Add EvalSSO and FindSSO Workflows

[lauritzh]

This pull request adds two workflows:

• FindSSO: Highlights requests that are likely associated with SSO flows
• EvalSSO: Add findings for basic analysis results of OAuth/OIDC SSO flows (for now "no state", "implicit flow used" and "resource owner grant used")

---

Please ensure your pull request adheres to the following guidelines:

• Follow the same folder structure as other workflows (see template).
• Has a proper author name and workflow description.
• If using compiled code in JS Nodes, provide the source code for each.
• If using a 3rd party library, include its license as a comment in the source code.

Thanks for contributing!

[bebiksior]

Hey @lauritzh, good stuff!

File structure has changed a lot recently so I merged it via 35c52b4. Had to adjust things to fit our new setup with the manifest files, but the functionality is all there now.

Thanks a lot!

[lauritzh]

Hi @bebiksior,

Thank you very much for your efforts! :)

In the meantime, I did quite some adjustments for "my" unpublished version of the workflow. How is the intended process to update workflows? After testing, I would like to push some adjustments, I think. This is not urgent though, the initially submitted workflows do their jobs for now.

Thanks again and have a great weekend ahead,

Lauritz

[bebiksior]

👋 All workflows are located at https://github.com/caido-community/workflows/tree/main/packages/workflows/src.

EvalSSO dir: https://github.com/caido-community/workflows/tree/main/packages/workflows/src/evalsso
FindSSO dir: https://github.com/caido-community/workflows/tree/main/packages/workflows/src/findsso

You could just edit definition.json with your updated workflow and bump version in manifest.json to 0.0.2 and open a PR. For new workflows, there's a contributing guide in the README, it will be updated soon to be more clear