nonceCheck 수정3

2025-05-31 15:42:37 +09:00 · 2025-05-31 15:42:37 +09:00 · 77a05bb707
commit 77a05bb707
parent e7f9d5684b
1 changed files with 33 additions and 32 deletions
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@ -6,6 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";
 import { AccessTokenLeakController } from "./controller/accessTokenDetector";
 import { ScopeDetection } from "./controller/scopeDetection";
+import { NonceCheckController } from "./controller/nonceCheck";

 export type API = DefineAPI<{}>;

@ -15,42 +16,42 @@ const csrfCheck = new CsrfCheck();
 const pkceCheckController = new PKCECheck();
 const tokenCheck = new AccessTokenLeakController();
 const ScopeDetectionController = new ScopeDetection();
+const nonceCheckController = new NonceCheckController();

 export function init(sdk: SDK<API>) {
-  // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
-  //   const result = csrfCheck.checker(req);
-
-  //   if (result) {
-  //     await sdk.findings.create({
-  //       title: "Possible SSO Request Detected",
-  //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
-  //       request: req,
-  //       reporter: "",
-  //     });
-  //   }
-  // });
-
-  sdk.events.onInterceptResponse(
-    async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
-      await csrfCheck.checker(sdk, req, resp);
+  sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
+    await csrfCheck.checker(sdk, req, res);
    await pkceCheckController.test(sdk, req);
    await tokenCheck.testReq(sdk, req);
-      await tokenCheck.testResp(sdk, resp, req);
+    await tokenCheck.testResp(sdk, res, req);
    await ScopeDetectionController.scan(sdk, req.getUrl());
-      // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
-      //   const result =
-      //     authZCodeGrantController.testReq(req) ||
-      //     implicitGrantController.testReq(req);

-      //   if (result) {
-      //     await pkceCheckController.test(sdk, req);
+    if (NonceCheckController.isOidcFlow(req, res)) {
+      await sdk.findings.create({
+        title: "OIDC Flow Detected",
+        description: "The request appears to be part of an OIDC flow.",
+        request: req,
+        reporter: "",
+      });
+    }
+  });

-      //     await sdk.findings.create({
-      //       title: "Possible SSO Request Detected",
-      //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
-      //       request: req,
-      //       reporter: "",
-      //     });
+  /*
+  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+    const result =
+      authZCodeGrantController.testReq(req) ||
+      implicitGrantController.testReq(req);
+
+    if (result) {
+      await pkceCheckController.test(sdk, req);
+
+      await sdk.findings.create({
+        title: "Possible SSO Request Detected",
+        description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+        request: req,
+        reporter: "",
+      });
    }
-  );
+  });
+  */
 }