// packages/backend/src/controller/implictGrant.ts var ImplicitGrantController = class { isImplicitGrantReq(req) { const query = req.getQuery(); if (query.includes("client_id=") && query.includes("response_type=token")) { return true; } return false; } isSendTokenToClient(req) { const path = req.getPath(); const query = req.getQuery(); if (query.includes("access_token=") && query.includes("state=") || path.includes("&access_token=") || /access_token=%/i.test(query)) { return true; } return false; } testReq(req) { if (this.isImplicitGrantReq(req)) { return "isImplicitGrantReq"; } if (this.isSendTokenToClient(req)) { return "isSendTokenToClient"; } return false; } }; // packages/backend/src/controller/authZCodeGrant.ts var AuthZCodeGrantController = class { constructor() { } isAuthZReq(req) { const query = req.getQuery(); if (query.includes("client_id=") && query.includes("response_type=code")) { return true; } return false; } isSendCodeToClient(req) { const path = req.getPath(); const query = req.getQuery(); if (query.includes("code=") && query.includes("state=") || path.includes("&code=") || /code=%/i.test(query)) { return true; } return false; } testReq(req) { if (this.isAuthZReq(req)) { return "isAuthZReq"; } if (this.isSendCodeToClient(req)) { return "isSendCodeToClient"; } return false; } // isAccessTokenReq(req: Response) { // } }; // packages/backend/src/index.ts var implicitGrantController = new ImplicitGrantController(); var authZCodeGrantController = new AuthZCodeGrantController(); function init(sdk) { sdk.events.onInterceptRequest(async (sdk2, req) => { const result = authZCodeGrantController.testReq(req) || implicitGrantController.testReq(req); if (result) { await sdk2.findings.create({ title: "Possible SSO Request Detected", description: `SSO-related parameters detected in request: ${req.getMethod()} ${req.getUrl()} : ${result}`, request: req, reporter: "" }); } }); } export { init };