whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nonceCheck 수정

Browse source
This commit is contained in:
sultanofdisco 2025-05-31 11:55:06 +09:00
commit cc81947bd8
3 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
dist/plugin_package.zip vendored
View file

Binary file not shown.

22
packages/backend/src/controller/tokenLeakCheck.ts
View file

@ -1,8 +1,8 @@
import type { Request } from "caido:utils"; import type { Request,Response } from "caido:utils";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
export class TokenLeakCheck { export class TokenLeakCheck {
public static extractIdToken(req: Request): string | null { public static extractIdToken(req: Request, res?: Response): string | null {
// 1. Authorization 헤더 확인\\ // 1. Authorization 헤더 확인\\
const header = req.getHeaders() as Record<string, string | string[] | undefined>; const header = req.getHeaders() as Record<string, string | string[] | undefined>;
const authHeader = header["authorization"] || header["Authorization"]; const authHeader = header["authorization"] || header["Authorization"];
@ -16,19 +16,21 @@ export class TokenLeakCheck {
return (query as Record<string, any>).id_token; return (query as Record<string, any>).id_token;
} }
// 3. POST 바디 안에 id_token이 있을 경우 // 3. response 안에 id_token이 있을 경우
const rawBody = req.getRaw(); if (res) {
const body = rawBody ? rawBody.toString() : ""; const rawBody = res.getRaw();
const match = body.match(/id_token=([^&\s]+)/); const body = rawBody ? rawBody.toString() : "";
if (match && typeof match[1] === "string") { const match = body.match(/id_token=([^&\s]+)/);
return decodeURIComponent(match[1]); if (match && typeof match[1] === "string" ) {
return decodeURIComponent(match[1]);
}
} }
return null; return null;
} }
public static decodeIdToken(req: Request): Record<string, any> | null { public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null {
const token = this.extractIdToken(req); const token = this.extractIdToken(req, res);
if (!token) return null; if (!token) return null;
const decoded = jwt.decode(token, { complete: true }); const decoded = jwt.decode(token, { complete: true });

12
packages/backend/src/index.ts
View file

@ -2,6 +2,7 @@ import type { SDK, DefineAPI } from "caido:plugin";
import type { Request } from "caido:utils"; import type { Request } from "caido:utils";
import { ImplicitGrantController } from "./controller/implictGrant"; import { ImplicitGrantController } from "./controller/implictGrant";
import { AuthZCodeGrantController } from "./controller/authZCodeGrant"; import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
import { NonceCheckController } from "./controller/nonceCheck";
export type API = DefineAPI<{}>; export type API = DefineAPI<{}>;
@ -40,5 +41,14 @@ export function init(sdk: SDK<API>) {
reporter: "", reporter: "",
}); });
} }
if(NonceCheckController.isOidcFlow(req)) {
await sdk.findings.create({
title: "OIDC Flow Detected",
description: "The request appears to be part of an OIDC flow.",
request: req,
reporter: "",
});
}
}); });
} }