caido-plugin-test/packages/backend/dist/index.js

// packages/backend/src/controller/implictGrant.ts
var ImplicitGrantController = class {
  isImplicitGrantReq(req) {
    const query = req.getQuery();
    if (query.includes("client_id=") && query.includes("response_type=token")) {
      return true;
    }
    return false;
  }
  isSendTokenToClient(req) {
    const path = req.getPath();
    const query = req.getQuery();
    if (query.includes("access_token=") && query.includes("state=") || path.includes("&access_token=") || /access_token=%/i.test(query)) {
      return true;
    }
    return false;
  }
  testReq(req) {
    if (this.isImplicitGrantReq(req)) {
      return "isImplicitGrantReq";
    }
    if (this.isSendTokenToClient(req)) {
      return "isSendTokenToClient";
    }
    return false;
  }
};

// packages/backend/src/controller/authZCodeGrant.ts
var AuthZCodeGrantController = class {
  constructor() {
  }
  isAuthZReq(req) {
    const query = req.getQuery();
    if (query.includes("client_id=") && query.includes("response_type=code")) {
      return true;
    }
    return false;
  }
  isSendCodeToClient(req) {
    const path = req.getPath();
    const query = req.getQuery();
    if (query.includes("code=") && query.includes("state=") || path.includes("&code=") || /code=%/i.test(query)) {
      return true;
    }
    return false;
  }
  testReq(req) {
    if (this.isAuthZReq(req)) {
      return "isAuthZReq";
    }
    if (this.isSendCodeToClient(req)) {
      return "isSendCodeToClient";
    }
    return false;
  }
  // isAccessTokenReq(req: Response) {
  // }
};

// packages/backend/src/index.ts
var implicitGrantController = new ImplicitGrantController();
var authZCodeGrantController = new AuthZCodeGrantController();
function init(sdk) {
  sdk.events.onInterceptRequest(async (sdk2, req) => {
    const result = authZCodeGrantController.testReq(req) || implicitGrantController.testReq(req);
    if (result) {
      await sdk2.findings.create({
        title: "Possible SSO Request Detected",
        description: `SSO-related parameters detected in request:

${req.getMethod()} ${req.getUrl()} : ${result}`,
        request: req,
        reporter: ""
      });
    }
  });
}
export {
  init
};