From b32d4e02af72c9be7fabf4a99f4d0366ba80214a Mon Sep 17 00:00:00 2001
From: kyu <onthisway07@gmail.com>
Date: Sun, 1 Jun 2025 20:12:12 +0900
Subject: [PATCH] clientsecretCheck

---
 .../src/controller/clientsecretCheck.ts       | 33 +++++++++++++++++++
 packages/backend/src/index.ts                 |  6 ++++
 2 files changed, 39 insertions(+)
 create mode 100644 packages/backend/src/controller/clientsecretCheck.ts

diff --git a/packages/backend/src/controller/clientsecretCheck.ts b/packages/backend/src/controller/clientsecretCheck.ts
new file mode 100644
index 0000000..0a13917
--- /dev/null
+++ b/packages/backend/src/controller/clientsecretCheck.ts
@@ -0,0 +1,33 @@
+import type { SDK } from "caido:plugin";
+import type { Request } from "caido:utils";
+
+export class ClientSecretController {
+  test(req: Request): boolean {
+    const query = req.getQuery() ?? ""; /* URL에서 검사 */
+
+    const bodyRaw = req.getBody(); /* BODY 에서 검사 */
+    const body = typeof bodyRaw === "string" ? bodyRaw : Array.isArray(bodyRaw) ? bodyRaw.join("&") : "";
+
+    const authRaw = req.getHeader("authorization"); /* authz 헤더 에서 검사 */
+    const auth = typeof authRaw === "string" ? authRaw : Array.isArray(authRaw) ? authRaw.join(" ") : "";
+
+    return (
+      query.includes("client_secret=") ||
+      body.includes("client_secret=") ||
+      auth.toLowerCase().startsWith("basic ")
+    );
+  }
+
+  async report(sdk: SDK, req: Request): Promise<void> {
+    const url = req.getUrl();
+
+    await sdk.findings.create({
+      title: "Exposed client_secret",
+      description: `The request to \`${url}\` contains a potential exposure of the OAuth2 \`client_secret\`.`,
+      request: req,
+      reporter: "Client_Secret_Finder",
+      dedupeKey: "client_secret_exposure"
+    });
+  }
+}
+
diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index 7633932..7022449 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -3,12 +3,14 @@ import type { Request } from "caido:utils";
 import { ImplicitGrantController } from "./controller/implictGrant";
 import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
 import { PKCECheck } from "./controller/PKCECheck";
+import { ClientSecretController } from "./controller/clientsecretCheck";
 
 export type API = DefineAPI<{}>;
 
 const implicitGrantController = new ImplicitGrantController();
 const authZCodeGrantController = new AuthZCodeGrantController();
 const pkceCheck = new PKCECheck();
+const clientSecretController = new ClientSecretController();
 
 // function matchSSORequest(req: Request): boolean {
 //   const raw = req.getRaw().toString();
@@ -44,6 +46,10 @@ export function init(sdk: SDK<API>) {
         reporter: "",
       });
     }
+    if (clientSecretController.test(req)) {
+      await clientSecretController.report(sdk,req);
+    }
+    
 
   });
 }