Merge pull request #10 from whs-authz-authn-project/sujin

nonceCheck 수정

packages/backend/src/controller/nonceCheck.ts

@@ -1,4 +1,4 @@
-import type { Request } from "caido:utils";
+import type { Request, Response } from "caido:utils";
 import { TokenLeakCheck } from "./tokenLeakCheck";
 
 export class NonceCheckController{
@@ -6,8 +6,8 @@ export class NonceCheckController{
      * 응답이 OIDC(OpenID Connect) 플로우인지 확인하는 메서드
      */
     
-    public static isOidcFlow(req: Request): boolean {
+    public static isOidcFlow(req: Request, res:Response): boolean {
-        if(TokenLeakCheck.extractIdToken(req)) {
+        if(TokenLeakCheck.extractIdToken(req, res)) {
             return true;
         }
         return false;
@@ -15,10 +15,10 @@ export class NonceCheckController{
 
   
     public static isNonceCheckRequest(req: Request): boolean {
-        const id_token = decodeIdToken(req);
+        const id_token = TokenLeakCheck.decodeIdToken(req);
 
         // 1. nonce 파라미터가 포함된 요청인지 확인
-        if (id_token.includes("nonce=")) {
+        if (id_token && id_token.includes("nonce=")) {
             return true;
         }
 
@@ -26,8 +26,4 @@ export class NonceCheckController{
     }
 }
 
-function decodeIdToken(req: Request): string {
-    // Implement actual decoding logic here. For now, return an empty string or mock value.
-    return "";
-}
 

packages/backend/src/controller/tokenLeakCheck.ts

@@ -1,8 +1,8 @@
-import type { Request } from "caido:utils";
+import type { Request,Response } from "caido:utils";
 import jwt from "jsonwebtoken";
 
 export class TokenLeakCheck {
-  public static extractIdToken(req: Request): string | null {
+  public static extractIdToken(req: Request, res?: Response): string | null {
     // 1. Authorization 헤더 확인\\
     const header = req.getHeaders() as Record<string, string | string[] | undefined>;
     const authHeader = header["authorization"] || header["Authorization"];
@@ -16,19 +16,21 @@ export class TokenLeakCheck {
       return (query as Record<string, any>).id_token;
     }
 
-    // 3. POST 바디 안에 id_token이 있을 경우
+    // 3. response 안에 id_token이 있을 경우
-    const rawBody = req.getRaw();
+    if (res) {
+      const rawBody = res.getRaw();
       const body = rawBody ? rawBody.toString() : "";
       const match = body.match(/id_token=([^&\s]+)/);
       if (match && typeof match[1] === "string" ) {
         return decodeURIComponent(match[1]);
       }
+    }
 
     return null;
   }
 
-  public static decodeIdToken(req: Request): Record<string, any> | null {
+  public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null {
-    const token = this.extractIdToken(req);
+    const token = this.extractIdToken(req, res);
     if (!token) return null;
 
     const decoded = jwt.decode(token, { complete: true });

packages/backend/src/index.ts

@@ -6,6 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";
 import { AccessTokenLeakController } from "./controller/accessTokenDetector";
 import { ScopeDetection } from "./controller/scopeDetection";
+import { NonceCheckController } from "./controller/nonceCheck";
 
 export type API = DefineAPI<{}>;
 
@@ -15,42 +16,42 @@ const csrfCheck = new CsrfCheck();
 const pkceCheckController = new PKCECheck();
 const tokenCheck = new AccessTokenLeakController();
 const ScopeDetectionController = new ScopeDetection();
+const nonceCheckController = new NonceCheckController();
 
 export function init(sdk: SDK<API>) {
-  // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+  sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
-  //   const result = csrfCheck.checker(req);
+    await csrfCheck.checker(sdk, req, res);
-
-  //   if (result) {
-  //     await sdk.findings.create({
-  //       title: "Possible SSO Request Detected",
-  //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
-  //       request: req,
-  //       reporter: "",
-  //     });
-  //   }
-  // });
-
-  sdk.events.onInterceptResponse(
-    async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
-      await csrfCheck.checker(sdk, req, resp);
     await pkceCheckController.test(sdk, req);
     await tokenCheck.testReq(sdk, req);
-      await tokenCheck.testResp(sdk, resp, req);
+    await tokenCheck.testResp(sdk, res, req);
     await ScopeDetectionController.scan(sdk, req.getUrl());
-      // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
-      //   const result =
-      //     authZCodeGrantController.testReq(req) ||
-      //     implicitGrantController.testReq(req);
 
-      //   if (result) {
+    if (NonceCheckController.isOidcFlow(req, res)) {
-      //     await pkceCheckController.test(sdk, req);
+      await sdk.findings.create({
+        title: "OIDC Flow Detected",
+        description: "The request appears to be part of an OIDC flow.",
+        request: req,
+        reporter: "",
+      });
+    }
+  });
 
-      //     await sdk.findings.create({
+  /*
-      //       title: "Possible SSO Request Detected",
+  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
-      //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+    const result =
-      //       request: req,
+      authZCodeGrantController.testReq(req) ||
-      //       reporter: "",
+      implicitGrantController.testReq(req);
-      //     });
+
+    if (result) {
+      await pkceCheckController.test(sdk, req);
+
+      await sdk.findings.create({
+        title: "Possible SSO Request Detected",
+        description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+        request: req,
+        reporter: "",
+      });
     }
-  );
+  });
+  */
 }