temp commit

2025-06-05 21:47:25 +09:00 · 2025-06-05 21:47:25 +09:00 · 0eca258096
commit 0eca258096
parent c722adbe9d
3 changed files with 35 additions and 7 deletions
--- a/packages/backend/src/controller/PKCECheck.ts
+++ b/packages/backend/src/controller/PKCECheck.ts
@ -1,5 +1,6 @@
 import type { SDK } from "caido:plugin";
 import { Body, RequestSpec, type Request } from "caido:utils";
+import { sendReport } from "../utils/controlTower";

 export class PKCECheck {
  // 필요한 PKCE 파라미터 목록
@ -79,13 +80,14 @@ export class PKCECheck {
          const reference = isOpenID
            ? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7"
            : "https://datatracker.ietf.org/doc/html/rfc7636";
-
-          await sdk.findings.create({
-            title,
-            description: `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`,
-            request: req,
-            reporter: "PKCE Checker",
-          });
+            await this.reportFinding(
+              sdk,
+              req,
+              url,
+              isOpenID,
+              title,
+              `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`
+            );

          return true;
        }
@ -133,5 +135,6 @@ export class PKCECheck {
      request: req,
      reporter: "PKCE Checker",
    });
+    sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker");
  }
 }
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@ -40,6 +40,7 @@ export function init(sdk: SDK<API>) {
  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
    await pkceCheckController.test(sdk, req);
  });
+  
  /*
  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
    const result =
--- a/packages/backend/src/utils/controlTower.ts
+++ b/packages/backend/src/utils/controlTower.ts
@ -0,0 +1,24 @@
+import type { SDK } from "caido:plugin";
+import { Body, RequestSpec, type Request } from "caido:utils";
+
+export async function sendReport(
+    sdk: SDK, 
+    title: string, 
+    description: string, 
+    request: Request, 
+    reporter: string
+) {
+    const spec = new RequestSpec("http://192.168.0.9:4020/report");
+    spec.setMethod("POST");
+    spec.setHeader("Content-Type", "application/json");
+    
+    const body = new Body(JSON.stringify({
+        title,
+        description,
+        request: request.toSpec(),
+        reporter
+    }));
+    spec.setBody(body);
+    
+    return await sdk.requests.send(spec);
+}