From f775282e91503025d73b41799e7b4e04e31485aa Mon Sep 17 00:00:00 2001
From: "tv0924@icloud.com" <j93es@naver.com>
Date: Wed, 28 May 2025 15:01:53 +0900
Subject: [PATCH] [Add] csrf

---
 packages/backend/src/index.ts | 62 ++++++++++-------------------------
 pnpm-lock.yaml                | 16 +++++++++
 2 files changed, 34 insertions(+), 44 deletions(-)

diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index 8a8ca26..3d76481 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -1,41 +1,13 @@
 import type { SDK, DefineAPI } from "caido:plugin";
-import type { Request } from "caido:utils";
-<<<<<<< HEAD
-import { ImplicitGrantController } from "./controller/implictGrant";
-import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
-import { PKCECheck } from "./controller/PKCECheck";
-
-export type API = DefineAPI<{}>;
-
-const implicitGrantController = new ImplicitGrantController();
-const authZCodeGrantController = new AuthZCodeGrantController();
-const pkceCheck = new PKCECheck();
-
-// function matchSSORequest(req: Request): boolean {
-//   const raw = req.getRaw().toString();
-
-//   // 조건 3: Raw request에 SAMLRequest 또는 SAMLResponse 포함
-//   if (raw.includes("SAMLRequest=") || raw.includes("SAMLResponse=")) {
-//     return true;
-//   }
-
-//   return false;
-// }
-
-// function matchAccessTokenResponse(resp: Response): boolean {
-//   const raw = resp.getRaw().toString();
-
-//   const match = /"access_token"\s*:\s*"([^"]+)"/.exec(raw);
-//   return !!match;
-// }
-=======
+import type { Request, Response } from "caido:utils";
 // import { ImplicitGrantController } from "./controller/implictGrant";
 // import { AuthZCodeGrantController } from "./controller/authZCodeGrant";
 import { CsrfCheck } from "./controller/csrfCheck";
+import { PKCECheck } from "./controller/PKCECheck";
 
 export type API = DefineAPI<{}>;
 const csrfCheck = new CsrfCheck();
->>>>>>> 8de17eb (csrf(state) 관련 취약점 탐지 기능 추가)
+const pkceCheck = new PKCECheck();
 
 export function init(sdk: SDK<API>) {
   // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
@@ -51,21 +23,23 @@ export function init(sdk: SDK<API>) {
   //   }
   // });
 
-  sdk.events.onInterceptResponse(async (sdk, req: Request, resp) => {
-    const funcList = [csrfCheck.checker(sdk, req, resp)];
+  sdk.events.onInterceptResponse(
+    async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
+      const funcList: Promise<string | 0>[] = [
+        csrfCheck.checker(sdk, req, resp),
+      ];
 
-    let result = await Promise.all(funcList);
+      let result = await Promise.all(funcList);
+      if (result) {
+        await sdk.findings.create({
+          title: "Possible SSO Response Detected",
+          description: `SSO-related parameters detected in response:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
+          request: req,
+          reporter: "",
+        });
+      }
 
-    if (result) {
       await pkceCheck.test(sdk, req);
-
-      await sdk.findings.create({
-        title: "Possible SSO Response Detected",
-        description: `SSO-related parameters detected in response:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
-        request: req,
-        reporter: "",
-      });
     }
-
-  });
+  );
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 67de64e..83609d4 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -11,6 +11,9 @@ importers:
       '@caido-community/dev':
         specifier: ^0.1.3
         version: 0.1.5(postcss@8.5.3)(typescript@5.5.4)
+      '@caido/sdk-backend':
+        specifier: ^0.48.1
+        version: 0.48.1
       typescript:
         specifier: 5.5.4
         version: 5.5.4
@@ -34,9 +37,15 @@ packages:
   '@caido/quickjs-types@0.17.2':
     resolution: {integrity: sha512-5kcucGORMNEbcdU91yKLYZG/TFDqsO6XmCZ1TnU6V48E61mmqrJg6kjrfOFP1WOugDm+ZcGd/Su3p3XkFXfaPg==}
 
+  '@caido/quickjs-types@0.18.0':
+    resolution: {integrity: sha512-hRXUVdDvlhEhvkBoWWytoVS2j1KDVZa8dx2Q/KvWUQTR57U8EMSYE9iFgvPhu78gS8z+RF42Zcb7moNx4SDMlw==}
+
   '@caido/sdk-backend@0.46.0':
     resolution: {integrity: sha512-peUKW/4Nrw9WVxIahc+6KrVtxA7vsbpuJqOoBxudxq7tQJ+cV9IEqzvYoFFo8KlnrTkeUQUJvd0W4WsM3HgxEg==}
 
+  '@caido/sdk-backend@0.48.1':
+    resolution: {integrity: sha512-JvFeOlSqAKbj3OenBn0LPtCNaOV0x6YtaAQijpvYfBJK32Nvbf924Z10bFVCu+Clc5A1qr7HcAvJ/8B/aRikWA==}
+
   '@caido/sdk-shared@0.1.1':
     resolution: {integrity: sha512-JAV5ajUqxZdXYPTmDEvIKBZon8I5uHq44ATj0Nj3BVpllRDUGY9kcBd+PXMD50+3lv1CvhR3/f6q24T0+4aVJQ==}
 
@@ -1095,11 +1104,18 @@ snapshots:
 
   '@caido/quickjs-types@0.17.2': {}
 
+  '@caido/quickjs-types@0.18.0': {}
+
   '@caido/sdk-backend@0.46.0':
     dependencies:
       '@caido/quickjs-types': 0.17.2
       '@caido/sdk-shared': 0.1.1
 
+  '@caido/sdk-backend@0.48.1':
+    dependencies:
+      '@caido/quickjs-types': 0.18.0
+      '@caido/sdk-shared': 0.1.1
+
   '@caido/sdk-shared@0.1.1': {}
 
   '@esbuild/aix-ppc64@0.24.2':