[Update] save vuln report logic

2026-06-13 22:26:42 +09:00 · 2025-06-26 12:20:41 +09:00 · 2025-06-26 12:20:41 +09:00 · 3a1422a2f2
commit 3a1422a2f2
parent 062552d3d8
9 changed files with 121 additions and 190 deletions
--- a/addon/pkce_check.py
+++ b/addon/pkce_check.py
@ -4,7 +4,7 @@ import httpx
 from typing import Dict, List

 import lib.cur_target_url as cur_target_url
-from lib.report_vuln import save_report
+from lib.report_vuln import report_vuln


 class PKCEDowngradeChecker:
@ -58,27 +58,19 @@ class PKCEDowngradeChecker:

    async def report_missing_parameters(self, url: str, is_openid: bool):
        status = "MEDIUM" if is_openid else "LOW"
-        self.save(
-            [
-                self.make_report(
-                    status,
-                    "PKCE Parameters Missing",
-                    "PKCE parameters are missing or incomplete.",
-                    url,
-                )
-            ]
+        report_vuln(
+            title="PKCE Parameters Missing",
+            desc="PKCE parameters are missing or incomplete.",
+            status=status,
+            uri=url,
        )

    async def report_plain_method(self, url: str):
-        self.save(
-            [
-                self.make_report(
-                    "CRITICAL",
-                    "PKCE Plain Method",
-                    "PKCE method is set to 'plain'. Possible downgrade.",
-                    url,
-                )
-            ]
+        report_vuln(
+            title="PKCE Plain Method",
+            desc="PKCE method is set to 'plain'. Possible downgrade.",
+            status="CRITICAL",
+            uri=url,
        )

    def create_downgraded_url(self, parsed, query):
@ -150,15 +142,11 @@ class PKCEDowngradeChecker:
        else:
            return  # Likely safe

-        self.save(
-            [
-                self.make_report(
-                    status,
-                    title,
-                    description,
-                    f"Original: {original_url}\nDowngraded: {downgraded_url}",
-                )
-            ]
+        report_vuln(  
+            title=title,
+            desc=description,
+            status=status,
+            uri=f"Original: {original_url}\nDowngraded: {downgraded_url}",
        )

    def same_redirect_destination(self, orig_loc, down_loc):
@ -166,16 +154,3 @@ class PKCEDowngradeChecker:
        down = urlparse(down_loc)
        return orig.netloc == down.netloc and orig.path == down.path

-    def make_report(
-        self, status: str, title: str, description: str, uri: str
-    ) -> Dict[str, str]:
-        return {
-            "target": cur_target_url.load(),
-            "status": status,
-            "title": title,
-            "description": description,
-            "uri": uri,
-        }
-
-    def save(self, report_data: List[Dict[str, str]]):
-        save_report(report_data)