[Refactor] 리팩터링

.gitignore

@@ -9,6 +9,8 @@ wheels/
 # Virtual environments
 .venv
 
+.env
+
 data/
 
 

addon/access_token.py

@@ -4,8 +4,8 @@ from typing import List, Dict, Optional, Any
 
 from mitmproxy.http import HTTPFlow
 
-import lib.target as target
-from lib.report import save_report
+import lib.cur_target_url as cur_target_url
+from lib.report_vuln import save_report
 
 # 결과 리포트 저장용 데이터 클래스
 @dataclass
@@ -32,7 +32,7 @@ class AccessTokenScanner:
         findings.extend(await self._scan_response(flow.response, flow.request.url))
 
         if findings:
-            target_value = target.load()
+            target_value = cur_target_url.load()
             save_report([f.to_report(target_value) for f in findings])
 
     # 내부 구현

addon/csrf_check.py

@@ -4,8 +4,8 @@ from urllib.parse import urlparse, parse_qs, unquote
 import httpx
 from typing import Optional, Union, List
 
-import lib.target as target
-from lib.report import save_report
+import lib.cur_target_url as cur_target_url
+from lib.report_vuln import save_report
 
 class CsrfChecker:
     nonce_params = {
@@ -153,7 +153,7 @@ class CsrfChecker:
                 desc = " | ".join(msgs)
                 status = "MEDIUM"
                 report_data = [{
-                    'target': target.load(),
+                    'target': cur_target_url.load(),
                     'status': status,
                     'title': "CSRF Risk",
                     'description': desc,

addon/init.py

@@ -1,12 +1,12 @@
 from mitmproxy import http
 import asyncio
 from pkce_check import PKCEDowngradeChecker
-from ScopeDetection import ScopeDetection
+from addon.scope_detection import ScopeDetection
 from csrf_check import CsrfChecker
 from nonce_check import NonceChecker
 from redirect_uri_check import RedirectBypassChecker
 from access_token import AccessTokenScanner
-from GoogleLoginHint import GoogleLoginHint
+from addon.google_login_hint import GoogleLoginHint
 import os
 from dotenv import load_dotenv
 

addon/nonce_check.py

@@ -3,8 +3,8 @@ from urllib.parse import urlparse, parse_qs
 from typing import Union
 import httpx
 
-import lib.target as target
-from lib.report import save_report
+import lib.cur_target_url as cur_target_url
+from lib.report_vuln import save_report
 
 class NonceChecker:
     def is_oidc_flow(self, flow) -> bool:
@@ -76,7 +76,7 @@ class NonceChecker:
         url = req.pretty_url
         if not nonce:
             report_data = [{
-                'target': target.load(),
+                'target': cur_target_url.load(),
                 'status': "CRITICAL",
                 'title': "nonce is missing in id_token",
                 'description': "Nonce is present in the request but missing in the id_token.",

addon/pkce_check.py

@@ -3,8 +3,8 @@ import asyncio
 import httpx
 from typing import Dict, List
 
-import lib.target as target
-from lib.report import save_report
+import lib.cur_target_url as cur_target_url
+from lib.report_vuln import save_report
 
 
 class PKCEDowngradeChecker:
@@ -170,7 +170,7 @@ class PKCEDowngradeChecker:
         self, status: str, title: str, description: str, uri: str
     ) -> Dict[str, str]:
         return {
-            "target": target.load(),
+            "target": cur_target_url.load(),
             "status": status,
             "title": title,
             "description": description,

addon/redirect_uri_check.py

@@ -4,8 +4,8 @@ import asyncio
 import random
 import time
 from urllib.parse import urlparse, parse_qs, urlencode, urlunparse  
-import lib.target as target  
-from lib.report import save_report 
+import lib.cur_target_url as cur_target_url  
+from lib.report_vuln import save_report 
 
 class RedirectRateLimiter:
     """redirect_uri_check 전용 rate limiter"""
@@ -1385,7 +1385,7 @@ class RedirectBypassChecker:
         )
         
         report_data = [{
-            "target": target.load(),
+            "target": cur_target_url.load(),
             "status": "CRITICAL",  
             "title": "Redirect URI Bypass Vulnerability",
             "description": description,

addon/scope_detection.py

@@ -1,5 +1,5 @@
-import lib.target as target
-from lib.report import save_report
+import lib.cur_target_url as cur_target_url
+from lib.report_vuln import save_report
 
 class ScopeDetection:
     def get_scope_from_query(self, query: str) -> str | None:
@@ -44,7 +44,7 @@ class ScopeDetection:
 
         if result != 0:
             report_data = [{
-                'target': target.load(),
+                'target': cur_target_url.load(),
                 'status': "WARNING",
                 'title': "OAuth scope value issue",
                 'description': f"{method} {url}: {', '.join(result)}",

runner/backend/__init__.py

@@ -1,6 +1,6 @@
 from fastapi import FastAPI, Query, HTTPException
 from fastapi.responses import Response
-import lib.target as target
+import lib.cur_target_url as cur_target_url
 
 app = FastAPI()
 
@@ -8,7 +8,7 @@ app = FastAPI()
 @app.post("/start")
 async def start(url: str = Query(None)):
     if url:
-        target.save(url)
+        cur_target_url.save(url)
         print(f"Target URL set to: {url}")
         return {"message": f"Target URL set to: {url}"}
     return {"error": "No URL provided"}