nonceCheck 수정2

2025-05-31 14:39:20 +09:00 · 2025-05-31 14:39:20 +09:00 · 252400a911
commit 252400a911
parent cc81947bd8
3 changed files with 14 additions and 12 deletions
--- a/dist/plugin_package.zip
+++ b/dist/plugin_package.zip
--- a/packages/backend/src/controller/nonceCheck.ts
+++ b/packages/backend/src/controller/nonceCheck.ts
@ -1,4 +1,4 @@
-import type { Request } from "caido:utils";
+import type { Request, Response } from "caido:utils";
 import { TokenLeakCheck } from "./tokenLeakCheck";

 export class NonceCheckController{
@ -6,8 +6,8 @@ export class NonceCheckController{
     * 응답이 OIDC(OpenID Connect) 플로우인지 확인하는 메서드
     */
    
-    public static isOidcFlow(req: Request): boolean {
-        if(TokenLeakCheck.extractIdToken(req)) {
+    public static isOidcFlow(req: Request, res:Response): boolean {
+        if(TokenLeakCheck.extractIdToken(req, res)) {
            return true;
        }
        return false;
@ -15,10 +15,10 @@ export class NonceCheckController{

  
    public static isNonceCheckRequest(req: Request): boolean {
-        const id_token = decodeIdToken(req);
+        const id_token = TokenLeakCheck.decodeIdToken(req);

        // 1. nonce 파라미터가 포함된 요청인지 확인
-        if (id_token.includes("nonce=")) {
+        if (id_token && id_token.includes("nonce=")) {
            return true;
        }

@ -26,8 +26,4 @@ export class NonceCheckController{
    }
 }

-function decodeIdToken(req: Request): string {
-    // Implement actual decoding logic here. For now, return an empty string or mock value.
-    return "";
-}

--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@ -1,5 +1,5 @@
 import type { SDK, DefineAPI } from "caido:plugin";
-import type { Request } from "caido:utils";
+import type { Request, Response } from "caido:utils";
 import { ImplicitGrantController } from "./controller/implictGrant";
 import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
 import { NonceCheckController } from "./controller/nonceCheck";
@ -8,6 +8,7 @@ export type API = DefineAPI<{}>;

 const implicitGrantController = new ImplicitGrantController();
 const authZCodeGrantController = new AuthZCodeGrantController();
+const nonceCheckController = new NonceCheckController();

 // function matchSSORequest(req: Request): boolean {
 //   const raw = req.getRaw().toString();
@ -28,7 +29,8 @@ const authZCodeGrantController = new AuthZCodeGrantController();
 // }

 export function init(sdk: SDK<API>) {
-  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+  // 요청 이벤트
+  sdk.events.onInterceptRequest(async (sdk, req) => {
    const result =
      authZCodeGrantController.testReq(req) ||
      implicitGrantController.testReq(req);
@ -41,8 +43,12 @@ export function init(sdk: SDK<API>) {
        reporter: "",
      });
    }
+  });

-    if(NonceCheckController.isOidcFlow(req)) {
+  // 응답 이벤트
+  sdk.events.onInterceptResponse(async (sdk, req, res) => {
+
+    if (NonceCheckController.isOidcFlow(req, res)) {
      await sdk.findings.create({
        title: "OIDC Flow Detected",
        description: "The request appears to be part of an OIDC flow.",