHost()} Downgraded URL: ` + downgradedUrl);
sdk.console.log(`${req.getHost()} Original URL: ${url}`);
sdk.console.log(`${req.getHost()} Downgraded URL: ${downgradedUrl}`);
try {
// Use Caido Replay SDK to replay the original request
const spec = new RequestSpec(downgradedUrl);
spec.setBody(req.getBody() as Body);
for (const [key, value] of Object.entries(req.getHeaders())) {
if (Array.isArray(value)) {
spec.setHeader(key, value.join(', ')); // or another suitable delimiter
} else {
spec.setHeader(key, value);
// 원래 요청과 다운그레이드된 요청 각각 전송
const downgradedResponse = await this.sendRequest(sdk, req, downgradedUrl, downgradedQuery);
const originalResponse = await this.sendRequest(sdk, req, url, req.getQuery());
if (downgradedResponse && originalResponse) {
const originalCode = originalResponse.getCode();
const downgradedCode = downgradedResponse.getCode();
const originalLoc = originalResponse.getHeader("location") || "";
const downgradedLoc = downgradedResponse.getHeader("location") || "";
sdk.console.log(`${req.getHost()} Original Status: ${originalCode}`);
sdk.console.log(`${req.getHost()} Downgraded Status: ${downgradedCode}`);
sdk.console.log(`${req.getHost()} Original Location: ${originalLoc}`);
sdk.console.log(`${req.getHost()} Downgraded Location: ${downgradedLoc}`);
// 두 응답 모두 리디렉션이면서 code= 파라미터 포함 시 취약점 리포트 생성
const bothRedirect = [301, 302].includes(originalCode) && [301, 302].includes(downgradedCode);
const bothContainCode = originalLoc.includes("code=") && downgradedLoc.includes("code=");
if (bothRedirect && bothContainCode) {
const title = isOpenID
? "[CRITICAL] OpenID Flow PKCE Downgrade Vulnerability"
: "[CRITICAL] OAuth2 Flow PKCE Downgrade Vulnerability";
const reference = isOpenID
? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7"
: "https://datatracker.ietf.org/doc/html/rfc7636";
await sdk.findings.create({
title,
description: `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`,
request: req,
reporter: "PKCE Checker",
});
return true;
}
}
spec.setHost(req.getHost());
spec.setMethod(req.getMethod());
spec.setPath(req.getPath());
spec.setQuery(downgradedQuery);
spec.setTls(req.getTls());
spec.setPort(req.getPort());
let sendDowngradedRequest = await sdk.requests.send(spec);
if (sendDowngradedRequest.response) {
let domain = spec.getHost();
let port = spec.getPort();
let path = spec.getPath();
let query = spec.getQuery();
let id = sendDowngradedRequest.response.getId();
let code = sendDowngradedRequest.response.getCode();
sdk.console.log(`REQ ${id}: ${domain}:${port}${path}${query} received a status code of ${code}`);
}
if (sendDowngradedRequest.response?.getCode() === 302) {
await sdk.findings.create({
title: isOpenID
? "[CRITICAL] OpenID Flow PKCE Downgrade Vulnerability"
: "[CRITICAL] OAuth2 Flow PKCE Downgrade Vulnerability",
description: `The request to ${url} is vulnerable to a PKCE downgrade attack. This may indicate a configuration error.`,
request: req,
reporter: "PKCE Checker",
});
}
/*
sdk.console.log(`${req.getHost()} Original Status: ` + resOriginal.status);
sdk.console.log(`${req.getHost()} Downgraded Status: ` + resDowngraded.status);
sdk.console.log(`${req.getHost()} Original Headers: ` + JSON.stringify(resOriginal.headers));
sdk.console.log(`${req.getHost()} Downgraded Headers: ` + JSON.stringify(resDowngraded.headers));
// Caido Dev Docs 기준으로, 리다이렉트된 URL은 Response 객체의 url 속성에 저장되어 있음
const locationOriginal = resOriginal.url ?? "";
const locationDowngraded = resDowngraded.url ?? "";
sdk.console.log(`${req.getHost()} Original Location: ` + locationOriginal);
sdk.console.log(`${req.getHost()} Downgraded Location: ` + locationDowngraded);
const statusEqual = resOriginal.status === resDowngraded.status;
const codeInRedirects = locationOriginal.includes("code=") && locationDowngraded.includes("code=");
if (statusEqual && codeInRedirects) {
const title = isOpenID
? "[CRITICAL] OpenID Flow PKCE Downgraded to Plaintext"
: "[CRITICAL] OAuth2 Flow PKCE Downgraded to Plaintext";
const reference = isOpenID
? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7"
: "https://datatracker.ietf.org/doc/html/rfc7636";
await sdk.findings.create({
title,
description: `PKCE downgrade detected for ${url}.\n\nDowngraded URL: ${downgradedUrl}\n\nRedirect contained code=.\n\nReference: ${reference}`,
request: req,
reporter: "",
});
return true;
}*/
} catch (err) {
sdk.console.error(`PKCE downgrade check failed for ${url}: ${String(err)}`);
}
@ -141,4 +97,41 @@ export class PKCECheck {
sdk.console.log("[PKCEDowngradeCheck] No PKCE downgrade detected.");
return false;
}
// 요청 전송 도우미 함수
private async sendRequest(sdk: SDK, req: Request, url: string, query: string) {
const spec = new RequestSpec(url);
spec.setMethod(req.getMethod());
spec.setPath(req.getPath());
spec.setQuery(query);
spec.setBody(req.getBody() as Body);
spec.setHost(req.getHost());
spec.setPort(req.getPort());
spec.setTls(req.getTls());
for (const [key, value] of Object.entries(req.getHeaders())) {
spec.setHeader(key, Array.isArray(value) ? value.join(', ') : value);
}
const result = await sdk.requests.send(spec);
return result.response ?? null;
}
// 경고 리포트 생성 함수
private async reportFinding(
sdk: SDK,
req: Request,
url: string,
isOpenID: boolean,
title: string,
message: string
) {
const fullTitle = isOpenID ? `[WARN] OpenID Flow ${title}` : `[WARN] OAuth2 Flow ${title}`;
await sdk.findings.create({
title: fullTitle,
description: `${message} (${url})`,
request: req,
reporter: "PKCE Checker",
});
}
}

56
packages/backend/src/controller/csrfCheck.ts
View file

@ -7,13 +7,13 @@ const httpUtils = new HttpUtils();
export class CsrfCheck {
private isTargetUri(uri: string): boolean {
if (
uri.includes("client_id=") &&
(uri.includes("response_type=") ||
uri.includes("grant_type=") ||
uri.includes("redirect_uri=") ||
uri.includes("scope=") ||
uri.includes("state=") ||
uri.includes("nonce="))
httpUtils.getQueryParamFromURI(uri, "client_id") !== null &&
(httpUtils.getQueryParamFromURI(uri, "response_type") !== null ||
httpUtils.getQueryParamFromURI(uri, "grant_type") !== null ||
httpUtils.getQueryParamFromURI(uri, "redirect_uri") !== null ||
httpUtils.getQueryParamFromURI(uri, "scope") !== null ||
httpUtils.getQueryParamFromURI(uri, "state") !== null ||
httpUtils.getQueryParamFromURI(uri, "nonce") !== null)
) {
return true;
}
@ -151,15 +151,25 @@ export class CsrfCheck {
let result = ``;
// 쿼리에 state 파라미터가 없으면 CSRF 위험
if (this.isOauthUri(request) && !this.isStateInQuery(request)) {
result += "CSRF risk: missing state parameter"; // CSRF risk: missing state parameter
try {
if (this.isOauthUri(request) && !this.isStateInQuery(request)) {
result += "CSRF risk: missing state parameter"; // CSRF risk: missing state parameter
}
} catch (error) {
sdk.console.error(`Error checking state in query: ${error}`);
}
// location 헤더에 state 파라미터가 없거나, 요청에서 보낸 state와 다르면 CSRF 위험
const stateAtResponseLocationHeaderCheck =
this.checkStateAtResponseLocationHeader(request, response);
if (stateAtResponseLocationHeaderCheck !== 0) {
result += `, ${stateAtResponseLocationHeaderCheck.join(", ")}`;
try {
const stateAtResponseLocationHeaderCheck =
this.checkStateAtResponseLocationHeader(request, response);
if (stateAtResponseLocationHeaderCheck !== 0) {
result += `, ${stateAtResponseLocationHeaderCheck.join(", ")}`;
}
} catch (error) {
sdk.console.error(
`Error checking state in response location header: ${error}`
);
}
// // 처음으로 state를 발급한 요청에서 state 파라미터를 바꿔서 보내기
@ -168,13 +178,19 @@ export class CsrfCheck {
// result += `, ${reusedStateCheck.join(", ")}`;
// }
if (result) {
await sdk.findings.create({
title: "csrf vuln",
description: `SSO-related parameters detected in response:\n\n${request.getMethod()} ${request.getUrl()} : ${result}`,
request,
reporter: "csrf reporter",
});
result.replace(/^\s*,\s*|\s*$/, ""); // Remove leading/trailing commas
try {
if (result) {
await sdk.findings.create({
title: "csrf vuln",
description: `SSO-related parameters detected in response:\n\n${request.getMethod()} ${request.getUrl()} : ${result}`,
request,
reporter: "csrf reporter",
});
sdk.console.log("qq");
}
} catch (error) {
sdk.console.error(`Error creating finding: ${error}`);
}
}
}

59
packages/backend/src/controller/redirect_uriBypass.ts Normal file
View file

@ -0,0 +1,59 @@
import type { Request, Response } from "caido:utils";
import type { SDK } from "caido:plugin";
export class RedirectBypassController {
// redirect_uri를 확인하는 함수
isRedirectUri(req: Request): { detected: boolean; redirectUri?: string } {
// ? 뒤에 오는 파라미터 모두 가져오고, 정규표현식으로 redirect_uri= 이후 주소만 뽑음(없으면 null)
const query = req.getQuery();
const redirectUriMatch = query.match(/redirect_uri=([^&]+)/i);
// redirectUriMatch[1]은 ()로 감싼 부분
// redirect_uri 파라미터가 없거나 있어도 주소가 문자열이 아니면 false
if (!redirectUriMatch || typeof redirectUriMatch[1] !== "string") {
return { detected: false };
}
// 인코딩된 주소를 원래대로 바꿈 (ex. https://~~)
const redirectUri = decodeURIComponent(redirectUriMatch[1]);
const bypassPatterns = [
"%ff@", "", "%2f@", "%0a@", "%0d@", "\\", ".evil.com", "@", "%2f..%2f",
];
// 위 패턴에 일치하는 게 있으면 true랑 redirectUri 반환 (false일 땐 undefined)
const detected = bypassPatterns.some(pattern => redirectUri.includes(pattern));
return { detected, redirectUri: detected ? redirectUri : undefined };
}
// 응답에 인가 코드가 포함되어 있는지 확인하는 함수
isCodeIssued(res: Response): boolean {
const location = res.getHeader("Location") || "";
return location.includes("code=");
}
// 위의 두 함수 모두 만족하면 true, 문제의 주소를 반환하는 함수
test(req: Request, res: Response): { detected: boolean; redirectUri?: string } {
const redirectCheck = this.isRedirectUri(req);
const codeIssued = this.isCodeIssued(res);
if (redirectCheck.detected && codeIssued) {
return { detected: true, redirectUri: redirectCheck.redirectUri };
}
return { detected: false };
}
// 탐지된 결과 저장하는 함수
async testAsync(sdk: SDK, req: Request, res: Response): Promise<void> {
const result = this.test(req, res);
if (result.detected) {
await sdk.findings.create({
title: "Redirect URI Bypass Detected",
description: `redirect_uri 우회 발견\nRedirect URI: ${result.redirectUri}`,
request: req,
reporter: "gyu",
});
}
}
}

30
packages/backend/src/index.ts
View file

@ -6,36 +6,40 @@ import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection";
import { NonceCheckController } from "./controller/nonceCheck";
// import { NonceCheckController } from "./controller/nonceCheck";
import { RedirectBypassController } from "./controller/redirect_uriBypass";
export type API = DefineAPI<{}>;
const csrfCheck = new CsrfCheck();
// const implicitGrantController = new ImplicitGrantController();
// const authZCodeGrantController = new AuthZCodeGrantController();
const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection();
const nonceCheckController = new NonceCheckController();
// const nonceCheckController = new NonceCheckController();
const redirectBypassController = new RedirectBypassController();
export function init(sdk: SDK<API>) {
sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
await csrfCheck.checker(sdk, req, res);
await pkceCheckController.test(sdk, req);
//await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, res, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
await redirectBypassController.testAsync(sdk, req, res);
if (NonceCheckController.isOidcFlow(req, res)) {
await sdk.findings.create({
title: "OIDC Flow Detected",
description: "The request appears to be part of an OIDC flow.",
request: req,
reporter: "",
});
}
// if (NonceCheckController.isOidcFlow(req, res)) {
// await sdk.findings.create({
// title: "OIDC Flow Detected",
// description: "The request appears to be part of an OIDC flow.",
// request: req,
// reporter: "",
// });
// }
});
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
await pkceCheckController.test(sdk, req);
});
/*
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result =

18
packages/backend/src/utils/http.ts
View file

@ -48,8 +48,8 @@ export class HttpUtils {
}
getQueryParamFromURI(uri: string, key: string): string | null {
uri = uri.toLowerCase();
key = key.toLowerCase();
uri = this.decodeAndLower(uri);
key = this.decodeAndLower(key);
try {
const urlObj = new URL(uri);
return urlObj.searchParams.get(key);
@ -66,8 +66,8 @@ export class HttpUtils {
* @returns - , null
*/
getQueryParam(query: string, key: string): string | null {
query = query.toLowerCase();
key = key.toLowerCase();
query = this.decodeAndLower(query);
key = this.decodeAndLower(key);
const params = new URLSearchParams(query);
return params.get(key);
@ -82,9 +82,9 @@ export class HttpUtils {
* @returns - "a=1&b=2&c=3..."
*/
setQueryParam(query: string, key: string, value: string): string {
query = query.toLowerCase();
key = key.toLowerCase();
value = value.toLowerCase();
query = this.decodeAndLower(query);
key = this.decodeAndLower(key);
value = this.decodeAndLower(value);
const params = new URLSearchParams(query);
params.set(key, value);
@ -99,8 +99,8 @@ export class HttpUtils {
* @returns -
*/
removeQueryParam(query: string, key: string): string {
query = query.toLowerCase();
key = key.toLowerCase();
query = this.decodeAndLower(query);
key = this.decodeAndLower(key);
const params = new URLSearchParams(query);
params.delete(key);

129
pnpm-lock.yaml generated
View file

@ -7,10 +7,17 @@ settings:
importers:
.:
dependencies:
'@types/jsonwebtoken':
specifier: ^9.0.9
version: 9.0.9
jsonwebtoken:
specifier: ^9.0.2
version: 9.0.2
devDependencies:
'@caido-community/dev':
specifier: ^0.1.3
version: 0.1.5(postcss@8.5.3)(typescript@5.5.4)
version: 0.1.5(@types/node@22.15.29)(postcss@8.5.3)(typescript@5.5.4)
'@caido/sdk-backend':
specifier: ^0.48.1
version: 0.48.1
@ -328,6 +335,15 @@ packages:
'@types/estree@1.0.7':
resolution: {integrity: sha512-w28IoSUCJpidD/TGviZwwMJckNESJZXFu7NBZ5YJ4mEUnNraUn9Pm8HSZm/jDF1pDWYKspWE7oVphigUPRakIQ==}
'@types/jsonwebtoken@9.0.9':
resolution: {integrity: sha512-uoe+GxEuHbvy12OUQct2X9JenKM3qAscquYymuQN4fMWG9DBQtykrQEFcAbVACF7qaLw9BePSodUL0kquqBJpQ==}
'@types/ms@2.1.0':
resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==}
'@types/node@22.15.29':
resolution: {integrity: sha512-LNdjOkUDlU1RZb8e1kOIUpN1qQUlzGkEtbVNo53vbrwDg5om6oduhm4SiUaPW5ASTXhAiP0jInWG8Qx9fVlOeQ==}
accepts@2.0.0:
resolution: {integrity: sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==}
engines: {node: '>= 0.6'}
@ -364,6 +380,9 @@ packages:
brace-expansion@2.0.1:
resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==}
buffer-equal-constant-time@1.0.1:
resolution: {integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==}
bundle-require@5.1.0:
resolution: {integrity: sha512-3WrrOuZiyaaZPWiEt4G3+IffISVC9HYlWueJEBWED4ZH4aIAC2PnkdnuRrR94M+w6yGWn4AglWtJtBI8YqvgoA==}
engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
@ -465,6 +484,9 @@ packages:
eastasianwidth@0.2.0:
resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==}
ecdsa-sig-formatter@1.0.11:
resolution: {integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==}
ee-first@1.1.1:
resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==}
@ -622,9 +644,19 @@ packages:
json-schema-traverse@1.0.0:
resolution: {integrity: sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==}
jsonwebtoken@9.0.2:
resolution: {integrity: sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==}
engines: {node: '>=12', npm: '>=6'}
jszip@3.10.1:
resolution: {integrity: sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==}
jwa@1.4.2:
resolution: {integrity: sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==}
jws@3.2.2:
resolution: {integrity: sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==}
lie@3.3.0:
resolution: {integrity: sha512-UaiMJzeWRlEujzAuw5LokY1L5ecNQYZKfmyZ9L7wDHb/p5etKaxXhohBcrw0EYby+G/NA52vRSN4N39dxHAIwQ==}
@ -639,6 +671,27 @@ packages:
resolution: {integrity: sha512-IXO6OCs9yg8tMKzfPZ1YmheJbZCiEsnBdcB03l0OcfK9prKnJb96siuHCr5Fl37/yo9DnKU+TLpxzTUspw9shg==}
engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}
lodash.includes@4.3.0:
resolution: {integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==}
lodash.isboolean@3.0.3:
resolution: {integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==}
lodash.isinteger@4.0.4:
resolution: {integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==}
lodash.isnumber@3.0.3:
resolution: {integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==}
lodash.isplainobject@4.0.6:
resolution: {integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==}
lodash.isstring@4.0.1:
resolution: {integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==}
lodash.once@4.1.1:
resolution: {integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==}
lodash.sortby@4.7.0:
resolution: {integrity: sha512-HDWXG8isMntAyRF5vZ7xKuEvOhT4AhlRt/3czTSjvGUxjYCBVRQY48ViDHyfYz9VIoBkW4TMGQNapx+l3RUwdA==}
@ -837,6 +890,11 @@ packages:
safer-buffer@2.1.2:
resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}
semver@7.7.2:
resolution: {integrity: sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==}
engines: {node: '>=10'}
hasBin: true
send@1.2.0:
resolution: {integrity: sha512-uaW0WwXKpL9blXE2o0bRhoL2EGXIrZxQ2ZQ4mgcfoBxdFmQold+qWsD2jLrfZ0trjKL6vOw0j//eAwcALFjKSw==}
engines: {node: '>= 18'}
@ -971,6 +1029,9 @@ packages:
engines: {node: '>=14.17'}
hasBin: true
undici-types@6.21.0:
resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
unpipe@1.0.0:
resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==}
engines: {node: '>= 0.8'}
@ -1065,7 +1126,7 @@ packages:
snapshots:
'@caido-community/dev@0.1.5(postcss@8.5.3)(typescript@5.5.4)':
'@caido-community/dev@0.1.5(@types/node@22.15.29)(postcss@8.5.3)(typescript@5.5.4)':
dependencies:
'@caido/plugin-manifest': 0.3.0
chalk: 5.4.1
@ -1076,7 +1137,7 @@ snapshots:
jiti: 2.4.2
jszip: 3.10.1
tsup: 8.3.5(jiti@2.4.2)(postcss@8.5.3)(typescript@5.5.4)
vite: 6.0.7(jiti@2.4.2)
vite: 6.0.7(@types/node@22.15.29)(jiti@2.4.2)
ws: 8.18.0
zod: 3.24.1
transitivePeerDependencies:
@ -1284,6 +1345,17 @@ snapshots:
'@types/estree@1.0.7': {}
'@types/jsonwebtoken@9.0.9':
dependencies:
'@types/ms': 2.1.0
'@types/node': 22.15.29
'@types/ms@2.1.0': {}
'@types/node@22.15.29':
dependencies:
undici-types: 6.21.0
accepts@2.0.0:
dependencies:
mime-types: 3.0.1
@ -1328,6 +1400,8 @@ snapshots:
dependencies:
balanced-match: 1.0.2
buffer-equal-constant-time@1.0.1: {}
bundle-require@5.1.0(esbuild@0.24.2):
dependencies:
esbuild: 0.24.2
@ -1401,6 +1475,10 @@ snapshots:
eastasianwidth@0.2.0: {}
ecdsa-sig-formatter@1.0.11:
dependencies:
safe-buffer: 5.2.1
ee-first@1.1.1: {}
emoji-regex@8.0.0: {}
@ -1605,6 +1683,19 @@ snapshots:
json-schema-traverse@1.0.0: {}
jsonwebtoken@9.0.2:
dependencies:
jws: 3.2.2
lodash.includes: 4.3.0
lodash.isboolean: 3.0.3
lodash.isinteger: 4.0.4
lodash.isnumber: 3.0.3
lodash.isplainobject: 4.0.6
lodash.isstring: 4.0.1
lodash.once: 4.1.1
ms: 2.1.3
semver: 7.7.2
jszip@3.10.1:
dependencies:
lie: 3.3.0
@ -1612,6 +1703,17 @@ snapshots:
readable-stream: 2.3.8
setimmediate: 1.0.5
jwa@1.4.2:
dependencies:
buffer-equal-constant-time: 1.0.1
ecdsa-sig-formatter: 1.0.11
safe-buffer: 5.2.1
jws@3.2.2:
dependencies:
jwa: 1.4.2
safe-buffer: 5.2.1
lie@3.3.0:
dependencies:
immediate: 3.0.6
@ -1622,6 +1724,20 @@ snapshots:
load-tsconfig@0.2.5: {}
lodash.includes@4.3.0: {}
lodash.isboolean@3.0.3: {}
lodash.isinteger@4.0.4: {}
lodash.isnumber@3.0.3: {}
lodash.isplainobject@4.0.6: {}
lodash.isstring@4.0.1: {}
lodash.once@4.1.1: {}
lodash.sortby@4.7.0: {}
lru-cache@10.4.3: {}
@ -1801,6 +1917,8 @@ snapshots:
safer-buffer@2.1.2: {}
semver@7.7.2: {}
send@1.2.0:
dependencies:
debug: 4.3.6
@ -1968,6 +2086,8 @@ snapshots:
typescript@5.5.4: {}
undici-types@6.21.0: {}
unpipe@1.0.0: {}
util-deprecate@1.0.2: {}
@ -1976,12 +2096,13 @@ snapshots:
vary@1.1.2: {}
vite@6.0.7(jiti@2.4.2):
vite@6.0.7(@types/node@22.15.29)(jiti@2.4.2):
dependencies:
esbuild: 0.24.2
postcss: 8.5.3
rollup: 4.41.0
optionalDependencies:
'@types/node': 22.15.29
fsevents: 2.3.3
jiti: 2.4.2