From 5fed2eb7d043b3ec4a0cea6dcad93de6e67b2745 Mon Sep 17 00:00:00 2001
From: "tv0924@icloud.com" <j93es@naver.com>
Date: Sat, 31 May 2025 11:47:52 +0900
Subject: [PATCH] [Update] index

---
 dist/plugin_package.zip       | Bin 15097 -> 15658 bytes
 packages/backend/src/index.ts |  29 +++++++++++++++--------------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/dist/plugin_package.zip b/dist/plugin_package.zip
index b24f0ab51b884d0bd98f2c5fc67f6a3aa4974095..28184677ccc0929e907d8d2e3ba3431c8285501f 100644
GIT binary patch
delta 2144
zcmexax~hsdz?+$civa|#iSD1stIT{&bpJ-<9h&k%sfDGf#U;T7smThp3TZ|8xe7|j
ziJ2++R;4AGImMf0wAdKgi&GPek~0D(M{{YoC+FuCmnama7M5lfrKWhNRu(JRDnu(K
z=VYelmBeSJDCsCD6{Qvz<mVNq#+OtUq=E#J^HWmelQR-?a#His!6K6v=!@Db#aeSI
zC@3gorYUGBA{(ifT9#T=siBdbTB)gEYo`EpKw?p1Zn0iQVlh}kb8>;c!Q`*nH6|$1
z>8T|eO2x_f1*uA!_IjCl$vLGdsl^&f`30$YnJG$|3N<wfrA0ZDXXvO)geB%E*rJ*a
z)(&!AijpS8br2uJU5`r-njfK>!CuQvEy>7F0cotMQBXuSX>x(S-R3#E;fy>1-p;NH
z&Kar6*{Ma7{~2g)4%c6fDe8dY)s)nn)RI&UCG1vXRSNQ1J*v-A^2_tmixN{(Qvyp<
ziz?9rq$EGMq$o2lT?6VPNN^M<XQbw)D%gTjf?j%RNoY}yhNfO|Nn%k+ad>7)hK5o`
zNl8JmlBR;a0+gv>1z{;oUTY}N1~Fjr3q$|<;*@MXkg54Osd_p2=^6<t)kUd=AX7c^
zi%T>#YZd&9GSf5j5_1$ngM6$M5)`ySF$i@JVcjlp4<hs<JRQnhl%qM>&`83k7?cTY
z74lNc6_B!p29naE9H^xV3LwRL#i=Du`6-neQ0Ic#nqVc97fMJ>X5<$Wfl7I#CZ?no
z6>Df}YARGuj^o#_hZz8o0i|dig|ft)(p0^y{LDNJP_}^>1<D}`3bhKUImM|8)!+;R
z5yEK#*aZ+ZwNUji8m^}v6tpnMf!GMkU}}89$rk20C=XLvKw?P-Oc9uksRW#`kODHW
zG_}5{67Ecxg&{e`FoQr$OmhPAi%MWBz-)w)oYWG9;?%qpL}WwbP{CFqu{<%eL;;jg
zK!r?daY?aWaeZoDiU!DHxGO+e6{`t)u<}e3DfmJ5rR3)(X6Au1OhIZgBE3S24N&-l
z6cywbl^`jBINO@59wZOKU^R&)8OUltAqsbwf&xfMAt-MeAt{1{DVnOx6p#vR!2tIJ
z$eo@k8ct|BL1hS0dY$uAQXyr*<Oy10^$9_)feI?snJKka3M$o*5UI6NsRntwR;9Wi
zu_U8br5fV;T7{z2<kZZv)D(q8h2oOLlG0)Yu)X<d3M$ngR&4^@S+Ep~KU!o#^^85p
zPY`!0*xK4E7#kQtqH6MaeXYqGOxY*@)90UDY@))a5LTL#ms*sVl$n!RQaO34iB>wQ
zkdh8G!+@eDCAB!YD6^m>Ge6HtAt59q6;#@Rs!N5Ed<B*2(xRMNh0J1wGN_q3sUY!0
z1#nRgFEtbrOG*-xvnMam6B9|!&r8cpFD*(08L5z3RFq$&H(B4zKmx1<TKX%&T~MpJ
zxxq}6k;^$hucRnHCnvRN@=EiK$lNFkGfBDJ?AMuA3=AL)spmNu7#OaJ?%%x9Vmc$J
zrl0I=Wz2U?bbk~=>EsqG16PocW@u1vEF%L02=js(2ylGXih&_FF)uSMwYWqtt2jR|
Wz?+o~B+Jae%&?w;fg#lf!~+1$aIoY6

delta 1670
zcmZ2g^|O>Wz?+$civa}I+U}XitIWLCcF#uR9h!z|sU^u7ItoFlg{7&*B?^hf3T_|~
z7{68_ttdZNK`A*gGbP_Dqokx@GnW<{qft?6VQFSjYDz$2QDSbff~`WdQgTjaYF<fv
zW{Rznj)GEAYH>k+UU6!CNo7H*ZE}9f<VJ1b7_d}weoAV5az<iKPHJ9yYJ6^LNk)E(
ztx~Ktmx6+VLS~wRh9au*dZ}fpMU@&F1t7~b6>RMk3QJRqD)ln+l5<K^Qi~xHlW%CR
zQ%93fDo)NXNVUx`NX^SkQPNbXsex#nyh}&j*f+5xIYYq~BBGZI;%Vq(cbrCaoLa1w
zrv7ApU9m7C^x48RXd-zE;!%k1ni>T~co2YvCRb@0Om5TX+q^+HoN@981Fgwdb%c~t
zQb7(14f1r(&n?K$OU*0MKr$xUFjmugvxWW|h=wnQ0`-BQkb!%uD77FbF*y~Nx4^zq
zv)9*AP*T#=!=cy~hpK3MwOAF1R){B)^Ye-)R~z!Eh8E>0*eWEbR2QWd>ZPZagcjv!
zXzCRg<Ybm;C|T+2D``d>#7-7A@~<x`s#K^3N4tUoNPCGwbWv)te^F+7W?o{BjzUpt
zu}gk=UV2etN@_~1f~`Vgd17XXLO@Y|Zf0?+USdv;Ml@8rf&w@xYviStqa<OC(xMz4
zg=z&zuvsZ6xx0oaDb#9e>ToI4gA$wqPMs-mt3z>^0ku088qIJ|B;}`6B76bjVf98m
zR(~LcfL=*zMTrK;sZf`q1PD|Xha-wh5=%;pT?<PSL9u~sC`3lV*0$ajHH7sbGLYzm
zc?OgKJ@cIMOF(%A<Q1655cy9Dq{dcBQ$bBl0i*)qSxhxB!$JAn2x1?^jcRHNAY&j_
zX~L5Q%o!z_B{``Iwv(gGjrdX&O7ax~auPH1K;biambq3vs*n=Q7MSj$)U?#1)V$<W
z1zUy8V*i5FJWm$|dj%y>iB@c-uMa69^zu?m^ot8plZ&AOx|!+uWxDx^r6n0gx`y!v
zx&}si86~+n%0+3(dc~>9C7Jnodd7N&dKTtN3RVc?QW8rNONtVcvr~)oGE+;^^zw_+
z^;7bb^+B5Ti_((K&5X^!j+}f^SBqOg0qi>+E(L|jJ_gd0-7JNC6w>mG6jZ89i*jo9
zxVR7@st_9FW2K-{jgmNPxwwL0J_Jd^y<3|AHuRpJ+~f)i-pLa!L?#Q%32t6!p~^V<
zg5}1^-BxCjamQcmvan!a0AWZy!NI`5u-10Z=37?N89_D0<PsZWzO}Y{q7X_aZ?!Q{
g010V^2KB}=GBAKJFQ|fn<2e?SS#9OnOsqg60Di?D4*&oF

diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index c7a4a4e..a24d2c7 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -8,8 +8,8 @@ import { PKCECheck } from "./controller/PKCECheck";
 export type API = DefineAPI<{}>;
 
 const csrfCheck = new CsrfCheck();
-const implicitGrantController = new ImplicitGrantController();
-const authZCodeGrantController = new AuthZCodeGrantController();
+// const implicitGrantController = new ImplicitGrantController();
+// const authZCodeGrantController = new AuthZCodeGrantController();
 const pkceCheckController = new PKCECheck();
 
 export function init(sdk: SDK<API>) {
@@ -29,20 +29,21 @@ export function init(sdk: SDK<API>) {
   sdk.events.onInterceptResponse(
     async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
       await csrfCheck.checker(sdk, req, resp);
-  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
-    const result =
-      authZCodeGrantController.testReq(req) ||
-      implicitGrantController.testReq(req);
-
-    if (result) {
       await pkceCheckController.test(sdk, req);
+      // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+      //   const result =
+      //     authZCodeGrantController.testReq(req) ||
+      //     implicitGrantController.testReq(req);
 
-      await sdk.findings.create({
-        title: "Possible SSO Request Detected",
-        description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
-        request: req,
-        reporter: "",
-      });
+      //   if (result) {
+      //     await pkceCheckController.test(sdk, req);
+
+      //     await sdk.findings.create({
+      //       title: "Possible SSO Request Detected",
+      //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+      //       request: req,
+      //       reporter: "",
+      //     });
     }
   );
 }