From 53db0fb14e8afe2b2848d1aa02c5974ababe417d Mon Sep 17 00:00:00 2001
From: "tv0924@icloud.com" <j93es@naver.com>
Date: Thu, 26 Jun 2025 12:40:14 +0900
Subject: [PATCH] [Fix] scope detection

---
 addon/scope_detection.py | 51 +++++++++++++++++++---------------------
 1 file changed, 24 insertions(+), 27 deletions(-)

diff --git a/addon/scope_detection.py b/addon/scope_detection.py
index 453a5ab..a5a2e2d 100644
--- a/addon/scope_detection.py
+++ b/addon/scope_detection.py
@@ -1,12 +1,12 @@
-import lib.cur_target_url as cur_target_url
 from lib.report_vuln import report_vuln
+from lib.utils.is_oauth_uri import is_oauth_uri
+from urllib.parse import urlparse, parse_qs
 
 class ScopeDetection:
     def get_scope_from_query(self, query: str) -> str | None:
         if not query:
             return None
-        import urllib.parse
-        parsed = urllib.parse.parse_qs(query)
+        parsed = parse_qs(query)
         scope_values = parsed.get("scope", [])
         if scope_values:
             return scope_values[0]
@@ -16,36 +16,33 @@ class ScopeDetection:
         req = flow.request
         res = flow.response
 
-        # req.query가 MultiDictView일 수 있으므로 문자열로 변환
-        if hasattr(req.query, "urlencode"):
-            query = req.query.urlencode()
-        else:
-            query = str(req.query) if req.query else ""
+        parsed = urlparse(req.pretty_url)
+        query = parsed.query
 
-        location = res.headers.get("location", "")
+        location = res.headers.get("Location", "")
+        location_query = urlparse(location).query
 
         query_scope = self.get_scope_from_query(query)
-        location_scope = self.get_scope_from_query(location)
+        location_scope = self.get_scope_from_query(location_query)
 
-        result = []
         if query_scope in ["all", "*"]:
-            result.append(f"Scope value issue detected in request: {query_scope}")
-        if location_scope in ["all", "*"]:
-            result.append(f"Scope value issue detected in response location: {location_scope}")
-
-        return result if result else 0
-
-    async def test(self, flow):
-        req = flow.request
-        method = req.method
-        url = req.pretty_url
-
-        result = await self.check_scope(flow)
-
-        if result != 0:
             report_vuln(
                 title="OAuth Scope Value Issue",
-                desc=f"Detected scope value issue in {method} {url}: {', '.join(result)}",
+                desc=f"Scope value issue detected in request: {query_scope}",
                 status="WARNING",
-                uri=url
+                uri=req.pretty_url
             )
+        if location_scope in ["all", "*"]:
+            report_vuln(
+                title="OAuth Scope Value Issue",
+                desc=f"Scope value issue detected in response location: {location_scope}",
+                status="WARNING",
+                uri=location
+            )
+
+    async def test(self, flow):
+        
+        if not is_oauth_uri(flow.request.pretty_url):
+            return
+
+        await self.check_scope(flow)