whs-authz-authn/caido-plugin-test
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: whs-authz-authn:main
Branches Tags
whs-authz-authn:main
whs-authz-authn:sujin
whs-authz-authn:feature/control-tower
whs-authz-authn:feature/access-token-detector
whs-authz-authn:feature/csrf
whs-authz-authn:scopeDetection
whs-authz-authn:feature/pkce
whs-authz-authn:gyu
whs-authz-authn:tk
whs-authz-authn:revert-10-sujin
whs-authz-authn:taewoo
whs-authz-authn:feature/scope
...
pull from: whs-authz-authn:revert-10-sujin
Branches Tags
whs-authz-authn:sujin
whs-authz-authn:feature/control-tower
whs-authz-authn:main
whs-authz-authn:feature/access-token-detector
whs-authz-authn:feature/csrf
whs-authz-authn:scopeDetection
whs-authz-authn:feature/pkce
whs-authz-authn:gyu
whs-authz-authn:tk
whs-authz-authn:revert-10-sujin
whs-authz-authn:taewoo
whs-authz-authn:feature/scope
Sign in to create a new pull request.

1 commit
main ... revert-10-

Author SHA1 Message Date
James
e671700d7b
 		Revert "nonceCheck 수정" 2025-06-02 20:10:31 +09:00
3 changed files with 50 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

14
packages/backend/src/controller/nonceCheck.ts
View file

@ -1,4 +1,4 @@
import type { Request, Response } from "caido:utils"; import type { Request } from "caido:utils";
import { TokenLeakCheck } from "./tokenLeakCheck"; import { TokenLeakCheck } from "./tokenLeakCheck";
export class NonceCheckController{ export class NonceCheckController{
@ -6,8 +6,8 @@ export class NonceCheckController{
* OIDC(OpenID Connect) * OIDC(OpenID Connect)
*/ */
public static isOidcFlow(req: Request, res:Response): boolean { public static isOidcFlow(req: Request): boolean {
if(TokenLeakCheck.extractIdToken(req, res)) { if(TokenLeakCheck.extractIdToken(req)) {
return true; return true;
} }
return false; return false;
@ -15,10 +15,10 @@ export class NonceCheckController{
public static isNonceCheckRequest(req: Request): boolean { public static isNonceCheckRequest(req: Request): boolean {
const id_token = TokenLeakCheck.decodeIdToken(req); const id_token = decodeIdToken(req);
// 1. nonce 파라미터가 포함된 요청인지 확인 // 1. nonce 파라미터가 포함된 요청인지 확인
if (id_token && id_token.includes("nonce=")) { if (id_token.includes("nonce=")) {
return true; return true;
} }
@ -26,4 +26,8 @@ export class NonceCheckController{
} }
} }
function decodeIdToken(req: Request): string {
// Implement actual decoding logic here. For now, return an empty string or mock value.
return "";
}

22
packages/backend/src/controller/tokenLeakCheck.ts
View file

@ -1,8 +1,8 @@
import type { Request,Response } from "caido:utils"; import type { Request } from "caido:utils";
import jwt from "jsonwebtoken"; import jwt from "jsonwebtoken";
export class TokenLeakCheck { export class TokenLeakCheck {
public static extractIdToken(req: Request, res?: Response): string | null { public static extractIdToken(req: Request): string | null {
// 1. Authorization 헤더 확인\\ // 1. Authorization 헤더 확인\\
const header = req.getHeaders() as Record<string, string | string[] | undefined>; const header = req.getHeaders() as Record<string, string | string[] | undefined>;
const authHeader = header["authorization"] || header["Authorization"]; const authHeader = header["authorization"] || header["Authorization"];
@ -16,21 +16,19 @@ export class TokenLeakCheck {
return (query as Record<string, any>).id_token; return (query as Record<string, any>).id_token;
} }
// 3. response 안에 id_token이 있을 경우 // 3. POST 바디 안에 id_token이 있을 경우
if (res) { const rawBody = req.getRaw();
const rawBody = res.getRaw(); const body = rawBody ? rawBody.toString() : "";
const body = rawBody ? rawBody.toString() : ""; const match = body.match(/id_token=([^&\s]+)/);
const match = body.match(/id_token=([^&\s]+)/); if (match && typeof match[1] === "string") {
if (match && typeof match[1] === "string" ) { return decodeURIComponent(match[1]);
return decodeURIComponent(match[1]);
}
} }
return null; return null;
} }
public static decodeIdToken(req: Request, res?: Response): Record<string, any> | null { public static decodeIdToken(req: Request): Record<string, any> | null {
const token = this.extractIdToken(req, res); const token = this.extractIdToken(req);
if (!token) return null; if (!token) return null;
const decoded = jwt.decode(token, { complete: true }); const decoded = jwt.decode(token, { complete: true });

63
packages/backend/src/index.ts
View file

@ -6,7 +6,6 @@ import { CsrfCheck } from "./controller/csrfCheck";
import { PKCECheck } from "./controller/PKCECheck"; import { PKCECheck } from "./controller/PKCECheck";
import { AccessTokenLeakController } from "./controller/accessTokenDetector"; import { AccessTokenLeakController } from "./controller/accessTokenDetector";
import { ScopeDetection } from "./controller/scopeDetection"; import { ScopeDetection } from "./controller/scopeDetection";
import { NonceCheckController } from "./controller/nonceCheck";
export type API = DefineAPI<{}>; export type API = DefineAPI<{}>;
@ -16,42 +15,42 @@ const csrfCheck = new CsrfCheck();
const pkceCheckController = new PKCECheck(); const pkceCheckController = new PKCECheck();
const tokenCheck = new AccessTokenLeakController(); const tokenCheck = new AccessTokenLeakController();
const ScopeDetectionController = new ScopeDetection(); const ScopeDetectionController = new ScopeDetection();
const nonceCheckController = new NonceCheckController();
export function init(sdk: SDK<API>) { export function init(sdk: SDK<API>) {
sdk.events.onInterceptResponse(async (sdk, req: Request, res: Response) => { // sdk.events.onInterceptRequest(async (sdk, req: Request) => {
await csrfCheck.checker(sdk, req, res); // const result = csrfCheck.checker(req);
await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, res, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
if (NonceCheckController.isOidcFlow(req, res)) { // if (result) {
await sdk.findings.create({ // await sdk.findings.create({
title: "OIDC Flow Detected", // title: "Possible SSO Request Detected",
description: "The request appears to be part of an OIDC flow.", // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req, // request: req,
reporter: "", // reporter: "",
}); // });
} // }
}); // });
/* sdk.events.onInterceptResponse(
sdk.events.onInterceptRequest(async (sdk, req: Request) => { async (sdk: SDK<DefineAPI<{}>, {}>, req: Request, resp: Response) => {
const result = await csrfCheck.checker(sdk, req, resp);
authZCodeGrantController.testReq(req) ||
implicitGrantController.testReq(req);
if (result) {
await pkceCheckController.test(sdk, req); await pkceCheckController.test(sdk, req);
await tokenCheck.testReq(sdk, req);
await tokenCheck.testResp(sdk, resp, req);
await ScopeDetectionController.scan(sdk, req.getUrl());
// sdk.events.onInterceptRequest(async (sdk, req: Request) => {
// const result =
// authZCodeGrantController.testReq(req) ||
// implicitGrantController.testReq(req);
await sdk.findings.create({ // if (result) {
title: "Possible SSO Request Detected", // await pkceCheckController.test(sdk, req);
description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
request: req, // await sdk.findings.create({
reporter: "", // title: "Possible SSO Request Detected",
}); // description: `SSO-related parameters detected in request:\n\n${req.getMethod()} ${req.getUrl()} : ${result}`,
// request: req,
// reporter: "",
// });
} }
}); );
*/
} }