whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Update] feature

Browse source
This commit is contained in:
tv0924@icloud.com 2025-05-28 16:49:48 +09:00
commit ef1d8f40b3
7 changed files with 464 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

11
packages/backend/src/controller/csrfCheck.ts
View file

@ -148,7 +148,7 @@ export class CsrfCheck {
sdk: SDK<DefineAPI<{}>, {}>,
request: Request,
response: Response
): Promise<string | 0> {
): Promise<void> {
let result = ``;
// 쿼리에 state 파라미터가 없으면 CSRF 위험
@ -170,9 +170,12 @@ export class CsrfCheck {
// }
if (result) {
return result; // CSRF risk detected
} else {
return 0; // No CSRF risk detected
await sdk.findings.create({
title: "csrf vuln",
description: `SSO-related parameters detected in response:\n\n${request.getMethod()} ${request.getUrl()} : ${result}`,
request,
reporter: "csrf reporter",
});
}
}
}