From 1e79dcabaab37c76023df1760c917483341f2cda Mon Sep 17 00:00:00 2001 From: imnyang Date: Thu, 5 Jun 2025 21:49:59 +0900 Subject: [PATCH] Temp --- packages/backend/src/controller/PKCECheck.ts | 2 +- .../backend/src/controller/accessTokenDetector.ts | 15 +++++++++++++++ packages/backend/src/controller/csrfCheck.ts | 9 +++++++++ .../backend/src/controller/redirect_uriBypass.ts | 8 ++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/controller/PKCECheck.ts b/packages/backend/src/controller/PKCECheck.ts index d7e0042..9f7bd40 100644 --- a/packages/backend/src/controller/PKCECheck.ts +++ b/packages/backend/src/controller/PKCECheck.ts @@ -135,6 +135,6 @@ export class PKCECheck { request: req, reporter: "PKCE Checker", }); - sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker"); + await sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker"); } } diff --git a/packages/backend/src/controller/accessTokenDetector.ts b/packages/backend/src/controller/accessTokenDetector.ts index c0570d0..c6834c5 100644 --- a/packages/backend/src/controller/accessTokenDetector.ts +++ b/packages/backend/src/controller/accessTokenDetector.ts @@ -1,5 +1,6 @@ import type { Request, Response } from "caido:utils"; import type { SDK, DefineAPI } from "caido:plugin"; +import { sendReport } from "../utils/controlTower"; // 토큰 누출 검사 결과를 담는 구조 export interface TokenLeakResult { @@ -21,6 +22,13 @@ export class AccessTokenLeakController { request, reporter: "AccessTokenLeak", }); + await sendReport( + sdk, + result.title, + result.description, + request, + "AccessTokenLeak" + ); } } @@ -33,6 +41,13 @@ export class AccessTokenLeakController { request, reporter: "AccessTokenLeak", }); + await sendReport( + sdk, + result.title, + result.description, + request, + "AccessTokenLeak" + ); } } diff --git a/packages/backend/src/controller/csrfCheck.ts b/packages/backend/src/controller/csrfCheck.ts index 8a6f723..bd96bdd 100644 --- a/packages/backend/src/controller/csrfCheck.ts +++ b/packages/backend/src/controller/csrfCheck.ts @@ -1,6 +1,7 @@ import type { Request, Response } from "caido:utils"; import type { SDK, DefineAPI } from "caido:plugin"; import { HttpUtils } from "../utils/http"; +import { sendReport } from "../utils/controlTower"; const httpUtils = new HttpUtils(); @@ -269,6 +270,14 @@ export class CsrfCheck { request, reporter: "csrf reporter", }); + await sendReport( + sdk, + "CSRF Vulnerability Detected", + `A CSRF vulnerability was detected in the request.\n\nRequest: ${request.getMethod()} ${request.getUrl()}\n\nDetails: ${result}`, + request, + "csrf reporter" + ); + } } catch (error) { sdk.console.error(`Error creating finding: ${error}`); diff --git a/packages/backend/src/controller/redirect_uriBypass.ts b/packages/backend/src/controller/redirect_uriBypass.ts index ce521cb..a9a9c57 100644 --- a/packages/backend/src/controller/redirect_uriBypass.ts +++ b/packages/backend/src/controller/redirect_uriBypass.ts @@ -1,5 +1,6 @@ import type { Request, Response } from "caido:utils"; import type { SDK } from "caido:plugin"; +import { sendReport } from "../utils/controlTower"; export class RedirectBypassController { // redirect_uri를 확인하는 함수 @@ -54,6 +55,13 @@ export class RedirectBypassController { request: req, reporter: "gyu", }); + await sendReport( + sdk, + "Redirect URI Bypass Detected", + `A redirect URI bypass was detected.\nRedirect URI: ${result.redirectUri}`, + req, + "gyu" + ); } } }