[Update] save vuln report logic

addon/access_token.py

@@ -1,23 +1,11 @@
 import re
 from dataclasses import dataclass, asdict
 from typing import List, Dict, Optional, Any
+import asyncio
 
 from mitmproxy.http import HTTPFlow
 
-import lib.cur_target_url as cur_target_url
-from lib.report_vuln import save_report
-
-# 결과 리포트 저장용 데이터 클래스
-@dataclass
-class TokenLeakResult:
-    title: str
-    description: str
-    uri: str
-    status: str = "MEDIUM" # 기본 상태
-
-    def to_report(self, target_value) -> Dict[str, str]:
-        """리포트 저장 포맷(dict)으로 변환"""
-        return {"target": target_value, **asdict(self)}
+from lib.report_vuln import report_vuln
 
 
 # 요청/응답에서 액세스 토큰 노출 여부를 검사하는 스캐너
@@ -26,31 +14,25 @@ class AccessTokenScanner:
     async def scan(self, flow: HTTPFlow) -> None:
         """단일 HTTPFlow(request + response)에 대해 요청과 응답을 모두 검사."""
         print(f"[TOKENDEBUG] Request URL: {flow.request.url}")
-        findings: List[TokenLeakResult] = []
-
-        findings.extend(await self._scan_request(flow.request))
-        findings.extend(await self._scan_response(flow.response, flow.request.url))
-
-        if findings:
-            target_value = cur_target_url.load()
-            save_report([f.to_report(target_value) for f in findings])
+        
+        async_gather = []
+        async_gather.append(self._scan_request(flow.request))
+        async_gather.append(self._scan_response(flow.response, flow.request.url))
+        await asyncio.gather(*async_gather)
 
     # 내부 구현
-    async def _scan_request(self, request: Any) -> List[TokenLeakResult]:
-        results: List[TokenLeakResult] = []
+    async def _scan_request(self, request: Any):
         
         print("[TOKENDEBUG] ==scan request==")
         # URL 검사
         token_result = self._extract_token(request.url)
         if token_result:
             token, has_bearer = token_result
-            results.append(
-                TokenLeakResult(
-                    title="Token Leak in Request URL",
-                    description=f"요청 URL에 토큰이 포함되어 있습니다 (앞 20자): {token[:20]}…",
-                    uri=request.url,
-                    status="MEDIUM" if has_bearer else "LOW"
-                )
+            report_vuln(
+                title="Token Leak in Request URL",
+                desc=f"요청 URL에 토큰이 포함되어 있습니다 (앞 20자): {token[:20]}…",
+                status="MEDIUM" if has_bearer else "LOW",
+                uri=request.url
             )
 
         # Body 검사 (텍스트 컨텐츠인 경우)
@@ -59,22 +41,17 @@ class AccessTokenScanner:
             token_result = self._extract_token(body_text)
             if token_result:
                 token, has_bearer = token_result
-                results.append(
-                    TokenLeakResult(
-                        title="Token Leak in Request Body",
-                        description=f"요청 본문에 토큰이 포함되어 있습니다 (앞 20자): {token[:20]}…",
-                        uri=request.url,
-                        status="MEDIUM" if has_bearer else "LOW"
-                    )
+                report_vuln(
+                    title="Token Leak in Request Body",
+                    desc=f"요청 본문에 토큰이 포함되어 있습니다 (앞 20자): {token[:20]}…",
+                    status="MEDIUM" if has_bearer else "LOW",
+                    uri=request.url
                 )
 
-        return results
-
-    async def _scan_response(self, response: Optional[Any], request_url: str) -> List[TokenLeakResult]:
+    async def _scan_response(self, response: Optional[Any], request_url: str):
         if response is None:
-            return []
+            return
 
-        results: List[TokenLeakResult] = []
         print("[TOKENDEBUG] ==scan response==")
         # Location 헤더 검사 (리다이렉트)
         if location_header := response.headers.get("Location"):
@@ -82,12 +59,11 @@ class AccessTokenScanner:
             if token_result:
                 token, has_bearer = token_result
                 if has_bearer:
-                    results.append(
-                        TokenLeakResult(
-                            title="Token Leak in Redirect URL (Location header)",
-                            description=f"Location 헤더에 토큰이 노출되었습니다 (앞 20자): {token[:20]}…",
-                            uri=location_header,
-                        )
+                    report_vuln(
+                        title="Token Leak in Redirect URL (Location header)",
+                        desc=f"Location 헤더에 토큰이 노출되었습니다 (앞 20자): {token[:20]}…",
+                        status="MEDIUM",
+                        uri=location_header,
                     )
 
         # Body 검사 (텍스트 컨텐츠인 경우)
@@ -97,16 +73,13 @@ class AccessTokenScanner:
             if token_result:
                 token, has_bearer = token_result
                 if has_bearer:
-                    results.append(
-                        TokenLeakResult(
-                            title="Token Leak in Response Body",
-                            description=f"응답 본문에 토큰이 노출되었습니다 (앞 20자): {token[:20]}…",
-                            uri=request_url,
-                        )
+                    report_vuln(
+                        title="Token Leak in Response Body",
+                        desc=f"응답 본문에 토큰이 노출되었습니다 (앞 20자): {token[:20]}…",
+                        status="MEDIUM",
+                        uri=request_url,
                     )
 
-        return results
-
     # 토큰 탐지 키워드드
     _TOKEN_KEYS = [
         "access_token",