[Update] save vuln report logic

addon/redirect_uri_check.py

@@ -4,8 +4,7 @@ import asyncio
 import random
 import time
 from urllib.parse import urlparse, parse_qs, urlencode, urlunparse  
-import lib.cur_target_url as cur_target_url  
-from lib.report_vuln import save_report 
+from lib.report_vuln import report_vuln
 
 class RedirectRateLimiter:
     """redirect_uri_check 전용 rate limiter"""
@@ -1287,13 +1286,21 @@ class RedirectBypassChecker:
         except:
             return ""
 
+    def _is_code_in_location(self, location: str) -> bool:
+        return self._extract_code_from_location(location) != ""
+
     """ mitmproxy용 - 실제 OAuth 플로우 가로채서 분석 """
     async def test(self, flow: http.HTTPFlow):
         url = flow.request.pretty_url
         parsed = urlparse(url)
         query = parse_qs(parsed.query)
-
-        if "redirect_uri" not in query:
+        
+        # location 헤더에 code가 없으면 스킵
+        location = flow.response.headers.get("Location", "")
+        if not self._is_code_in_location(location):
+            return
+        
+        if not query or "redirect_uri" not in query:
             return
 
         original_redirect_uri = query["redirect_uri"][0]
@@ -1347,15 +1354,13 @@ class RedirectBypassChecker:
         # 리다이렉트 응답이 아니면 스킵
         if status not in [301, 302, 303, 307, 308]:
             return False
-            
-        # Location 헤더에서 code 추출
-        auth_code = self._extract_code_from_location(location)
         
         # 베이스라인 검증
         is_valid = self._is_baseline_valid(bypassed_uri, original_url)
-        
-        if auth_code and not is_valid:
+
+        if self._is_code_in_location(location) and not is_valid:
             # 취약점 발견 시에만 로그
+            auth_code = self._extract_code_from_location(location)
             print(f"[🎯 VULNERABILITY] {payload.name} 우회 성공!")
             await self._report_vulnerability(original_url, test_url, bypassed_uri, location, auth_code, payload)
             return True
@@ -1384,14 +1389,12 @@ class RedirectBypassChecker:
             f"• 발급된 인가 코드: {auth_code[:10]}...\n\n"
         )
         
-        report_data = [{
-            "target": cur_target_url.load(),
-            "status": "CRITICAL",  
-            "title": "Redirect URI Bypass Vulnerability",
-            "description": description,
-            "uri": test_url  # uri 필드 추가
-        }]
+        report_vuln(
+            title="Redirect URI Bypass Vulnerability",
+            desc=description,
+            status="CRITICAL",
+            uri=test_url
+        )
         
-        save_report(report_data)
         print(f"[🎯 CRITICAL] Redirect URI 우회 취약점 발견 및 보고 완료!")
         print(f"[INFO] 패턴: {pattern_name}, 우회 URI: {bypassed_uri}")