diff --git a/addon/init.py b/addon/init.py index f682683..284a90e 100644 --- a/addon/init.py +++ b/addon/init.py @@ -4,6 +4,7 @@ from pkce_check import PKCEDowngradeChecker from ScopeDetection import ScopeDetection from csrf_check import CsrfChecker from nonce_check import NonceChecker +from redirect_uri_check import RedirectBypassChecker from access_token import AccessTokenScanner class PKCEAddon: @@ -62,7 +63,6 @@ class NonceAddon: print(f"[ERROR] NonceAddon failed: {e}") pass - class AccessTokenAddon: def __init__(self): self.checker = AccessTokenScanner() @@ -73,6 +73,16 @@ class AccessTokenAddon: except Exception as e: print(f"[ERROR] AccessToken Addon failed: {e}") pass - -addons = [PKCEAddon(), ScopeAddon(), CsrfAddon(), NonceAddon(), AccessTokenAddon()] +class RedirectBypassAddon: + def __init__(self): + self.checker = RedirectBypassChecker() + + # request 대신 response 로 바꿔 보세요: + async def response(self, flow: http.HTTPFlow): + try: + await self.checker.test(flow) + except Exception as e: + print(f"[ERROR] RedirectBypass Addon failed: {e}") + +addons = [PKCEAddon(), ScopeAddon(), CsrfAddon(), NonceAddon(), AccessTokenAddon(), RedirectBypassAddon()] diff --git a/addon/nonce_check.py b/addon/nonce_check.py index 723436c..e58c213 100644 --- a/addon/nonce_check.py +++ b/addon/nonce_check.py @@ -73,6 +73,7 @@ class NonceChecker: except Exception as e: return {} +<<<<<<< HEAD def check_nonce_in_id_token(self, flow) -> bool: if not flow.response or not self.is_oidc_flow(flow): @@ -90,6 +91,10 @@ class NonceChecker: return True id_token = self.extract_id_token(flow) +======= + # TODO id_token을 파싱하는 부분이 누락되어있습니다. + def check_nonce_in_id_token(self, flow, id_token: str) -> bool: +>>>>>>> 99fc280517f09bb93d586c26f01239f32c04c56c decoded = self.decode_id_token(id_token) nonce = decoded.get("nonce")