Merge pull request #16 from whs-authz-authn-project/gyu

Create redirect_uriBypass.ts

packages/backend/src/controller/redirect_uriBypass.ts

@@ -0,0 +1,40 @@
+import type { Request, Response } from "caido:utils";
+
+
+export class RedirectBypassController {
+  isRedirectUri(req: Request): boolean {
+    const query = req.getQuery();
+
+
+    // redirect_uri 파라미터 정규식으로 추출
+    const redirectUriMatch = query.match(/redirect_uri=([^&]+)/i);
+    if (!redirectUriMatch) return false;
+
+
+    // redirect_uri 파라미터의 URL 문자열을 디코딩
+    const redirectUri = decodeURIComponent(redirectUriMatch[1]);
+
+
+    // 우회 키워드
+    const bypassPatterns = [
+      "%ff@", "／", "%2f@", "%0a@", "%0d@", "\\", ".evil.com", "@", "%2f..%2f"
+    ];
+
+
+    return bypassPatterns.some(pattern => redirectUri.includes(pattern));
+  }
+
+
+  isCodeIssued(res: Response): boolean {
+    const location = res.getHeader("Location") || "";
+    return location.includes("code=");
+  }
+
+
+  test(req: Request, res: Response): string | false {
+    if (this.isRedirectUri(req) && this.isCodeIssued(res)) {
+      return "redirect_uri bypass detected";
+    }
+    return false;
+  }
+}