diff --git a/packages/backend/src/controller/nonceCheck.ts b/packages/backend/src/controller/nonceCheck.ts index a27a4d6..383ca90 100644 --- a/packages/backend/src/controller/nonceCheck.ts +++ b/packages/backend/src/controller/nonceCheck.ts @@ -1,4 +1,4 @@ -import type { Request, Response } from "caido:utils"; +import type { Request } from "caido:utils"; import { TokenLeakCheck } from "./tokenLeakCheck"; export class NonceCheckController{ @@ -6,8 +6,8 @@ export class NonceCheckController{ * 응답이 OIDC(OpenID Connect) 플로우인지 확인하는 메서드 */ - public static isOidcFlow(req: Request, res:Response): boolean { - if(TokenLeakCheck.extractIdToken(req, res)) { + public static isOidcFlow(req: Request): boolean { + if(TokenLeakCheck.extractIdToken(req)) { return true; } return false; @@ -15,10 +15,10 @@ export class NonceCheckController{ public static isNonceCheckRequest(req: Request): boolean { - const id_token = TokenLeakCheck.decodeIdToken(req); + const id_token = decodeIdToken(req); // 1. nonce 파라미터가 포함된 요청인지 확인 - if (id_token && id_token.includes("nonce=")) { + if (id_token.includes("nonce=")) { return true; } @@ -26,4 +26,8 @@ export class NonceCheckController{ } } +function decodeIdToken(req: Request): string { + // Implement actual decoding logic here. For now, return an empty string or mock value. + return ""; +} diff --git a/packages/backend/src/controller/tokenLeakCheck.ts b/packages/backend/src/controller/tokenLeakCheck.ts index 5a05ce9..2248b49 100644 --- a/packages/backend/src/controller/tokenLeakCheck.ts +++ b/packages/backend/src/controller/tokenLeakCheck.ts @@ -1,8 +1,8 @@ -import type { Request,Response } from "caido:utils"; +import type { Request } from "caido:utils"; import jwt from "jsonwebtoken"; export class TokenLeakCheck { - public static extractIdToken(req: Request, res?: Response): string | null { + public static extractIdToken(req: Request): string | null { // 1. Authorization 헤더 확인\\ const header = req.getHeaders() as Record; const authHeader = header["authorization"] || header["Authorization"]; @@ -16,21 +16,19 @@ export class TokenLeakCheck { return (query as Record).id_token; } - // 3. response 안에 id_token이 있을 경우 - if (res) { - const rawBody = res.getRaw(); - const body = rawBody ? rawBody.toString() : ""; - const match = body.match(/id_token=([^&\s]+)/); - if (match && typeof match[1] === "string" ) { - return decodeURIComponent(match[1]); - } + // 3. POST 바디 안에 id_token이 있을 경우 + const rawBody = req.getRaw(); + const body = rawBody ? rawBody.toString() : ""; + const match = body.match(/id_token=([^&\s]+)/); + if (match && typeof match[1] === "string") { + return decodeURIComponent(match[1]); } return null; } - public static decodeIdToken(req: Request, res?: Response): Record | null { - const token = this.extractIdToken(req, res); + public static decodeIdToken(req: Request): Record | null { + const token = this.extractIdToken(req); if (!token) return null; const decoded = jwt.decode(token, { complete: true }); diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 0165988..bab0ee0 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -6,7 +6,6 @@ import { CsrfCheck } from "./controller/csrfCheck"; import { PKCECheck } from "./controller/PKCECheck"; import { AccessTokenLeakController } from "./controller/accessTokenDetector"; import { ScopeDetection } from "./controller/scopeDetection"; -import { NonceCheckController } from "./controller/nonceCheck"; export type API = DefineAPI<{}>; @@ -16,42 +15,42 @@ const csrfCheck = new CsrfCheck(); const pkceCheckController = new PKCECheck(); const tokenCheck = new AccessTokenLeakController(); const ScopeDetectionController = new ScopeDetection(); -const nonceCheckController = new NonceCheckController(); export function init(sdk: SDK) { - sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => { - await csrfCheck.checker(sdk, req, res); - await pkceCheckController.test(sdk, req); - await tokenCheck.testReq(sdk, req); - await tokenCheck.testResp(sdk, res, req); - await ScopeDetectionController.scan(sdk, req.getUrl()); + // sdk.events.onInterceptRequest(async (sdk, req: Request) => { + // const result = csrfCheck.checker(req); - if (NonceCheckController.isOidcFlow(req, res)) { - await sdk.findings.create({ - title: "OIDC Flow Detected", - description: "The request appears to be part of an OIDC flow.", - request: req, - reporter: "", - }); - } - }); + // if (result) { + // await sdk.findings.create({ + // title: "Possible SSO Request Detected", + // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, + // request: req, + // reporter: "", + // }); + // } + // }); - /* - sdk.events.onInterceptRequest(async (sdk, req: Request) => { - const result = - authZCodeGrantController.testReq(req) || - implicitGrantController.testReq(req); - - if (result) { + sdk.events.onInterceptResponse( + async (sdk: SDK, {}>, req: Request, resp: Response) => { + await csrfCheck.checker(sdk, req, resp); await pkceCheckController.test(sdk, req); + await tokenCheck.testReq(sdk, req); + await tokenCheck.testResp(sdk, resp, req); + await ScopeDetectionController.scan(sdk, req.getUrl()); + // sdk.events.onInterceptRequest(async (sdk, req: Request) => { + // const result = + // authZCodeGrantController.testReq(req) || + // implicitGrantController.testReq(req); - await sdk.findings.create({ - title: "Possible SSO Request Detected", - description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, - request: req, - reporter: "", - }); + // if (result) { + // await pkceCheckController.test(sdk, req); + + // await sdk.findings.create({ + // title: "Possible SSO Request Detected", + // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`, + // request: req, + // reporter: "", + // }); } - }); - */ + ); }