Dist conflicts resolve

2025-05-31 11:57:52 +09:00 · 2025-05-31 11:57:52 +09:00 · dcd0343569
commit dcd0343569
parent 8e33934951
4 changed files with 224 additions and 105 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,224 @@
-node_modules
+# Created by https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
+# Edit at https://www.toptal.com/developers/gitignore?templates=node,macos,windows,linux
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+### Node Patch ###
+# Serverless Webpack directories
+.webpack/
+
+# Optional stylelint cache
+
+# SvelteKit build / generate output
+.svelte-kit
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+#!dist/
+dist/*
+packages/frontend/dist
+packages/backend/dist
+#!dist/*.zip
+
+# End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
--- a/dist/plugin_package.zip
+++ b/dist/plugin_package.zip
--- a/dist/plugin_package/manifest.json
+++ b/dist/plugin_package/manifest.json
@ -1,21 +0,0 @@
-{
-  "id": "oauth-vuln-detector",
-  "name": "OAuth Vuln Detector",
-  "version": "0.0.1",
-  "description": "Detects OAuth misconfiguration.",
-  "author": {
-    "name": "caterpii",
-    "email": "dlaha171@gmail.com",
-    "url": "https://github.com/katerpii"
-  },
-  "links": {},
-  "plugins": [
-    {
-      "id": "oauth-backend",
-      "kind": "backend",
-      "name": "backend",
-      "entrypoint": "oauth-backend/index.js",
-      "runtime": "javascript"
-    }
-  ]
-}
--- a/dist/plugin_package/oauth-backend/index.js
+++ b/dist/plugin_package/oauth-backend/index.js
@ -1,83 +0,0 @@
-// packages/backend/src/index.ts
-import { promises as fs } from "fs";
-import * as path from "path";
-import os from "os";
-var requestMap = /* @__PURE__ */ new Map();
-function init(sdk) {
-  sdk.events.onInterceptRequest(async (sdk2, req) => {
-    try {
-      const urlString = req.getUrl();
-      const url = new URL(urlString);
-      sdk2.console.log(`[OAuthPlugin] Intercepted request: ${urlString}`);
-      if (!url.pathname.includes("/authorize") && !url.pathname.includes("/auth")) return;
-      const params = new URLSearchParams(url.search);
-      const redirectUri = params.get("redirect_uri");
-      if (!redirectUri) return;
-      const reqId = req.getId();
-      requestMap.set(reqId, redirectUri);
-      const clientId = params.get("client_id") ?? "(missing)";
-      const responseType = params.get("response_type") ?? "(missing)";
-      const isScan = params.has("scan");
-      if (isScan) return;
-      const output = {
-        original_url: urlString,
-        client_id: clientId,
-        redirect_uri: redirectUri,
-        response_type: responseType
-      };
-      try {
-        const filePath = path.join(os.tmpdir(), "oauth-fuzz-input.json");
-        await fs.writeFile(filePath, JSON.stringify(output, null, 2));
-      } catch (err) {
-        await sdk2.findings.create({
-          title: "[fs] Write Failed",
-          description: `Could not write to file: ${err}`,
-          request: req,
-          reporter: "oauth-open-redirect-detector"
-        });
-      }
-      await sdk2.findings.create({
-        title: "[ ] OAuth2 Authorization Request Collected",
-        description: `client_id: ${clientId}
-redirect_uri: ${redirectUri}
-response_type: ${responseType}`,
-        request: req,
-        reporter: "oauth-open-redirect-detector"
-      });
-    } catch (err) {
-      sdk2.console.error(`Error in onInterceptRequest: ${err}`);
-    }
-  });
-  sdk.events.onInterceptResponse(async (sdk2, req, resp) => {
-    try {
-      const reqId = req.getId();
-      const url = new URL(req.getUrl());
-      const status = resp.getCode();
-      const location = resp.getHeader("location")?.[0];
-      const params = new URLSearchParams(url.search);
-      const isScan = params.has("scan");
-      if (!isScan) {
-        requestMap.delete(reqId);
-        return;
-      }
-      if (status >= 300 && status < 400 && location) {
-        const redirectUri = requestMap.get(reqId) ?? "(unknown)";
-        await sdk2.findings.create({
-          title: "[+] Redirect URI Misconfiguration Detected",
-          description: `Status: ${status}
-Location: ${location}
-Original Redirect URI: ${redirectUri}
-Request URL: ${url.href}`,
-          request: req,
-          reporter: "oauth-open-redirect-detector"
-        });
-      }
-      requestMap.delete(reqId);
-    } catch (err) {
-      sdk2.console.error(`Error in onInterceptResponse: ${err}`);
-    }
-  });
-}
-export {
-  init
-};