packages/backend/src/controller/PKCECheck.ts

@@ -1,6 +1,5 @@
 import type { SDK } from "caido:plugin";
 import { Body, RequestSpec, type Request } from "caido:utils";
-import { sendReport } from "../utils/controlTower";
 
 export class PKCECheck {
   // 필요한 PKCE 파라미터 목록
@@ -80,14 +79,13 @@ export class PKCECheck {
           const reference = isOpenID
             ? "https://openid.net/specs/openid-igov-oauth2-1_0-02.html#rfc.section.3.1.7"
             : "https://datatracker.ietf.org/doc/html/rfc7636";
-            await this.reportFinding(
+
-              sdk,
+          await sdk.findings.create({
-              req,
-              url,
-              isOpenID,
             title,
-              `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`
+            description: `PKCE downgrade vulnerability detected!\n\nOriginal URL: ${url}\nDowngraded URL: ${downgradedUrl}\n\nBoth requests returned authorization codes, indicating the server accepts requests without PKCE protection.\n\nReference: ${reference}`,
-            );
+            request: req,
+            reporter: "PKCE Checker",
+          });
 
           return true;
         }
@@ -135,6 +133,5 @@ export class PKCECheck {
       request: req,
       reporter: "PKCE Checker",
     });
-    await sendReport(sdk, fullTitle, `${message} (${url})`, req, "PKCE Checker");
   }
 }

packages/backend/src/controller/accessTokenDetector.ts

@@ -1,6 +1,5 @@
 import type { Request, Response } from "caido:utils";
 import type { SDK, DefineAPI } from "caido:plugin";
-import { sendReport } from "../utils/controlTower";
 
 // 토큰 누출 검사 결과를 담는 구조
 export interface TokenLeakResult {
@@ -22,13 +21,6 @@ export class AccessTokenLeakController {
         request,
         reporter: "AccessTokenLeak",
       });
-      await sendReport(
-        sdk,
-        result.title,
-        result.description,
-        request,
-        "AccessTokenLeak"
-      );
     }
   }
 
@@ -41,13 +33,6 @@ export class AccessTokenLeakController {
         request,
         reporter: "AccessTokenLeak",
       });
-      await sendReport(
-        sdk,
-        result.title,
-        result.description,
-        request,
-        "AccessTokenLeak"
-      );
     }
   }
 

packages/backend/src/controller/csrfCheck.ts

@@ -1,7 +1,6 @@
 import type { Request, Response } from "caido:utils";
 import type { SDK, DefineAPI } from "caido:plugin";
 import { HttpUtils } from "../utils/http";
-import { sendReport } from "../utils/controlTower";
 
 const httpUtils = new HttpUtils();
 
@@ -270,14 +269,6 @@ export class CsrfCheck {
           request,
           reporter: "csrf reporter",
         });
-        await sendReport(
-          sdk,
-          "CSRF Vulnerability Detected",
-          `A CSRF vulnerability was detected in the request.\n\nRequest: ${request.getMethod()} ${request.getUrl()}\n\nDetails: ${result}`,
-          request,
-          "csrf reporter"
-        );
-
       }
     } catch (error) {
       sdk.console.error(`Error creating finding: ${error}`);

packages/backend/src/controller/redirect_uriBypass.ts

@@ -1,6 +1,5 @@
 import type { Request, Response } from "caido:utils";
 import type { SDK } from "caido:plugin";
-import { sendReport } from "../utils/controlTower";
 
 export class RedirectBypassController {
   // redirect_uri를 확인하는 함수
@@ -55,13 +54,6 @@ export class RedirectBypassController {
         request: req,
         reporter: "gyu",
       });
-      await sendReport(
-        sdk,
-        "Redirect URI Bypass Detected",
-        `A redirect URI bypass was detected.\nRedirect URI: ${result.redirectUri}`,
-        req,
-        "gyu"
-      );
     }
   }
 }

packages/backend/src/index.ts

@@ -40,7 +40,6 @@ export function init(sdk: SDK<API>) {
     await tokenCheck.testReq(sdk, req);
     await pkceCheckController.test(sdk, req);
   });
-  
   /*
   sdk.events.onInterceptRequest(async (sdk, req: Request) => {
     const result =

packages/backend/src/utils/controlTower.ts

@@ -1,24 +0,0 @@
-import type { SDK } from "caido:plugin";
-import { Body, RequestSpec, type Request } from "caido:utils";
-
-export async function sendReport(
-    sdk: SDK, 
-    title: string, 
-    description: string, 
-    request: Request, 
-    reporter: string
-) {
-    const spec = new RequestSpec("http://192.168.0.9:4020/report");
-    spec.setMethod("POST");
-    spec.setHeader("Content-Type", "application/json");
-    
-    const body = new Body(JSON.stringify({
-        title,
-        description,
-        request: request.toSpec(),
-        reporter
-    }));
-    spec.setBody(body);
-    
-    return await sdk.requests.send(spec);
-}