Temp

2025-06-05 21:49:59 +09:00 · 2025-06-05 21:49:59 +09:00 · 1e79dcabaa
commit 1e79dcabaa
parent 143b308e77
4 changed files with 33 additions and 1 deletions
--- a/packages/backend/src/controller/PKCECheck.ts
+++ b/packages/backend/src/controller/PKCECheck.ts
@ -135,6 +135,6 @@ export class PKCECheck {
      request: req,
      reporter: "PKCE Checker",
    });
-    sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker");
+    await sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker");
  }
 }
--- a/packages/backend/src/controller/accessTokenDetector.ts
+++ b/packages/backend/src/controller/accessTokenDetector.ts
@ -1,5 +1,6 @@
 import type { Request, Response } from "caido:utils";
 import type { SDK, DefineAPI } from "caido:plugin";
+import { sendReport } from "../utils/controlTower";

 // 토큰 누출 검사 결과를 담는 구조
 export interface TokenLeakResult {
@ -21,6 +22,13 @@ export class AccessTokenLeakController {
        request,
        reporter: "AccessTokenLeak",
      });
+      await sendReport(
+        sdk,
+        result.title,
+        result.description,
+        request,
+        "AccessTokenLeak"
+      );
    }
  }

@ -33,6 +41,13 @@ export class AccessTokenLeakController {
        request,
        reporter: "AccessTokenLeak",
      });
+      await sendReport(
+        sdk,
+        result.title,
+        result.description,
+        request,
+        "AccessTokenLeak"
+      );
    }
  }

--- a/packages/backend/src/controller/csrfCheck.ts
+++ b/packages/backend/src/controller/csrfCheck.ts
@ -1,6 +1,7 @@
 import type { Request, Response } from "caido:utils";
 import type { SDK, DefineAPI } from "caido:plugin";
 import { HttpUtils } from "../utils/http";
+import { sendReport } from "../utils/controlTower";

 const httpUtils = new HttpUtils();

@ -269,6 +270,14 @@ export class CsrfCheck {
          request,
          reporter: "csrf reporter",
        });
+        await sendReport(
+          sdk,
+          "CSRF Vulnerability Detected",
+          `A CSRF vulnerability was detected in the request.\n\nRequest: ${request.getMethod()} ${request.getUrl()}\n\nDetails: ${result}`,
+          request,
+          "csrf reporter"
+        );
+
      }
    } catch (error) {
      sdk.console.error(`Error creating finding: ${error}`);
--- a/packages/backend/src/controller/redirect_uriBypass.ts
+++ b/packages/backend/src/controller/redirect_uriBypass.ts
@ -1,5 +1,6 @@
 import type { Request, Response } from "caido:utils";
 import type { SDK } from "caido:plugin";
+import { sendReport } from "../utils/controlTower";

 export class RedirectBypassController {
  // redirect_uri를 확인하는 함수
@ -54,6 +55,13 @@ export class RedirectBypassController {
        request: req,
        reporter: "gyu",
      });
+      await sendReport(
+        sdk,
+        "Redirect URI Bypass Detected",
+        `A redirect URI bypass was detected.\nRedirect URI: ${result.redirectUri}`,
+        req,
+        "gyu"
+      );
    }
  }
 }