nonceCheck 수정
This commit is contained in:
sultanofdisco
parent
c355038288
commit
cc81947bd8
3 changed files with 23 additions and 11 deletions
|
|
@ -1,8 +1,8 @@
|
|||
import type { Request } from "caido:utils";
|
||||
import type { Request,Response } from "caido:utils";
|
||||
import jwt from "jsonwebtoken";
|
||||
|
||||
export class TokenLeakCheck {
|
||||
public static extractIdToken(req: Request): string | null {
|
||||
public static extractIdToken(req: Request, res?: Response): string | null {
|
||||
// 1. Authorization 헤더 확인\\
|
||||
const header = req.getHeaders() as Record<string, string | string[] | undefined>;
|
||||
const authHeader = header["authorization"] || header["Authorization"];
|
||||
|
|
@ -16,19 +16,21 @@ export class TokenLeakCheck {
|
|||
return (query as Record<string, any>).id_token;
|
||||
}
|
||||
|
||||
// 3. POST 바디 안에 id_token이 있을 경우
|
||||
const rawBody = req.getRaw();
|
||||
const body = rawBody ? rawBody.toString() : "";
|
||||
const match = body.match(/id_token=([^&\s]+)/);
|
||||
if (match && typeof match[1] === "string") {
|
||||
return decodeURIComponent(match[1]);
|
||||
// 3. response 안에 id_token이 있을 경우
|
||||
if (res) {
|
||||
const rawBody = res.getRaw();
|
||||
const body = rawBody ? rawBody.toString() : "";
|
||||
const match = body.match(/id_token=([^&\s]+)/);
|
||||
if (match && typeof match[1] === "string" ) {
|
||||
return decodeURIComponent(match[1]);
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public static decodeIdToken(req: Request): Record<string, any> | null {
|
||||
const token = this.extractIdToken(req);
|
||||
public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null {
|
||||
const token = this.extractIdToken(req, res);
|
||||
if (!token) return null;
|
||||
|
||||
const decoded = jwt.decode(token, { complete: true });
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ import type { SDK, DefineAPI } from "caido:plugin";
|
|||
import type { Request } from "caido:utils";
|
||||
import { ImplicitGrantController } from "./controller/implictGrant";
|
||||
import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
|
||||
import { NonceCheckController } from "./controller/nonceCheck";
|
||||
|
||||
export type API = DefineAPI<{}>;
|
||||
|
||||
|
|
@ -40,5 +41,14 @@ export function init(sdk: SDK<API>) {
|
|||
reporter: "",
|
||||
});
|
||||
}
|
||||
|
||||
if(NonceCheckController.isOidcFlow(req)) {
|
||||
await sdk.findings.create({
|
||||
title: "OIDC Flow Detected",
|
||||
description: "The request appears to be part of an OIDC flow.",
|
||||
request: req,
|
||||
reporter: "",
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue