whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' into feature/access-token-detector

Browse source
This commit is contained in:
김민곤 2025-05-31 12:48:11 +09:00 committed by GitHub
commit a2b7d44ec0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 135 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/backend/src/index.ts
View file

@ -5,6 +5,7 @@ import type { Request, Response } from "caido:utils";
import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection";
export type API = DefineAPI<{}>;
@ -13,6 +14,7 @@ const csrfCheck = new CsrfCheck();
// const authZCodeGrantController = new AuthZCodeGrantController();
const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection();
export function init(sdk: SDK<API>) {
// sdk.events.onInterceptRequest(async (sdk, req: Request) => {
@ -34,6 +36,7 @@ export function init(sdk: SDK<API>) {
await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, resp, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
// sdk.events.onInterceptRequest(async (sdk, req: Request) => {
// const result =
// authZCodeGrantController.testReq(req) ||