[Update] 자동 오탐 검증을 위한 라우터 추가

addon/csrf_check.py

@@ -76,10 +76,10 @@ class CsrfChecker:
         resp_nonce = self.get_query_param(loc, param) if param else None
 
         if resp_nonce is None:
-            report_vuln(title="CSRF Risk", desc="Missing nonce in redirect response", status="HIGH", uri=flow.request.url)
+            report_vuln(title="CSRF Risk", desc="Missing nonce in redirect response", status="CRITICAL", uri=flow.request.url)
             return 1
         if orig_nonce != resp_nonce:
-            report_vuln(title="CSRF Risk", desc="Nonce mismatch request↔response", status="MEDIUM", uri=flow.request.url)
+            report_vuln(title="CSRF Risk", desc="Nonce mismatch request↔response", status="HIGH", uri=flow.request.url)
             return 1
 
         return 0
@@ -103,11 +103,11 @@ class CsrfChecker:
         if new_nonce is None:
             return 0
         if new_nonce == orig_nonce:
-            report_vuln(title="CSRF Risk", desc="Nonce reused without cookies", status="HIGH", uri=flow.request.url)
+            report_vuln(title="CSRF Risk", desc="Nonce reused without cookies", status="CRITICAL", uri=flow.request.url)
             return 1
 
         # (2) 두 번의 리다이렉트 비교
-        async with httpx.AsyncClient(follow_redirects=False) as cli:
+        async with httpx.AsyncClient(follow_redirects=True) as cli:
             # 원본 쿼리
             req1 = await cli.get(loc0, params=qs0, headers=flow.request.headers)
             # nonce 교체 쿼리
@@ -120,7 +120,7 @@ class CsrfChecker:
             and urlparse(req1.headers.get("location", "")).path
             == urlparse(req2.headers.get("location", "")).path
         ):
-            report_vuln(title="CSRF Risk", desc="Identical redirects on nonce swap → potential CSRF", status="MEDIUM", uri=flow.request.url)
+            report_vuln(title="CSRF Risk", desc="Identical redirects on nonce swap → potential CSRF", status="NOT-VERIFIED-HIGH", uri=flow.request.url)
             return 1
 
         return 0
@@ -130,7 +130,7 @@ class CsrfChecker:
 
             # 1) 요청에 nonce 없으면
             if is_oauth_uri(flow.request.url) and not self.check_nonce_in_request(flow):
-                report_vuln(title="CSRF Risk", desc="Missing nonce in OAuth request", status="HIGH", uri=flow.request.url)
+                report_vuln(title="CSRF Risk", desc="Missing nonce in OAuth request", status="CRITICAL", uri=flow.request.url)
                 return
 
             # 2) 리다이렉트에서 nonce 검사