packages/backend/src/controller/nonceCheck.ts

@@ -1,51 +1,29 @@
 import type { Request, Response } from "caido:utils";
+import { TokenLeakCheck } from "./tokenLeakCheck";
 
-export class NonceCheckController {
+export class NonceCheckController{
-  /**
+    /**
-   * OIDC 플로우 탐지 로직 (OAuth 2.0과 구분)
+     * 응답이 OIDC(OpenID Connect) 플로우인지 확인하는 메서드
-   */
+     */
-  public static isOidcFlow(req: Request, res: Response): boolean {
-    const url = req.getUrl();
-    const query = req.getQuery();
-    const location = res.getHeader("Location");
-    const contentType = res.getHeader("Content-Type");
     
-    // 1️⃣ Authorization 요청: scope=openid 포함
+    public static isOidcFlow(req: Request, res:Response): boolean {
-    if (url.includes("/authorize") && /response_type=/.test(query) && (/scope=openid/.test(query)) ){
+        if(TokenLeakCheck.extractIdToken(req, res)) {
-      return true;
+            return true;
-    }
+        }
-
+        return false;
-    // 2️⃣ Token 응답: id_token 필드 포함
-    if (contentType?.includes("application/json")) {
-      const body = res.getBody();
-      const bodyStr = typeof body === "string" ? body : body?.toString?.() ?? "";
-      if (bodyStr && /id_token/.test(bodyStr)) {
-        return true;
-      }
-    }
-
-    // 3️⃣ Redirect 응답: Location 헤더에 id_token 포함
-    if (
-      (res.getCode() === 302 || res.getCode() === 303) &&
-      location &&
-      /id_token=/.test(Array.isArray(location) ? location[0] ?? "" : location ?? "")
-    ) {
-      return true;
-    }
-
-    // 4️⃣ Authorization 요청 + nonce 파라미터 포함
-    if (url.includes("/authorize") && /nonce=/.test(query)) {
-      return true;
     }
 
   
+    public static isNonceCheckRequest(req: Request): boolean {
+        const id_token = TokenLeakCheck.decodeIdToken(req);
 
-    return false;
+        // 1. nonce 파라미터가 포함된 요청인지 확인
-  }
+        if (id_token && id_token.includes("nonce=")) {
-
+            return true;
- 
+        }
-
-
-
 
+        return false;
+    }
 }
+
+

packages/backend/src/index.ts

@@ -6,7 +6,7 @@ import { CsrfCheck } from "./controller/csrfCheck";
 import { PKCECheck } from "./controller/PKCECheck";
 import { AccessTokenLeakController } from "./controller/accessTokenDetector";
 import { ScopeDetection } from "./controller/scopeDetection";
-import { NonceCheckController } from "./controller/nonceCheck";
+// import { NonceCheckController } from "./controller/nonceCheck";
 import { RedirectBypassController } from "./controller/redirect_uriBypass";
 
 export type API = DefineAPI<{}>;
@@ -26,14 +26,14 @@ export function init(sdk: SDK<API>) {
     await ScopeDetectionController.scan(sdk, req.getUrl());
     await redirectBypassController.testAsync(sdk, req, res);
 
-    if (NonceCheckController.isOidcFlow(req, res)) {
+    // if (NonceCheckController.isOidcFlow(req, res)) {
-       await sdk.findings.create({
+    //   await sdk.findings.create({
-         title: "OIDC Flow Detected",
+    //     title: "OIDC Flow Detected",
-         description: "The request appears to be part of an OIDC flow.",
+    //     description: "The request appears to be part of an OIDC flow.",
-         request: req,
+    //     request: req,
-         reporter: "",
+    //     reporter: "",
-       });
+    //   });
-     }
+    // }
   });
 
   sdk.events.onInterceptRequest(async (sdk, req: Request) => {