From d3a0e8ae848dd41086fafe774f418a56c7b9b743 Mon Sep 17 00:00:00 2001
From: kyu <onthisway07@gmail.com>
Date: Mon, 2 Jun 2025 21:36:55 +0900
Subject: [PATCH] =?UTF-8?q?=EC=98=A4=EB=A5=98=EC=9E=A1=EA=B8=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/src/index.ts | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index b36d4e2..1d17c25 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -6,7 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";
 import { AccessTokenLeakController } from "./controller/accessTokenDetector";
 import { ScopeDetection } from "./controller/scopeDetection";
-import { NonceCheckController } from "./controller/nonceCheck";
+// import { NonceCheckController } from "./controller/nonceCheck";
 import { ClientSecretController } from "./controller/clientsecretCheck";
 
 export type API = DefineAPI<{}>;
@@ -17,7 +17,7 @@ const csrfCheck = new CsrfCheck();
 const pkceCheckController = new PKCECheck();
 const tokenCheck = new AccessTokenLeakController();
 const ScopeDetectionController = new ScopeDetection();
-const nonceCheckController = new NonceCheckController();
+// const nonceCheckController = new NonceCheckController();
 const clientSecretController = new ClientSecretController();
 
 export function init(sdk: SDK<API>) {
@@ -27,20 +27,26 @@ export function init(sdk: SDK<API>) {
     await tokenCheck.testReq(sdk, req);
     await tokenCheck.testResp(sdk, res, req);
     await ScopeDetectionController.scan(sdk, req.getUrl());
-    await clientSecretController.report(sdk,req);
+    // await clientSecretController.report(sdk,req);
 
-    if (NonceCheckController.isOidcFlow(req, res)) {
-      await sdk.findings.create({
-        title: "OIDC Flow Detected",
-        description: "The request appears to be part of an OIDC flow.",
-        request: req,
-        reporter: "",
-      });
-    }
+    // if (NonceCheckController.isOidcFlow(req, res)) {
+    //   await sdk.findings.create({
+    //     title: "OIDC Flow Detected",
+    //     description: "The request appears to be part of an OIDC flow.",
+    //     request: req,
+    //     reporter: "",
+    //   });
+    // }
   });
 
-  /*
+  
   sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+    if (clientSecretController.test(req)) {
+      await clientSecretController.report(sdk,req);
+    }
+  });/*
+    
+    await clientSecretController.report(sdk,req);})
     const result =
       authZCodeGrantController.testReq(req) ||
       implicitGrantController.testReq(req);