Revert "nonceCheck 수정"

2025-06-02 20:10:31 +09:00 · 2025-06-02 20:10:31 +09:00 · e671700d7b
commit e671700d7b
parent 9ccd1eb7ac
3 changed files with 50 additions and 49 deletions
--- a/packages/backend/src/controller/nonceCheck.ts
+++ b/packages/backend/src/controller/nonceCheck.ts
@ -1,4 +1,4 @@
-import type { Request, Response } from "caido:utils";
+import type { Request } from "caido:utils";
 import { TokenLeakCheck } from "./tokenLeakCheck";

 export class NonceCheckController{
@ -6,8 +6,8 @@ export class NonceCheckController{
     * 응답이 OIDC(OpenID Connect) 플로우인지 확인하는 메서드
     */
    
-    public static isOidcFlow(req: Request, res:Response): boolean {
-        if(TokenLeakCheck.extractIdToken(req, res)) {
+    public static isOidcFlow(req: Request): boolean {
+        if(TokenLeakCheck.extractIdToken(req)) {
            return true;
        }
        return false;
@ -15,10 +15,10 @@ export class NonceCheckController{

  
    public static isNonceCheckRequest(req: Request): boolean {
-        const id_token = TokenLeakCheck.decodeIdToken(req);
+        const id_token = decodeIdToken(req);

        // 1. nonce 파라미터가 포함된 요청인지 확인
-        if (id_token && id_token.includes("nonce=")) {
+        if (id_token.includes("nonce=")) {
            return true;
        }

@ -26,4 +26,8 @@ export class NonceCheckController{
    }
 }

+function decodeIdToken(req: Request): string {
+    // Implement actual decoding logic here. For now, return an empty string or mock value.
+    return "";
+}

--- a/packages/backend/src/controller/tokenLeakCheck.ts
+++ b/packages/backend/src/controller/tokenLeakCheck.ts
@ -1,8 +1,8 @@
-import type { Request,Response } from "caido:utils";
+import type { Request } from "caido:utils";
 import jwt from "jsonwebtoken";

 export class TokenLeakCheck {
-  public static extractIdToken(req: Request, res?: Response): string | null {
+  public static extractIdToken(req: Request): string | null {
    // 1. Authorization 헤더 확인\\
    const header = req.getHeaders() as Record<string, string | string[] | undefined>;
    const authHeader = header["authorization"] || header["Authorization"];
@ -16,21 +16,19 @@ export class TokenLeakCheck {
      return (query as Record<string, any>).id_token;
    }

-    // 3. response 안에 id_token이 있을 경우
-    if (res) {
-      const rawBody = res.getRaw();
-      const body = rawBody ? rawBody.toString() : "";
-      const match = body.match(/id_token=([^&\s]+)/);
-      if (match && typeof match[1] === "string" ) {
-        return decodeURIComponent(match[1]);
-      }
+    // 3. POST 바디 안에 id_token이 있을 경우
+    const rawBody = req.getRaw();
+    const body = rawBody ? rawBody.toString() : "";
+    const match = body.match(/id_token=([^&\s]+)/);
+    if (match && typeof match[1] === "string") {
+      return decodeURIComponent(match[1]);
    }

    return null;
  }

-  public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null {
-    const token = this.extractIdToken(req, res);
+  public static decodeIdToken(req: Request): Record<string, any> | null {
+    const token = this.extractIdToken(req);
    if (!token) return null;

    const decoded = jwt.decode(token, { complete: true });
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@ -6,7 +6,6 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";
 import { AccessTokenLeakController } from "./controller/accessTokenDetector";
 import { ScopeDetection } from "./controller/scopeDetection";
-import { NonceCheckController } from "./controller/nonceCheck";

 export type API = DefineAPI<{}>;

@ -16,42 +15,42 @@ const csrfCheck = new CsrfCheck();
 const pkceCheckController = new PKCECheck();
 const tokenCheck = new AccessTokenLeakController();
 const ScopeDetectionController = new ScopeDetection();
-const nonceCheckController = new NonceCheckController();

 export function init(sdk: SDK<API>) {
-  sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => {
-    await csrfCheck.checker(sdk, req, res);
-    await pkceCheckController.test(sdk, req);
-    await tokenCheck.testReq(sdk, req);
-    await tokenCheck.testResp(sdk, res, req);
-    await ScopeDetectionController.scan(sdk, req.getUrl());
+  // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+  //   const result = csrfCheck.checker(req);

-    if (NonceCheckController.isOidcFlow(req, res)) {
-      await sdk.findings.create({
-        title: "OIDC Flow Detected",
-        description: "The request appears to be part of an OIDC flow.",
-        request: req,
-        reporter: "",
-      });
-    }
-  });
+  //   if (result) {
+  //     await sdk.findings.create({
+  //       title: "Possible SSO Request Detected",
+  //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+  //       request: req,
+  //       reporter: "",
+  //     });
+  //   }
+  // });

-  /*
-  sdk.events.onInterceptRequest(async (sdk, req: Request) => {
-    const result =
-      authZCodeGrantController.testReq(req) ||
-      implicitGrantController.testReq(req);
-
-    if (result) {
+  sdk.events.onInterceptResponse(
+    async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
+      await csrfCheck.checker(sdk, req, resp);
      await pkceCheckController.test(sdk, req);
+      await tokenCheck.testReq(sdk, req);
+      await tokenCheck.testResp(sdk, resp, req);
+      await ScopeDetectionController.scan(sdk, req.getUrl());
+      // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
+      //   const result =
+      //     authZCodeGrantController.testReq(req) ||
+      //     implicitGrantController.testReq(req);

-      await sdk.findings.create({
-        title: "Possible SSO Request Detected",
-        description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
-        request: req,
-        reporter: "",
-      });
+      //   if (result) {
+      //     await pkceCheckController.test(sdk, req);
+
+      //     await sdk.findings.create({
+      //       title: "Possible SSO Request Detected",
+      //       description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+      //       request: req,
+      //       reporter: "",
+      //     });
    }
-  });
-  */
+  );
 }