whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #10 from whs-authz-authn-project/sujin

Browse source 
nonceCheck 수정
This commit is contained in:
sultanofdisco 2025-05-31 15:56:04 +09:00 committed by GitHub
commit 3a8fb9a401
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 49 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

14
packages/backend/src/controller/nonceCheck.ts
View file

@ -1,4 +1,4 @@
import type { Request } from "caido:utils"; import type { Request, Response } from "caido:utils";
import { TokenLeakCheck } from "./tokenLeakCheck"; import { TokenLeakCheck } from "./tokenLeakCheck";
export class NonceCheckController{ export class NonceCheckController{
@ -6,8 +6,8 @@ export class NonceCheckController{
* OIDC(OpenID Connect) * OIDC(OpenID Connect)
*/ */
public static isOidcFlow(req: Request): boolean { public static isOidcFlow(req: Request, res:Response): boolean {
if(TokenLeakCheck.extractIdToken(req)) { if(TokenLeakCheck.extractIdToken(req, res)) {
return true; return true;
} }
return false; return false;
@ -15,10 +15,10 @@ export class NonceCheckController{
public static isNonceCheckRequest(req: Request): boolean { public static isNonceCheckRequest(req: Request): boolean {
const id_token = decodeIdToken(req); const id_token = TokenLeakCheck.decodeIdToken(req);
// 1. nonce 파라미터가 포함된 요청인지 확인 // 1. nonce 파라미터가 포함된 요청인지 확인
if (id_token.includes("nonce=")) { if (id_token && id_token.includes("nonce=")) {
return true; return true;
} }
@ -26,8 +26,4 @@ export class NonceCheckController{
} }
} }
function decodeIdToken(req: Request): string {
// Implement actual decoding logic here. For now, return an empty string or mock value.
return "";
}

22
packages/backend/src/controller/tokenLeakCheck.ts
View file

@ -1,8 +1,8 @@
import type { Request } from "caido:utils"; import type { Request,Response } from "caido:utils";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
export class TokenLeakCheck { export class TokenLeakCheck {
public static extractIdToken(req: Request): string | null { public static extractIdToken(req: Request, res?: Response): string | null {
// 1. Authorization 헤더 확인\\ // 1. Authorization 헤더 확인\\
const header = req.getHeaders() as Record<string, string | string[] | undefined>; const header = req.getHeaders() as Record<string, string | string[] | undefined>;
const authHeader = header["authorization"] || header["Authorization"]; const authHeader = header["authorization"] || header["Authorization"];
@ -16,19 +16,21 @@ export class TokenLeakCheck {
return (query as Record<string, any>).id_token; return (query as Record<string, any>).id_token;
} }
// 3. POST 바디 안에 id_token이 있을 경우 // 3. response 안에 id_token이 있을 경우
const rawBody = req.getRaw(); if (res) {
const body = rawBody ? rawBody.toString() : ""; const rawBody = res.getRaw();
const match = body.match(/id_token=([^&\s]+)/); const body = rawBody ? rawBody.toString() : "";
if (match && typeof match[1] === "string") { const match = body.match(/id_token=([^&\s]+)/);
return decodeURIComponent(match[1]); if (match && typeof match[1] === "string" ) {
return decodeURIComponent(match[1]);
}
} }
return null; return null;
} }
public static decodeIdToken(req: Request): Record<string, any> | null { public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null {
const token = this.extractIdToken(req); const token = this.extractIdToken(req, res);
if (!token) return null; if (!token) return null;
const decoded = jwt.decode(token, { complete: true }); const decoded = jwt.decode(token, { complete: true });

69
packages/backend/src/index.ts
View file

@ -6,6 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck"; import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector"; import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection"; import { ScopeDetection } from "./controller/scopeDetection";
import { NonceCheckController } from "./controller/nonceCheck";
export type API = DefineAPI<{}>; export type API = DefineAPI<{}>;
@ -15,42 +16,42 @@ const csrfCheck = new CsrfCheck();
const pkceCheckController = new PKCECheck(); const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController(); const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection(); const ScopeDetectionController = new ScopeDetection();
const nonceCheckController = new NonceCheckController();
export function init(sdk: SDK<API>) { export function init(sdk: SDK<API>) {
// sdk.events.onInterceptRequest(async (sdk, req: Request) => { sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
// const result = csrfCheck.checker(req); await csrfCheck.checker(sdk, req, res);
await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, res, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
// if (result) { if (NonceCheckController.isOidcFlow(req, res)) {
// await sdk.findings.create({ await sdk.findings.create({
// title: "Possible SSO Request Detected", title: "OIDC Flow Detected",
// description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, description: "The request appears to be part of an OIDC flow.",
// request: req, request: req,
// reporter: "", reporter: "",
// }); });
// }
// });
sdk.events.onInterceptResponse(
async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
await csrfCheck.checker(sdk, req, resp);
await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, resp, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
// sdk.events.onInterceptRequest(async (sdk, req: Request) => {
// const result =
// authZCodeGrantController.testReq(req) ||
// implicitGrantController.testReq(req);
// if (result) {
// await pkceCheckController.test(sdk, req);
// await sdk.findings.create({
// title: "Possible SSO Request Detected",
// description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
// request: req,
// reporter: "",
// });
} }
); });
/*
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result =
authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req);
if (result) {
await pkceCheckController.test(sdk, req);
await sdk.findings.create({
title: "Possible SSO Request Detected",
description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req,
reporter: "",
});
}
});
*/
} }