From 2601997ed5ed86cbbd8790df2c036cefa6fb30c0 Mon Sep 17 00:00:00 2001
From: imnyang <imnyang@proton.me>
Date: Sun, 25 May 2025 20:37:18 +0900
Subject: [PATCH] =?UTF-8?q?GitHub=20Actions,=20PKCE=20Downgrade=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80,=20PlayGround=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/main.yml             |  43 +++++++++++++++++++++++++
 .gitignore                             |   4 +--
 dist/plugin_package.zip                | Bin 7047 -> 0 bytes
 playground/.gitignore                  |  34 +++++++++++++++++++
 playground/README.md                   |  15 +++++++++
 playground/bun.lock                    |  25 ++++++++++++++
 playground/package.json                |  10 ++++++
 playground/src/PKCEDowngradeExpress.js |  31 ++++++++++++++++++
 playground/tsconfig.json               |  29 +++++++++++++++++
 9 files changed, 189 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/main.yml
 delete mode 100644 dist/plugin_package.zip
 create mode 100644 playground/.gitignore
 create mode 100644 playground/README.md
 create mode 100644 playground/bun.lock
 create mode 100644 playground/package.json
 create mode 100644 playground/src/PKCEDowngradeExpress.js
 create mode 100644 playground/tsconfig.json

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..30cddc7
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,43 @@
+name: Build and Upload Caido Plugin
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: |
+          bun install
+
+      - name: Build plugin
+        run: |
+          bun run build
+
+      - name: Archive built plugin
+        run: |
+          mkdir -p dist-artifact
+          cp -r dist/* dist-artifact/
+          # 만약 manifest.json도 포함되어야 한다면
+          cp manifest.json dist-artifact/
+
+      - name: Upload plugin artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: caido-plugin
+          path: dist-artifact
diff --git a/.gitignore b/.gitignore
index 029ef11..648628f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -215,10 +215,10 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
-!dist/
+#!dist/
 dist/*
 packages/frontend/dist
 packages/backend/dist
-!dist/*.zip
+#!dist/*.zip
 
 # End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
\ No newline at end of file
diff --git a/dist/plugin_package.zip b/dist/plugin_package.zip
deleted file mode 100644
index 34b70e1f07a90b3eacf3581195e7e40a421828dc..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 7047
zcmWIWW@h1H009TvolzhfhB+7*7?Ki`vs3d@^dYK1BIv3FkW^*nrKDEqWfkk|D-<Lq
zXD6no7VE=IC@xCYPtMOPDay~uNiEXP%q_^tOfGRRO3W+KD=FqGODt0G1dC-t1fAh(
z6>Jrfa}tY-6{@)u6f%oZR0X9LY80gwYJ%ky6q57vic1s<OH+#~6>JrXQVaFcQ%eFt
zTn$ZYE(HYzh0HVs4Y0gkW?phmX-aCbhEj4)W@=tZd}fNRlBR;18bm*md{Js~L4ICw
zYJ5p$L8@&@es*e}k|xYb1%;y2lG36)g_5GuREQn5V4I-AX^A<-U~!OWW^r(8UP=ha
zgphn^u(g=ZFGwuOK)602u_OcLc=EiLn4FwiTpSN}Hx3^bmn4>?g5+vy6hPJ^d0q`&
zdrggkK8l#Cex_bYYH<l9T*(U<kbbnd1jSTIMrN@djwr{703}R?O2`p{WFYofz-A(b
zN)#h8<G9wEi;IZlpIBOw5#^kpl8TZ698pAZ<N$CYC@M`Z$uH7?xEPYMz?#v*5UduG
zo)IaE%K0HVKP8o->;MV|`sD_Yb3rK`OFqY!3t-wnsUOUyeX2)^P)JOJN-$`eQ_3uc
zDL_e*XsH|{aIqN#O6152Q4ECIhf<E|>nmgyJA%s<aA5{bc2){O(4rDzi@v@>Ef<kF
zBEZ|()g`|?FTE%+CDl12H8~qpEo9~v<QJ7FR4b&VmLzBBC<LVzmZlb$C?pmuxPe4q
z{91*yqWoM1rR2oSlzgj<l9B=?YjB-{X)H>0l2}}sm#hFPeKd+wvUNaJ2E^$K(7Gfy
zwIm}y1(A7t!F=Ki<l>ZUJy0&p&q>wG$xqivh{kkLtOCSTD+QHmh<&vQ(CUgf?cf{@
z(haWJ;F>{60b-tlqOGlhlDlh&63llB3g|{FVRe~beu+Y&g1c)7C}==Iucr{4omo(j
znU}7o1a&053WTQ-1qD!<1gUKm!Hz<zQBbPeni>TR1*r8cD7PtTDqvFxl8R5xNX*Ge
z%}a;XUl_)rs)~n%h%IuFMO;vT(pqLwYKj6V1{DetixP8FOHzx96>>9+i$UQ*O2~lH
zM2SLaQ4S($g%;(YrmM_i|AN#!PZtGSND+<{hQ-PG1*x|A1*v(NDUiTH59Q1hNR1DR
zBy>MwPl%yGKA?0|T9gA%MZ{@@xfP@v#)caK@hl|ZeG^NPLCqV8dvifN4SnoUq!Asb
z7OSPH4^3teQ{d4}gh94wCV(=8BC<0;i3-&~Qu7C@%N6pA6i`K=$qkl96f*OmaY=e&
zfjB%Y5tL+7QbE>)26;N?=N9DWrRJ4rK%~K;5^Wf(U~jLWL|WW~Ohn`+sKY_=2{Ab=
z5s@Z90SOmXumu$^1v!bCc_bGvSnX8EELH#;M^ae>NglcRDVb@RsVU$h5uS01QVVht
zlT&deG;lgov)9)F1(_ZW#kM$9Mcb>zsz9_tTAL7uq`>O3lu&RcPf)3b_D8_^T(7tw
zC$mID$x2^eNi*6Yw$@5tAFje9zqmw0v(^eO5RhL45<u|5oq}3>m1-3K)+Rt)KwOrE
z*S0AN&}@(5W_a!`DXN5auV9rTxH9%H%1qD91E<Ek)N+*SSfjKkM@OMr0g^<lAT^Id
zEi@man1bX8TLlbrP#lEMM06ixugpO0oXos*g?yOPiy+MjJw2ql3=(}ssl`YhOe{~#
zEP=E^G*CPb_Y%4TuotgzBVkpX0;tVdS`5l%NH*$0MBy<&Y-J7eA0pV`wKi5Cq69vM
z9}%)7`Vyg00lPmD3NU>N34TZbxE7Xz(-&sYfXkes)M5;iAQ=ENz_7<ha7kiGX|X~o
z$R1D}AX$qP_z)*0<)>7_<Ih$B5?shGD@m;=fmPtJG!D{)aH9f}HiW1iHjSWy(K8Rp
zK9ET;E>c4Pq|O#r&ckd433}$iZBVdP0O^MFQ*i4iE*XQ&w*^&Yu#5x>JCGp4#Yn+N
zqM3-qi!c@LbR=Uzbr4c~fd+0+oq!O5Ye&@Xu%If*EXhe#uvLJySrqIQl%TCHx19WP
zNLvrCKSiM=Um*Zg(}ChlNx@1%$sg1UGg2U|7?v_&HW#I)r52^;C8OI8>bw+N>FYxp
zcY1lLCHln$smaAq0o}~>{4(8q&;Wvwu3@}^u7QzWMoDgta#32cUU6!2NoIbYp0S>x
zo;lcgFw;^JOA<?pK%;p@dYP#uX?poZ>G~=8$@(C@`bBBU=4Qrb(0(7Nmq}ctfm_1x
z2vbN&ElEu-Nlj5ya4t$sECCg@X_<K`ptdorLjy7!l662fKxK>dl0oWIH9#YLAQd1C
zju{>BP#TD<ppcSUoLrPy0P>)fLIMt}71HvH6jZ7~4Ol%cE~JRVTE%g31;Jtgl-S@=
zQk#HmF|?Mj0u`pH;-JoHYLS(Kk`mmVh*}QbEkcY8!umzE3dx{`uYyJ@B1MA2160z0
zdWxw<MfpV<=zdHF^@<hJ5;JpBQ;_@#a(Qq`QD$DcMye(}gFrf9$cBQtpV;d~zkEnK
z$BapMy@)vqfUjQ<83=|B>q3Tlu?_2j>U)&oT*QzUs2~N634_u(VxSBmuK;N+fHEI8
zX_)qc?BrB<A^?vnKsADr52^%6OIm3jI0GqU=4F<EMg$<y0}92|vedkiV!ix4&%Bb<
zqU6+q5>S5-H0%i(Ljb8Zf({_q+Cdvkp!h5SRf45CC7{9|$M_z2_!K&Z0`BSJ2r?9P
zkn#jn3Kpdnm*$i}oC?Y+ko<+|b+C3McS1~1fL3M2DcMGPxHBX;J6b6y1>_eOXC~#O
zDg+1n!-r#Bpc!8Ykv&jzYjCi?Zc%DZVo7QWa?cr7V1VipST5t@f;V#^!y+1*wF+<{
zaO1gF0hHz;-bT)<Fe6YiYEddiHiczUP$mJfYq?S@K#IW828w&os8xVBJ4aVQX2vlI
z1_ltuJqN<ez`&53n3tKBT3n)+Rh*v(D#w&EQ<SWrBT|s^8XP)Gd5O8HAPHyCP?Z9>
z`hZB3r4|)u=I4Rr4D<~23?QON;Ruom$SF<F%u@iBa!6W1xg@_x$qMX#1qHYr;U2*X
z!HH?93ZcacA*qSEpkk^P6h}%qnR(g8APo?10oYiOKs2}{19<?Hl%Sq~PU3)F1QyQD
z%me!lLjvYI42jgdlA_9j{LH)(kT;;x`jCPms~BN&QE6UDCM1Ni63Y@HMLx*gkg_wD
zs}>Y5nxR3xv5X81AROS$$RxsmdkzaSp9Pwy0<mB=!*s#sw2)&OrWT~0fk6$+3>Ug?
jWcPql14Ji?)RII?8v)*|Y#<3{24;r!3=9m1q(D3X{e-ks

diff --git a/playground/.gitignore b/playground/.gitignore
new file mode 100644
index 0000000..a14702c
--- /dev/null
+++ b/playground/.gitignore
@@ -0,0 +1,34 @@
+# dependencies (bun install)
+node_modules
+
+# output
+out
+dist
+*.tgz
+
+# code coverage
+coverage
+*.lcov
+
+# logs
+logs
+_.log
+report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# caches
+.eslintcache
+.cache
+*.tsbuildinfo
+
+# IntelliJ based IDEs
+.idea
+
+# Finder (MacOS) folder config
+.DS_Store
diff --git a/playground/README.md b/playground/README.md
new file mode 100644
index 0000000..4a3109f
--- /dev/null
+++ b/playground/README.md
@@ -0,0 +1,15 @@
+# playground
+
+To install dependencies:
+
+```bash
+bun install
+```
+
+To run:
+
+```bash
+bun run 
+```
+
+This project was created using `bun init` in bun v1.2.14. [Bun](https://bun.sh) is a fast all-in-one JavaScript runtime.
diff --git a/playground/bun.lock b/playground/bun.lock
new file mode 100644
index 0000000..0a70737
--- /dev/null
+++ b/playground/bun.lock
@@ -0,0 +1,25 @@
+{
+  "lockfileVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "playground",
+      "devDependencies": {
+        "@types/bun": "latest",
+      },
+      "peerDependencies": {
+        "typescript": "^5",
+      },
+    },
+  },
+  "packages": {
+    "@types/bun": ["@types/bun@1.2.14", "", { "dependencies": { "bun-types": "1.2.14" } }, "sha512-VsFZKs8oKHzI7zwvECiAJ5oSorWndIWEVhfbYqZd4HI/45kzW7PN2Rr5biAzvGvRuNmYLSANY+H59ubHq8xw7Q=="],
+
+    "@types/node": ["@types/node@22.15.21", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-EV/37Td6c+MgKAbkcLG6vqZ2zEYHD7bvSrzqqs2RIhbA6w3x+Dqz8MZM3sP6kGTeLrdoOgKZe+Xja7tUB2DNkQ=="],
+
+    "bun-types": ["bun-types@1.2.14", "", { "dependencies": { "@types/node": "*" } }, "sha512-Kuh4Ub28ucMRWeiUUWMHsT9Wcbr4H3kLIO72RZZElSDxSu7vpetRvxIUDUaW6QtaIeixIpm7OXtNnZPf82EzwA=="],
+
+    "typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="],
+
+    "undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
+  }
+}
diff --git a/playground/package.json b/playground/package.json
new file mode 100644
index 0000000..0bbbfb8
--- /dev/null
+++ b/playground/package.json
@@ -0,0 +1,10 @@
+{
+  "name": "playground",
+  "private": true,
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  }
+}
diff --git a/playground/src/PKCEDowngradeExpress.js b/playground/src/PKCEDowngradeExpress.js
new file mode 100644
index 0000000..61cf737
--- /dev/null
+++ b/playground/src/PKCEDowngradeExpress.js
@@ -0,0 +1,31 @@
+const express = require("express");
+const app = express();
+
+app.get("/auth", (req, res) => {
+  const {
+    client_id,
+    response_type,
+    code_challenge,
+    code_challenge_method,
+    scope
+  } = req.query;
+
+  console.log("Incoming request:", req.query);
+
+  if (!client_id || response_type !== "code") {
+    return res.status(400).send("Missing required parameters");
+  }
+
+  // Simulate issuing an authorization code
+  const code = "dummy-auth-code";
+
+  // Simulate PKCE check (normally you'd validate here)
+  // We deliberately allow the downgrade here to simulate the vulnerability
+  const responseBody = `Authorization successful. code=${code}`;
+  return res.status(200).send(responseBody);
+});
+
+const PORT = 5050;
+app.listen(PORT, () => {
+  console.log(`Test PKCE server running on http://localhost:${PORT}`);
+});
diff --git a/playground/tsconfig.json b/playground/tsconfig.json
new file mode 100644
index 0000000..bfa0fea
--- /dev/null
+++ b/playground/tsconfig.json
@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    // Environment setup & latest features
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleDetection": "force",
+    "jsx": "react-jsx",
+    "allowJs": true,
+
+    // Bundler mode
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+
+    // Best practices
+    "strict": true,
+    "skipLibCheck": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    // Some stricter flags (disabled by default)
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noPropertyAccessFromIndexSignature": false
+  }
+}