whs-authz-authn/oauth-backend
1
0
Fork 0
mirror of https://github.com/j93es/oauth-backend.git synced 2026-06-04 22:11:27 +09:00
Code Issues Projects Releases Packages Wiki Activity

[Fix] scope detection

Browse source
This commit is contained in:
tv0924@icloud.com 2025-06-26 12:40:14 +09:00
commit 53db0fb14e
1 changed files with 23 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

51
addon/scope_detection.py
View file

@ -1,12 +1,12 @@
import lib.cur_target_url as cur_target_url
from lib.report_vuln import report_vuln from lib.report_vuln import report_vuln
from lib.utils.is_oauth_uri import is_oauth_uri
from urllib.parse import urlparse, parse_qs
class ScopeDetection: class ScopeDetection:
def get_scope_from_query(self, query: str) -> str | None: def get_scope_from_query(self, query: str) -> str | None:
if not query: if not query:
return None return None
import urllib.parse parsed = parse_qs(query)
parsed = urllib.parse.parse_qs(query)
scope_values = parsed.get("scope", []) scope_values = parsed.get("scope", [])
if scope_values: if scope_values:
return scope_values[0] return scope_values[0]
@ -16,36 +16,33 @@ class ScopeDetection:
req = flow.request req = flow.request
res = flow.response res = flow.response
# req.query가 MultiDictView일 수 있으므로 문자열로 변환 parsed = urlparse(req.pretty_url)
if hasattr(req.query, "urlencode"): query = parsed.query
query = req.query.urlencode()
else:
query = str(req.query) if req.query else ""
location = res.headers.get("location", "") location = res.headers.get("Location", "")
location_query = urlparse(location).query
query_scope = self.get_scope_from_query(query) query_scope = self.get_scope_from_query(query)
location_scope = self.get_scope_from_query(location) location_scope = self.get_scope_from_query(location_query)
result = []
if query_scope in ["all", "*"]: if query_scope in ["all", "*"]:
result.append(f"Scope value issue detected in request: {query_scope}")
if location_scope in ["all", "*"]:
result.append(f"Scope value issue detected in response location: {location_scope}")
return result if result else 0
async def test(self, flow):
req = flow.request
method = req.method
url = req.pretty_url
result = await self.check_scope(flow)
if result != 0:
report_vuln( report_vuln(
title="OAuth Scope Value Issue", title="OAuth Scope Value Issue",
desc=f"Detected scope value issue in {method} {url}: {', '.join(result)}", desc=f"Scope value issue detected in request: {query_scope}",
status="WARNING", status="WARNING",
uri=url uri=req.pretty_url
) )
if location_scope in ["all", "*"]:
report_vuln(
title="OAuth Scope Value Issue",
desc=f"Scope value issue detected in response location: {location_scope}",
status="WARNING",
uri=location
)
async def test(self, flow):
if not is_oauth_uri(flow.request.pretty_url):
return
await self.check_scope(flow)