whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[FIX]: 탐지 키워드 정상화

Browse source
This commit is contained in:
KMINGON 2025-06-01 20:59:48 +09:00
commit 77a65002f7
1 changed files with 15 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

22
packages/backend/src/controller/accessTokenDetector.ts
View file

@ -51,7 +51,7 @@ export class AccessTokenLeakController {
return { return {
found: true, found: true,
location: 'url', location: 'url',
title: "Access Token Leak in URL", title: "Token Leak in URL",
description: `요청 URL에 토큰이 포함되어 있습니다. (토큰: ${extractedTokenFromUrl.substring(0, 20)}...)`, description: `요청 URL에 토큰이 포함되어 있습니다. (토큰: ${extractedTokenFromUrl.substring(0, 20)}...)`,
value: url value: url
}; };
@ -69,7 +69,7 @@ export class AccessTokenLeakController {
return { return {
found: true, found: true,
location: 'body', location: 'body',
title: "Access Token Leak in Request Body", title: "Token Leak in Request Body",
description: `요청 Body에 토큰이이 포함되어 있습니다. (토큰: ${extractedTokenFromBody.substring(0, 20)}...)`, description: `요청 Body에 토큰이이 포함되어 있습니다. (토큰: ${extractedTokenFromBody.substring(0, 20)}...)`,
value: bodyText value: bodyText
}; };
@ -98,7 +98,7 @@ export class AccessTokenLeakController {
return { return {
found: true, found: true,
location: 'header', location: 'header',
title: "Access Token Leak in Redirect URL", title: "Token Leak in Redirect URL",
description: `Location 헤더에 토큰이 노출되었습니다: ${locationHeaderStr} (토큰: ${extractedTokenFromHeader.substring(0, 20)}...)`, description: `Location 헤더에 토큰이 노출되었습니다: ${locationHeaderStr} (토큰: ${extractedTokenFromHeader.substring(0, 20)}...)`,
value: locationHeaderStr value: locationHeaderStr
}; };
@ -117,7 +117,7 @@ export class AccessTokenLeakController {
return { return {
found: true, found: true,
location: 'body', location: 'body',
title: "Access Token Leak in Response Body", title: "Token Leak in Response Body",
description: `HTTP 응답 본문에 토큰이 노출되었습니다. (토큰: ${extractedTokenFromBody.substring(0, 20)}...)`, description: `HTTP 응답 본문에 토큰이 노출되었습니다. (토큰: ${extractedTokenFromBody.substring(0, 20)}...)`,
value: bodyText value: bodyText
}; };
@ -136,10 +136,18 @@ private extractTokenFromText(text: string): string | null {
// 토큰 관련 키워드 리스트 // 토큰 관련 키워드 리스트
const tokenKeys = [ const tokenKeys = [
'access_token', 'access_token',
'id_token', 'accesstoken',
'Access-Token',
'Refresh_Token',
'Refresh-Token',
'RefreshToken',
'Secret_Token',
'Secret-Token',
'SecretToken',
'SSO_Auth',
'SSO-Auth',
'SSOAuth',
'auth_token', 'auth_token',
'token',
'jwt',
'session_token' 'session_token'
]; ];