whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

오류잡기

Browse source
This commit is contained in:
kyu 2025-06-02 21:36:55 +09:00
commit d3a0e8ae84
1 changed files with 18 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

30
packages/backend/src/index.ts
View file

@ -6,7 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck"; import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector"; import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection"; import { ScopeDetection } from "./controller/scopeDetection";
import { NonceCheckController } from "./controller/nonceCheck"; // import { NonceCheckController } from "./controller/nonceCheck";
import { ClientSecretController } from "./controller/clientsecretCheck"; import { ClientSecretController } from "./controller/clientsecretCheck";
export type API = DefineAPI<{}>; export type API = DefineAPI<{}>;
@ -17,7 +17,7 @@ const csrfCheck = new CsrfCheck();
const pkceCheckController = new PKCECheck(); const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController(); const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection(); const ScopeDetectionController = new ScopeDetection();
const nonceCheckController = new NonceCheckController(); // const nonceCheckController = new NonceCheckController();
const clientSecretController = new ClientSecretController(); const clientSecretController = new ClientSecretController();
export function init(sdk: SDK<API>) { export function init(sdk: SDK<API>) {
@ -27,20 +27,26 @@ export function init(sdk: SDK<API>) {
await tokenCheck.testReq(sdk, req); await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, res, req); await tokenCheck.testResp(sdk, res, req);
await ScopeDetectionController.scan(sdk, req.getUrl()); await ScopeDetectionController.scan(sdk, req.getUrl());
await clientSecretController.report(sdk,req); // await clientSecretController.report(sdk,req);
if (NonceCheckController.isOidcFlow(req, res)) { // if (NonceCheckController.isOidcFlow(req, res)) {
await sdk.findings.create({ // await sdk.findings.create({
title: "OIDC Flow Detected", // title: "OIDC Flow Detected",
description: "The request appears to be part of an OIDC flow.", // description: "The request appears to be part of an OIDC flow.",
request: req, // request: req,
reporter: "", // reporter: "",
}); // });
} // }
}); });
/*
sdk.events.onInterceptRequest(async (sdk, req: Request) => { sdk.events.onInterceptRequest(async (sdk, req: Request) => {
if (clientSecretController.test(req)) {
await clientSecretController.report(sdk,req);
}
});/*
await clientSecretController.report(sdk,req);})
const result = const result =
authZCodeGrantController.testReq(req) || authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req); implicitGrantController.testReq(req);