From 062552d3d8da29c4f8ef87003c1f1a9cdd41afa9 Mon Sep 17 00:00:00 2001 From: "tv0924@icloud.com" Date: Thu, 26 Jun 2025 10:43:52 +0900 Subject: [PATCH] =?UTF-8?q?[Refactor]=20=EB=A6=AC=ED=8C=A9=ED=84=B0?= =?UTF-8?q?=EB=A7=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 ++ addon/access_token.py | 6 +++--- addon/csrf_check.py | 6 +++--- addon/{GoogleLoginHint.py => google_login_hint.py} | 0 addon/init.py | 4 ++-- addon/nonce_check.py | 6 +++--- addon/pkce_check.py | 6 +++--- addon/redirect_uri_check.py | 6 +++--- addon/{ScopeDetection.py => scope_detection.py} | 6 +++--- lib/{target.py => cur_target_url.py} | 0 lib/{report.py => report_vuln.py} | 0 runner/backend/__init__.py | 4 ++-- 12 files changed, 24 insertions(+), 22 deletions(-) rename addon/{GoogleLoginHint.py => google_login_hint.py} (100%) rename addon/{ScopeDetection.py => scope_detection.py} (92%) rename lib/{target.py => cur_target_url.py} (100%) rename lib/{report.py => report_vuln.py} (100%) diff --git a/.gitignore b/.gitignore index 225a08d..c9116f2 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,8 @@ wheels/ # Virtual environments .venv +.env + data/ diff --git a/addon/access_token.py b/addon/access_token.py index 6f1c8bb..228cd69 100644 --- a/addon/access_token.py +++ b/addon/access_token.py @@ -4,8 +4,8 @@ from typing import List, Dict, Optional, Any from mitmproxy.http import HTTPFlow -import lib.target as target -from lib.report import save_report +import lib.cur_target_url as cur_target_url +from lib.report_vuln import save_report # 결과 리포트 저장용 데이터 클래스 @dataclass @@ -32,7 +32,7 @@ class AccessTokenScanner: findings.extend(await self._scan_response(flow.response, flow.request.url)) if findings: - target_value = target.load() + target_value = cur_target_url.load() save_report([f.to_report(target_value) for f in findings]) # 내부 구현 diff --git a/addon/csrf_check.py b/addon/csrf_check.py index 4e07407..564e337 100644 --- a/addon/csrf_check.py +++ b/addon/csrf_check.py @@ -4,8 +4,8 @@ from urllib.parse import urlparse, parse_qs, unquote import httpx from typing import Optional, Union, List -import lib.target as target -from lib.report import save_report +import lib.cur_target_url as cur_target_url +from lib.report_vuln import save_report class CsrfChecker: nonce_params = { @@ -153,7 +153,7 @@ class CsrfChecker: desc = " | ".join(msgs) status = "MEDIUM" report_data = [{ - 'target': target.load(), + 'target': cur_target_url.load(), 'status': status, 'title': "CSRF Risk", 'description': desc, diff --git a/addon/GoogleLoginHint.py b/addon/google_login_hint.py similarity index 100% rename from addon/GoogleLoginHint.py rename to addon/google_login_hint.py diff --git a/addon/init.py b/addon/init.py index c54a7fc..3ce221d 100644 --- a/addon/init.py +++ b/addon/init.py @@ -1,12 +1,12 @@ from mitmproxy import http import asyncio from pkce_check import PKCEDowngradeChecker -from ScopeDetection import ScopeDetection +from addon.scope_detection import ScopeDetection from csrf_check import CsrfChecker from nonce_check import NonceChecker from redirect_uri_check import RedirectBypassChecker from access_token import AccessTokenScanner -from GoogleLoginHint import GoogleLoginHint +from addon.google_login_hint import GoogleLoginHint import os from dotenv import load_dotenv diff --git a/addon/nonce_check.py b/addon/nonce_check.py index c0af077..e252c86 100644 --- a/addon/nonce_check.py +++ b/addon/nonce_check.py @@ -3,8 +3,8 @@ from urllib.parse import urlparse, parse_qs from typing import Union import httpx -import lib.target as target -from lib.report import save_report +import lib.cur_target_url as cur_target_url +from lib.report_vuln import save_report class NonceChecker: def is_oidc_flow(self, flow) -> bool: @@ -76,7 +76,7 @@ class NonceChecker: url = req.pretty_url if not nonce: report_data = [{ - 'target': target.load(), + 'target': cur_target_url.load(), 'status': "CRITICAL", 'title': "nonce is missing in id_token", 'description': "Nonce is present in the request but missing in the id_token.", diff --git a/addon/pkce_check.py b/addon/pkce_check.py index cac1693..afd4df9 100644 --- a/addon/pkce_check.py +++ b/addon/pkce_check.py @@ -3,8 +3,8 @@ import asyncio import httpx from typing import Dict, List -import lib.target as target -from lib.report import save_report +import lib.cur_target_url as cur_target_url +from lib.report_vuln import save_report class PKCEDowngradeChecker: @@ -170,7 +170,7 @@ class PKCEDowngradeChecker: self, status: str, title: str, description: str, uri: str ) -> Dict[str, str]: return { - "target": target.load(), + "target": cur_target_url.load(), "status": status, "title": title, "description": description, diff --git a/addon/redirect_uri_check.py b/addon/redirect_uri_check.py index 8acc4dd..43df4cb 100644 --- a/addon/redirect_uri_check.py +++ b/addon/redirect_uri_check.py @@ -4,8 +4,8 @@ import asyncio import random import time from urllib.parse import urlparse, parse_qs, urlencode, urlunparse -import lib.target as target -from lib.report import save_report +import lib.cur_target_url as cur_target_url +from lib.report_vuln import save_report class RedirectRateLimiter: """redirect_uri_check 전용 rate limiter""" @@ -1385,7 +1385,7 @@ class RedirectBypassChecker: ) report_data = [{ - "target": target.load(), + "target": cur_target_url.load(), "status": "CRITICAL", "title": "Redirect URI Bypass Vulnerability", "description": description, diff --git a/addon/ScopeDetection.py b/addon/scope_detection.py similarity index 92% rename from addon/ScopeDetection.py rename to addon/scope_detection.py index a955aeb..2d14049 100644 --- a/addon/ScopeDetection.py +++ b/addon/scope_detection.py @@ -1,5 +1,5 @@ -import lib.target as target -from lib.report import save_report +import lib.cur_target_url as cur_target_url +from lib.report_vuln import save_report class ScopeDetection: def get_scope_from_query(self, query: str) -> str | None: @@ -44,7 +44,7 @@ class ScopeDetection: if result != 0: report_data = [{ - 'target': target.load(), + 'target': cur_target_url.load(), 'status': "WARNING", 'title': "OAuth scope value issue", 'description': f"{method} {url}: {', '.join(result)}", diff --git a/lib/target.py b/lib/cur_target_url.py similarity index 100% rename from lib/target.py rename to lib/cur_target_url.py diff --git a/lib/report.py b/lib/report_vuln.py similarity index 100% rename from lib/report.py rename to lib/report_vuln.py diff --git a/runner/backend/__init__.py b/runner/backend/__init__.py index 4b60e63..015c483 100644 --- a/runner/backend/__init__.py +++ b/runner/backend/__init__.py @@ -1,6 +1,6 @@ from fastapi import FastAPI, Query, HTTPException from fastapi.responses import Response -import lib.target as target +import lib.cur_target_url as cur_target_url app = FastAPI() @@ -8,7 +8,7 @@ app = FastAPI() @app.post("/start") async def start(url: str = Query(None)): if url: - target.save(url) + cur_target_url.save(url) print(f"Target URL set to: {url}") return {"message": f"Target URL set to: {url}"} return {"error": "No URL provided"}