diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 564af6f..0165988 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -6,6 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck"; import { PKCECheck } from "./controller/PKCECheck"; import { AccessTokenLeakController } from "./controller/accessTokenDetector"; import { ScopeDetection } from "./controller/scopeDetection"; +import { NonceCheckController } from "./controller/nonceCheck"; export type API = DefineAPI<{}>; @@ -15,42 +16,42 @@ const csrfCheck = new CsrfCheck(); const pkceCheckController = new PKCECheck(); const tokenCheck = new AccessTokenLeakController(); const ScopeDetectionController = new ScopeDetection(); +const nonceCheckController = new NonceCheckController(); export function init(sdk: SDK) { - // sdk.events.onInterceptRequest(async (sdk, req: Request) => { - // const result = csrfCheck.checker(req); + sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => { + await csrfCheck.checker(sdk, req, res); + await pkceCheckController.test(sdk, req); + await tokenCheck.testReq(sdk, req); + await tokenCheck.testResp(sdk, res, req); + await ScopeDetectionController.scan(sdk, req.getUrl()); - // if (result) { - // await sdk.findings.create({ - // title: "Possible SSO Request Detected", - // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, - // request: req, - // reporter: "", - // }); - // } - // }); - - sdk.events.onInterceptResponse( - async (sdk: SDK, {}>, req: Request, resp: Response) => { - await csrfCheck.checker(sdk, req, resp); - await pkceCheckController.test(sdk, req); - await tokenCheck.testReq(sdk, req); - await tokenCheck.testResp(sdk, resp, req); - await ScopeDetectionController.scan(sdk, req.getUrl()); - // sdk.events.onInterceptRequest(async (sdk, req: Request) => { - // const result = - // authZCodeGrantController.testReq(req) || - // implicitGrantController.testReq(req); - - // if (result) { - // await pkceCheckController.test(sdk, req); - - // await sdk.findings.create({ - // title: "Possible SSO Request Detected", - // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, - // request: req, - // reporter: "", - // }); + if (NonceCheckController.isOidcFlow(req, res)) { + await sdk.findings.create({ + title: "OIDC Flow Detected", + description: "The request appears to be part of an OIDC flow.", + request: req, + reporter: "", + }); } - ); -} \ No newline at end of file + }); + + /* + sdk.events.onInterceptRequest(async (sdk, req: Request) => { + const result = + authZCodeGrantController.testReq(req) || + implicitGrantController.testReq(req); + + if (result) { + await pkceCheckController.test(sdk, req); + + await sdk.findings.create({ + title: "Possible SSO Request Detected", + description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, + request: req, + reporter: "", + }); + } + }); + */ +}