whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nonceCheck 수정2

Browse source
This commit is contained in:
sultanofdisco 2025-05-31 14:39:20 +09:00
commit 252400a911
3 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
dist/plugin_package.zip vendored
View file

Binary file not shown.

14
packages/backend/src/controller/nonceCheck.ts
View file

@ -1,4 +1,4 @@
import type { Request } from "caido:utils"; import type { Request, Response } from "caido:utils";
import { TokenLeakCheck } from "./tokenLeakCheck"; import { TokenLeakCheck } from "./tokenLeakCheck";
export class NonceCheckController{ export class NonceCheckController{
@ -6,8 +6,8 @@ export class NonceCheckController{
* OIDC(OpenID Connect) * OIDC(OpenID Connect)
*/ */
public static isOidcFlow(req: Request): boolean { public static isOidcFlow(req: Request, res:Response): boolean {
if(TokenLeakCheck.extractIdToken(req)) { if(TokenLeakCheck.extractIdToken(req, res)) {
return true; return true;
} }
return false; return false;
@ -15,10 +15,10 @@ export class NonceCheckController{
public static isNonceCheckRequest(req: Request): boolean { public static isNonceCheckRequest(req: Request): boolean {
const id_token = decodeIdToken(req); const id_token = TokenLeakCheck.decodeIdToken(req);
// 1. nonce 파라미터가 포함된 요청인지 확인 // 1. nonce 파라미터가 포함된 요청인지 확인
if (id_token.includes("nonce=")) { if (id_token && id_token.includes("nonce=")) {
return true; return true;
} }
@ -26,8 +26,4 @@ export class NonceCheckController{
} }
} }
function decodeIdToken(req: Request): string {
// Implement actual decoding logic here. For now, return an empty string or mock value.
return "";
}

12
packages/backend/src/index.ts
View file

@ -1,5 +1,5 @@
import type { SDK, DefineAPI } from "caido:plugin"; import type { SDK, DefineAPI } from "caido:plugin";
import type { Request } from "caido:utils"; import type { Request, Response } from "caido:utils";
import { ImplicitGrantController } from "./controller/implictGrant"; import { ImplicitGrantController } from "./controller/implictGrant";
import { AuthZCodeGrantController } from "./controller/authZCodeGrant"; import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { NonceCheckController } from "./controller/nonceCheck"; import { NonceCheckController } from "./controller/nonceCheck";
@ -8,6 +8,7 @@ export type API = DefineAPI<{}>;
const implicitGrantController = new ImplicitGrantController(); const implicitGrantController = new ImplicitGrantController();
const authZCodeGrantController = new AuthZCodeGrantController(); const authZCodeGrantController = new AuthZCodeGrantController();
const nonceCheckController = new NonceCheckController();
// function matchSSORequest(req: Request): boolean { // function matchSSORequest(req: Request): boolean {
// const raw = req.getRaw().toString(); // const raw = req.getRaw().toString();
@ -28,7 +29,8 @@ const authZCodeGrantController = new AuthZCodeGrantController();
// } // }
export function init(sdk: SDK<API>) { export function init(sdk: SDK<API>) {
sdk.events.onInterceptRequest(async (sdk, req: Request) => { // 요청 이벤트
sdk.events.onInterceptRequest(async (sdk, req) => {
const result = const result =
authZCodeGrantController.testReq(req) || authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req); implicitGrantController.testReq(req);
@ -41,8 +43,12 @@ export function init(sdk: SDK<API>) {
reporter: "", reporter: "",
}); });
} }
});
if(NonceCheckController.isOidcFlow(req)) { // 응답 이벤트
sdk.events.onInterceptResponse(async (sdk, req, res) => {
if (NonceCheckController.isOidcFlow(req, res)) {
await sdk.findings.create({ await sdk.findings.create({
title: "OIDC Flow Detected", title: "OIDC Flow Detected",
description: "The request appears to be part of an OIDC flow.", description: "The request appears to be part of an OIDC flow.",