whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nonceCheck 수정3

Browse source
This commit is contained in:
sultanofdisco 2025-05-31 15:42:37 +09:00
commit 77a05bb707
1 changed files with 33 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

71
packages/backend/src/index.ts
View file

@ -6,6 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck"; import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector"; import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection"; import { ScopeDetection } from "./controller/scopeDetection";
import { NonceCheckController } from "./controller/nonceCheck";
export type API = DefineAPI<{}>; export type API = DefineAPI<{}>;
@ -15,42 +16,42 @@ const csrfCheck = new CsrfCheck();
const pkceCheckController = new PKCECheck(); const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController(); const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection(); const ScopeDetectionController = new ScopeDetection();
const nonceCheckController = new NonceCheckController();
export function init(sdk: SDK<API>) { export function init(sdk: SDK<API>) {
// sdk.events.onInterceptRequest(async (sdk, req: Request) => { sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
// const result = csrfCheck.checker(req); await csrfCheck.checker(sdk, req, res);
await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, res, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
// if (result) { if (NonceCheckController.isOidcFlow(req, res)) {
// await sdk.findings.create({ await sdk.findings.create({
// title: "Possible SSO Request Detected", title: "OIDC Flow Detected",
// description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, description: "The request appears to be part of an OIDC flow.",
// request: req, request: req,
// reporter: "", reporter: "",
// }); });
// }
// });
sdk.events.onInterceptResponse(
async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
await csrfCheck.checker(sdk, req, resp);
await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, resp, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
// sdk.events.onInterceptRequest(async (sdk, req: Request) => {
// const result =
// authZCodeGrantController.testReq(req) ||
// implicitGrantController.testReq(req);
// if (result) {
// await pkceCheckController.test(sdk, req);
// await sdk.findings.create({
// title: "Possible SSO Request Detected",
// description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
// request: req,
// reporter: "",
// });
} }
); });
}
/*
sdk.events.onInterceptRequest(async (sdk, req: Request) => {
const result =
authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req);
if (result) {
await pkceCheckController.test(sdk, req);
await sdk.findings.create({
title: "Possible SSO Request Detected",
description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req,
reporter: "",
});
}
});
*/
}