From ef1d8f40b35b2e397c55a4a0ee556b3f6e1dc989 Mon Sep 17 00:00:00 2001 From: "tv0924@icloud.com" Date: Wed, 28 May 2025 16:49:48 +0900 Subject: [PATCH] [Update] feature --- dist/plugin_package.zip | Bin 11096 -> 15097 bytes packages/backend/src/controller/csrfCheck.ts | 11 +- packages/backend/src/index.ts | 15 +- packages/backend/src/utils/http.ts | 49 ++- playground/csrf/index.js | 65 ++++ playground/csrf/package-lock.json | 351 +++++++++++++++++++ playground/csrf/package.json | 9 +- 7 files changed, 464 insertions(+), 36 deletions(-) diff --git a/dist/plugin_package.zip b/dist/plugin_package.zip index a321b3b7a1ce78282a403d57a664b8d3f0a1ed8b..b24f0ab51b884d0bd98f2c5fc67f6a3aa4974095 100644 GIT binary patch delta 4264 zcmcZ+_Op~Hz?+$civa}I+D_zAVOndu(MXrEJ~YTv;q{a$Z}v`kJ!PfB+u1D&Z`yiZ zui5ct-h|f+=P111-0*hhjJH!~yzZK!@OJu|x4nB5-cDWdreg+|f`WpUf>ka(~-B4$|o-hYV zD@dn4mx4k{YI1%`s$*V?Pkwo7kp|c)nhMn*_bHSVRYF+`3J^P>%0q)Zo%3@G@&ocx z^Gcw4^h)xK4qte2CTmtK;gV5eZ9pr!^9i#CW=utzYhAiBZf2l5V|f`S5)*^>+S zG$zOK@zjGH1h-Pr7Gf!~n-oyu4`d3CSOiBR%qVa$LKG_~pvNCX9Gnys^Wctx#5F{& z7VK^iyLR(LzK`OZiRFozB?`qU*^}?6D|03n7o{nbmFDD4meuf)E=?^i(MwM)@l7qs z$WPJGtW{8{E=nx~2~V!k(9qF=8&;HBkY7}iT4bf51U3T3SAwdj)ttOWO=EJbICp)3 zx3jBrMrv}lUP&=mW-dsdLbXC#YDsd2jzSQ`bcMuX1viigj9;seR+OKspp=}LnUZgn zQBqQ%WX)BUSfl_qO~FaSpC`E%@;gVmTmtK^Zk_z@* ztb$*Di9(`+yK4x@3Q&;gDFkO{7H||~=B4W?X}!<1<~=z8HqWdWSa_B zh$<8h@rA8YEW%@osFvxamZjDgRcdH}%Q{U3TRVlq($u0#z0ADioYIukVyFaCUMo(? zCL#bpaR>4fIF1y+rl*#q78NVxW)>HN0s$Nz;NW0}h6glqN{ez3F%w#p11qjTfnK7J zS?phsn&;`FV2kchrQ+oLf>hi5g4Dds6eUfCni>ohnJMul`Pr#?O3-`+F%l9=zKQjq z!VqR`E~seK(8nI28qslTv09q?D8|5J!WX0!?mnyr*`k>MN^*+zFo%HLQB$L!h-xCK zNf6cP3i(9}5c9Fb03Ifz8iQ4s;Gz~H4UWTT!&qnxgW?Aw0oG@0tDsbnlbD%DQn}!ioE@ux8Y|Eos*qW% zpbj=r9a2t!^93YUFd`+Hm`H&X+DPW&jS~#jpeP9gm20pxlUb}#oLZt#k`Hqy!DvW< zm5AUPCABCqDKjUtq!K+g;L1`0LFEoS+Z3f1v;G45((WucM%(q^XBPu`Lc& z(e`SwD)kV(kdhHn5Fp$V3NC{Zz!e^-f&dpodc_4fnI#%ZR{Hu%n$ZTawO0E2a1|c; z#U&b=wN`L}fczqm0D_-blA)nlYp+rbv8FyTB^Bc5+60IrkQ;Om2Spd97W)@vrf23Q z=78$4Vt6%^602aV0LiNXMftgz#i@FUIXN29&>B|(Ql)C-rIw>qr5dG0IXVi}pjfTX z$WO6S09S4bwVIlU+8kUNW9o#s8sz9uxEZKMK<$R*83hHXCzA40DiOW_@j%|F2UnK_ z{ect$dL^k9B^pRBElNcS5U4B;M--PNmXsE|7M6muJ;=~{Xt?S@q`*x_R0AOrkhp<) z29$k0^PKWaG8AkTKwg1)3{hb!fz;S4X@Z)NAQd3bLi~!NramRr7Lmh21q{SKh#S?^ zz$FF5Dn!W-b4E#KNlvPQEuuCAmCw#Wo*|yjjy_n*XoMR;SvUYxbk&1G6H+Q5X+$rr zv1kPAgM|vrK}D%)sYR)I$>@#(HP(u)^z|XNvR+N8 z`9%tFxDmcc2DP^p(h@UsP<#S%TX0EHW?nkjz}f_;tq{v##@c|)#n;Y-Gy)K|!NLsO z$`zCrpX?|uGx>^|mISE5UXYy(X(5BUVX2S?#N@AP_N?G+JK02CkwXDmtW8c=S4xG& zASC|ay7gd3@NuG9)hzk*9aAu}(tgsaw?E5MtbBkuT%T^1G$3?K{{ zG2mceU|4IrnO$=RBhy;j$qThi_}1F)i9#rx{8-Dt6(pn?8q^!h$iM)?yr6*wIG$s{ jz>u4mmzf6YE@c(x=LLAPvVmlo8JHQ?GcYiiSb=x|DY}2~ delta 557 zcmexadLxV{z?+$civa{)YfR)(VS25x(MXqZ^IoPBM%JRla_`j1j9j9VQ~5K&=RG-IM2E8^ zu_!&YL{p)9avZ+_YidbpQQqX~{BpjEwzdjo`I#vS1`29w3T25orK!;dv3fbFdFdq? z3U&$x3ifbO1uKQT(wrP?E(Iv4g|mtvCcfp@*nC3ZmAE8?uTYd)T$)n?(NL?9np2!Q z`J9~e, {}>, request: Request, response: Response - ): Promise { + ): Promise { let result = ``; // 쿼리에 state 파라미터가 없으면 CSRF 위험 @@ -170,9 +170,12 @@ export class CsrfCheck { // } if (result) { - return result; // CSRF risk detected - } else { - return 0; // No CSRF risk detected + await sdk.findings.create({ + title: "csrf vuln", + description: `SSO-related parameters detected in response:\n\n${request.getMethod()} ${request.getUrl()} : ${result}`, + request, + reporter: "csrf reporter", + }); } } } diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 3d76481..dc44468 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -25,20 +25,7 @@ export function init(sdk: SDK) { sdk.events.onInterceptResponse( async (sdk: SDK, {}>, req: Request, resp: Response) => { - const funcList: Promise[] = [ - csrfCheck.checker(sdk, req, resp), - ]; - - let result = await Promise.all(funcList); - if (result) { - await sdk.findings.create({ - title: "Possible SSO Response Detected", - description: `SSO-related parameters detected in response:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, - request: req, - reporter: "", - }); - } - + await csrfCheck.checker(sdk, req, resp); await pkceCheck.test(sdk, req); } ); diff --git a/packages/backend/src/utils/http.ts b/packages/backend/src/utils/http.ts index 91a6527..56a6fe1 100644 --- a/packages/backend/src/utils/http.ts +++ b/packages/backend/src/utils/http.ts @@ -11,6 +11,19 @@ export class HttpUtils { return instance; } + /** + * URI 디코딩 후 소문자로 변환하는 헬퍼 함수 + * @param value - 디코딩하고 소문자로 변환할 문자열 + * @returns 디코딩 및 소문자 변환된 문자열 + */ + decodeAndLower(value: string): string { + try { + return decodeURIComponent(value).toLowerCase(); + } catch { + return value.toLowerCase(); + } + } + /** * 헤더 객체의 키와 값을 전부 소문자로 변환합니다. * @param headers - Record 형태의 헤더 맵 @@ -22,14 +35,12 @@ export class HttpUtils { const result: Record = {}; for (const [rawKey, rawValue] of Object.entries(headers)) { - const key = rawKey.toLowerCase(); + const key = this.decodeAndLower(rawKey); if (Array.isArray(rawValue)) { - // 배열이면 각 요소를 소문자로 - result[key] = rawValue.map((v) => v.toLowerCase()); + result[key] = rawValue.map((v) => this.decodeAndLower(v)); } else { - // 단일 문자열이면 바로 소문자로 - result[key] = rawValue.toLowerCase(); + result[key] = this.decodeAndLower(rawValue); } } @@ -107,23 +118,29 @@ export class HttpUtils { headers: Record, name: string ): string | null { - headers = this.lowerCaseAllHeaders(headers); + const normalized = this.lowerCaseAllHeaders(headers); const target = name.toLowerCase(); - for (const [key, value] of Object.entries(headers)) { - if (key.toLowerCase() === target) { + for (const [key, value] of Object.entries(normalized)) { + if (key === target) { + let rawValue: string | null = null; + if (Array.isArray(value)) { - // 배열 형태일 때 첫 번째 요소가 비어있을 수도 있으니 안전하게 처리 - return value.length > 0 && - value[0] !== undefined && - value[0].length > 0 - ? value[0] - : null; + rawValue = value.length > 0 && value[0] ? value[0] : null; + } else { + rawValue = value.length > 0 ? value : null; + } + + if (rawValue !== null) { + try { + return decodeURIComponent(rawValue); + } catch { + return rawValue; + } } - // 문자열일 때 - return value.length > 0 ? value : null; } } + return null; } diff --git a/playground/csrf/index.js b/playground/csrf/index.js index e69de29..5c7a733 100644 --- a/playground/csrf/index.js +++ b/playground/csrf/index.js @@ -0,0 +1,65 @@ +// app.js +const express = require("express"); +const app = express(); +const port = 8000; + +// 콜백 엔드포인트 (정상 동작 시뮬레이션) +app.get("/callback", (req, res) => { + res.send(` +

Callback Received

+

Query Params:

+ 
${JSON.stringify(req.query, null, 2)}
+ `); +}); + +/** + * 1) state 파라미터를 무시하는 취약한 /authorize 엔드포인트 + * - 클라이언트가 state를 보내도 무시 + * - 리디렉트 시 state를 포함하지 않음 + */ +app.get("/authorize/no-state", (req, res) => { + const clientId = req.query.client_id || "unknown-client"; + const redirectUri = encodeURIComponent( + req.query.redirect_uri || `http://localhost:${port}/callback` + ); + const code = "authcode-12345"; + + // state를 전혀 포함하지 않은 채로 리디렉트 + const location = `${redirectUri}?code=${code}&client_id=${clientId}`; + res.set("Location", location); + res.status(302).send(`Redirecting to ${location}`); +}); + +/** + * 2) 클라이언트가 보낸 state와 다른 값을 넣는 취약한 /authorize 엔드포인트 + * - 클라이언트가 보낸 state를 로그로 확인만 하고, + * 응답 Location에는 'wrong-state'를 삽입 + */ +app.get("/authorize/mismatch-state", (req, res) => { + const clientId = req.query.client_id || "unknown-client"; + const originalState = req.query.state; + const redirectUri = encodeURIComponent( + req.query.redirect_uri || `http://localhost:${port}/callback` + ); + const code = "authcode-67890"; + + console.log(`[VULN] original state from client:`, originalState); + + // 클라이언트 state와 다르게 'wrong-state'를 삽입 + const wrongState = "wrong-state"; + const location = `${redirectUri}?code=${code}&state=${wrongState}&client_id=${clientId}`; + res.set("Location", location); + res.status(302).send(`Redirecting to ${location}`); +}); + +app.listen(port, () => { + console.log( + `Vulnerable OAuth test server listening at http://localhost:${port}` + ); + console.log( + `1) No-State: http://localhost:${port}/authorize/no-state?client_id=abc&redirect_uri=http://localhost:${port}/callback` + ); + console.log( + `2) Mismatch-State: http://localhost:${port}/authorize/mismatch-state?client_id=abc&state=xyz&redirect_uri=http://localhost:${port}/callback` + ); +}); diff --git a/playground/csrf/package-lock.json b/playground/csrf/package-lock.json index c676398..f924d15 100644 --- a/playground/csrf/package-lock.json +++ b/playground/csrf/package-lock.json @@ -10,6 +10,9 @@ "license": "ISC", "dependencies": { "express": "^5.1.0" + }, + "devDependencies": { + "nodemon": "^3.1.10" } }, "node_modules/accepts": { @@ -25,6 +28,40 @@ "node": ">= 0.6" } }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dev": true, + "license": "ISC", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/body-parser": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz", @@ -45,6 +82,30 @@ "node": ">=18" } }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dev": true, + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/bytes": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", @@ -83,6 +144,38 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dev": true, + "license": "MIT", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true, + "license": "MIT" + }, "node_modules/content-disposition": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.0.tgz", @@ -264,6 +357,19 @@ "url": "https://opencollective.com/express" } }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dev": true, + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/finalhandler": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.0.tgz", @@ -299,6 +405,21 @@ "node": ">= 0.8" } }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/function-bind": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", @@ -345,6 +466,19 @@ "node": ">= 0.4" } }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/gopd": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", @@ -357,6 +491,16 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, "node_modules/has-symbols": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", @@ -409,6 +553,13 @@ "node": ">=0.10.0" } }, + "node_modules/ignore-by-default": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/ignore-by-default/-/ignore-by-default-1.0.1.tgz", + "integrity": "sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==", + "dev": true, + "license": "ISC" + }, "node_modules/inherits": { "version": "2.0.4", "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", @@ -424,6 +575,52 @@ "node": ">= 0.10" } }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "license": "MIT", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, "node_modules/is-promise": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", @@ -481,6 +678,19 @@ "node": ">= 0.6" } }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, "node_modules/ms": { "version": "2.1.3", "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", @@ -496,6 +706,45 @@ "node": ">= 0.6" } }, + "node_modules/nodemon": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.10.tgz", + "integrity": "sha512-WDjw3pJ0/0jMFmyNDp3gvY2YizjLmmOUQo6DEBY+JgdvW/yQ9mEeSw6H5ythl5Ny2ytb7f9C2nIbjSxMNzbJXw==", + "dev": true, + "license": "MIT", + "dependencies": { + "chokidar": "^3.5.2", + "debug": "^4", + "ignore-by-default": "^1.0.1", + "minimatch": "^3.1.2", + "pstree.remy": "^1.1.8", + "semver": "^7.5.3", + "simple-update-notifier": "^2.0.0", + "supports-color": "^5.5.0", + "touch": "^3.1.0", + "undefsafe": "^2.0.5" + }, + "bin": { + "nodemon": "bin/nodemon.js" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/nodemon" + } + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/object-inspect": { "version": "1.13.4", "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", @@ -547,6 +796,19 @@ "node": ">=16" } }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, "node_modules/proxy-addr": { "version": "2.0.7", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", @@ -560,6 +822,13 @@ "node": ">= 0.10" } }, + "node_modules/pstree.remy": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz", + "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==", + "dev": true, + "license": "MIT" + }, "node_modules/qs": { "version": "6.14.0", "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", @@ -599,6 +868,19 @@ "node": ">= 0.8" } }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "license": "MIT", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, "node_modules/router": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", @@ -641,6 +923,19 @@ "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", "license": "MIT" }, + "node_modules/semver": { + "version": "7.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", + "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/send": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/send/-/send-1.2.0.tgz", @@ -756,6 +1051,19 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/simple-update-notifier": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz", + "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==", + "dev": true, + "license": "MIT", + "dependencies": { + "semver": "^7.5.3" + }, + "engines": { + "node": ">=10" + } + }, "node_modules/statuses": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", @@ -765,6 +1073,32 @@ "node": ">= 0.8" } }, + "node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, "node_modules/toidentifier": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", @@ -774,6 +1108,16 @@ "node": ">=0.6" } }, + "node_modules/touch": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/touch/-/touch-3.1.1.tgz", + "integrity": "sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==", + "dev": true, + "license": "ISC", + "bin": { + "nodetouch": "bin/nodetouch.js" + } + }, "node_modules/type-is": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", @@ -788,6 +1132,13 @@ "node": ">= 0.6" } }, + "node_modules/undefsafe": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz", + "integrity": "sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==", + "dev": true, + "license": "MIT" + }, "node_modules/unpipe": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", diff --git a/playground/csrf/package.json b/playground/csrf/package.json index b1dd086..9c6b2a7 100644 --- a/playground/csrf/package.json +++ b/playground/csrf/package.json @@ -3,12 +3,17 @@ "version": "1.0.0", "main": "index.js", "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" + "test": "echo \"Error: no test specified\" && exit 1", + "start": "nodemon index.js" }, "author": "", "license": "ISC", - "description": "", "dependencies": { "express": "^5.1.0" + }, + "keywords": [], + "description": "", + "devDependencies": { + "nodemon": "^3.1.10" } }