opencode-api-security-testing 5.2.0 → 5.2.1

package/src/tools/endpoint-discover.ts

@@ -1,325 +0,0 @@
-/**
- * Endpoint Discovery Tool
- * 
- * Automatically discovers API endpoints from:
- * - JavaScript files (inline and external)
- * - HTML source code
- * - Sitemap.xml
- * - robots.txt
- * - Common API patterns
- */
-
-import { tool } from "@opencode-ai/plugin";
-
-export const endpointDiscoverTool = tool({
-  description: "自动发现 API 端点。从 JS 文件、HTML、Sitemap 中提取所有 API 路径",
-  args: {
-    target: tool.schema.string(),
-    depth: tool.schema.enum(["shallow", "deep"]).optional(),
-    include_methods: tool.schema.boolean().optional()
-  },
-  async execute(args, ctx) {
-    const { join } = require("path");
-    const { existsSync } = require("fs");
-    
-    const target = args.target as string;
-    const depth = (args.depth as string) || "shallow";
-    const includeMethods = (args.include_methods as boolean) !== false;
-    
-    const corePath = join(ctx.directory, "skills/api-security-testing/core");
-    const deps = existsSync(join(ctx.directory, "skills/api-security-testing/requirements.txt")) 
-      ? `pip install -q -r "${join(ctx.directory, "skills/api-security-testing/requirements.txt")}" 2>/dev/null; ` 
-      : "";
-    
-    const pythonCode = `
-import sys
-import re
-import json
-import urllib.request
-import urllib.parse
-import ssl
-from collections import OrderedDict
-
-sys.path.insert(0, '${corePath.replace(/\\\\/g, "/")}')
-
-# Disable SSL verification for self-signed certs
-ssl._create_default_https_context = ssl._create_unverified_context
-
-target = "${target.replace(/"/g, '\\"')}"
-depth = "${depth}"
-include_methods = ${includeMethods ? "True" : "False"}
-
-endpoints = set()
-js_endpoints = set()
-html_endpoints = set()
-api_patterns = []
-
-# Common API patterns to search for
-common_api_patterns = [
-    r'["\\'](/api/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/v[0-9]+/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/[a-zA-Z0-9_-]+/[a-zA-Z0-9_-]+/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/admin/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/auth/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/user/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/login|/logout|/register|/signup)["\\']',
-    r'["\\'](/graphql)["\\']',
-    r'["\\'](/rest/[^"\\'\\s?#]+)["\\']',
-    r'["\\'](/rpc/[^"\\'\\s?#]+)["\\']',
-    r'axios\\.(get|post|put|delete|patch)\\(["\\']([^"\\'\\s?#]+)["\\']',
-    r'fetch\\(["\\']([^"\\'\\s?#]+)["\\']',
-    r'\\$http\\.(get|post|put|delete|patch)\\(["\\']([^"\\'\\s?#]+)["\\']',
-    r'url:\\s*["\\']([^"\\'\\s?#]+)["\\']',
-    r'baseURL:\\s*["\\']([^"\\'\\s?#]+)["\\']',
-    r'["\\'](doUrl|request|apiCall)\\(["\\']([^"\\'\\s?#]+)["\\']',
-]
-
-# HTTP method patterns
-method_patterns = [
-    (r'\\.(get|post|put|delete|patch|head|options)\\(', 'METHOD'),
-    (r'axios\\.(get|post|put|delete|patch)\\(', 'METHOD'),
-    (r'\\$http\\.(get|post|put|delete|patch)\\(', 'METHOD'),
-]
-
-def safe_fetch(url, timeout=10):
-    """Fetch URL with error handling"""
-    try:
-        req = urllib.request.Request(url, headers={
-            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
-            'Accept': '*/*'
-        })
-        with urllib.request.urlopen(req, timeout=timeout) as response:
-            return response.read().decode('utf-8', errors='ignore')
-    except Exception as e:
-        return None
-
-def extract_endpoints_from_text(text, source="unknown"):
-    """Extract API endpoints from text content"""
-    found = []
-    for pattern in common_api_patterns:
-        matches = re.findall(pattern, text)
-        for match in matches:
-            if isinstance(match, tuple):
-                endpoint = match[-1]  # Last group is usually the URL
-            else:
-                endpoint = match
-            
-            # Clean up endpoint
-            endpoint = endpoint.strip().lstrip('/')
-            if endpoint and len(endpoint) > 2 and not endpoint.startswith(('http', 'data:', 'javascript:', '#')):
-                # Skip common non-API paths
-                skip_patterns = ['.js', '.css', '.png', '.jpg', '.gif', '.svg', '.ico', '.woff', '.ttf']
-                if not any(endpoint.lower().endswith(ext) for ext in skip_patterns):
-                    full_path = '/' + endpoint
-                    found.append(full_path)
-    return found
-
-def extract_methods_from_text(text, endpoint):
-    """Extract HTTP methods associated with an endpoint"""
-    methods = set()
-    lines = text.split('\\n')
-    for line in lines:
-        if endpoint in line:
-            for pattern, _ in method_patterns:
-                match = re.search(pattern, line, re.IGNORECASE)
-                if match:
-                    methods.add(match.group(1).upper())
-    return list(methods) if methods else ['GET']
-
-def fetch_js_files(html_content, base_url):
-    """Extract JS file URLs from HTML"""
-    js_urls = []
-    js_pattern = r'<script[^>]+src=["\\']([^"\\'\\s?#]+)["\\']'
-    matches = re.findall(js_pattern, html_content)
-    
-    for js_url in matches:
-        if js_url.startswith('//'):
-            js_url = 'https:' + js_url
-        elif js_url.startswith('/'):
-            js_url = base_url.rstrip('/') + js_url
-        elif not js_url.startswith('http'):
-            js_url = base_url.rstrip('/') + '/' + js_url
-        js_urls.append(js_url)
-    
-    return js_urls
-
-def fetch_sitemap(base_url):
-    """Fetch and parse sitemap.xml"""
-    sitemap_url = base_url.rstrip('/') + '/sitemap.xml'
-    content = safe_fetch(sitemap_url)
-    if content:
-        urls = re.findall(r'<loc>([^<]+)</loc>', content)
-        return urls
-    return []
-
-def fetch_robots(base_url):
-    """Fetch and parse robots.txt for disallowed paths"""
-    robots_url = base_url.rstrip('/') + '/robots.txt'
-    content = safe_fetch(robots_url)
-    if content:
-        paths = re.findall(r'(?:Disallow|Allow):\\s*(/[a-zA-Z0-9_./-]*)', content)
-        return paths
-    return []
-
-def fetch_common_paths(base_url):
-    """Check common API paths"""
-    common_paths = [
-        '/api', '/api/v1', '/api/v2', '/api/docs', '/api/swagger',
-        '/swagger.json', '/swagger-ui.html', '/api-docs',
-        '/graphql', '/graphiql',
-        '/rest', '/rest/v1',
-        '/admin', '/admin/api',
-        '/auth', '/auth/login', '/auth/register',
-        '/health', '/healthcheck', '/status',
-        '/version', '/info', '/config',
-        '/.well-known/openid-configuration',
-    ]
-    
-    found = []
-    for path in common_paths:
-        url = base_url.rstrip('/') + path
-        content = safe_fetch(url, timeout=5)
-        if content and len(content) > 10:
-            found.append(path)
-            # If it's a JSON response, extract more endpoints
-            if content.strip().startswith('{'):
-                try:
-                    data = json.loads(content[:10000])
-                    # Look for URL-like values in JSON
-                    json_str = json.dumps(data)
-                    json_endpoints = re.findall(r'["\\'](/[a-zA-Z0-9_./-]+)["\\']', json_str)
-                    found.extend(json_endpoints)
-                except:
-                    pass
-    return found
-
-# Main discovery process
-print(f"[*] Starting endpoint discovery for: {target}")
-print(f"[*] Depth: {depth}")
-print()
-
-# Parse base URL
-parsed = urllib.parse.urlparse(target)
-base_url = f"{parsed.scheme}://{parsed.netloc}"
-
-# 1. Fetch main page
-print("[1/6] Fetching main page...")
-html_content = safe_fetch(target)
-if html_content:
-    html_eps = extract_endpoints_from_text(html_content, "html")
-    html_endpoints.update(html_eps)
-    print(f"  Found {len(html_eps)} endpoints in HTML")
-    
-    # 2. Fetch JS files
-    print("[2/6] Fetching JavaScript files...")
-    js_urls = fetch_js_files(html_content, base_url)
-    print(f"  Found {len(js_urls)} JS files")
-    
-    for i, js_url in enumerate(js_urls[:50 if depth == "deep" else 20]):
-        js_content = safe_fetch(js_url, timeout=10)
-        if js_content:
-            js_eps = extract_endpoints_from_text(js_content, f"js:{js_url}")
-            js_endpoints.update(js_eps)
-
-# 3. Check sitemap
-print("[3/6] Checking sitemap.xml...")
-sitemap_urls = fetch_sitemap(base_url)
-if sitemap_urls:
-    print(f"  Found {len(sitemap_urls)} URLs in sitemap")
-    for url in sitemap_urls:
-        parsed_url = urllib.parse.urlparse(url)
-        if parsed_url.path and len(parsed_url.path) > 1:
-            endpoints.add(parsed_url.path)
-
-# 4. Check robots.txt
-print("[4/6] Checking robots.txt...")
-robots_paths = fetch_robots(base_url)
-if robots_paths:
-    print(f"  Found {len(robots_paths)} paths in robots.txt")
-    endpoints.update(robots_paths)
-
-# 5. Check common API paths
-print("[5/6] Checking common API paths...")
-common_eps = fetch_common_paths(base_url)
-if common_eps:
-    print(f"  Found {len(common_eps)} accessible API paths")
-    endpoints.update(common_eps)
-
-# 6. Deep scan if requested
-if depth == "deep":
-    print("[6/6] Deep scanning JS files for API patterns...")
-    # Re-scan all JS files with deeper patterns
-    deep_patterns = [
-        r'["\\'](/[a-zA-Z0-9_./{}:-]+)["\\']',
-        r'path:\\s*["\\'](/[a-zA-Z0-9_./{}:-]+)["\\']',
-        r'route:\\s*["\\'](/[a-zA-Z0-9_./{}:-]+)["\\']',
-        r'endpoint:\\s*["\\'](/[a-zA-Z0-9_./{}:-]+)["\\']',
-        r'uri:\\s*["\\'](/[a-zA-Z0-9_./{}:-]+)["\\']',
-    ]
-    
-    for js_url in js_urls[:50]:
-        js_content = safe_fetch(js_url, timeout=10)
-        if js_content:
-            for pattern in deep_patterns:
-                matches = re.findall(pattern, js_content)
-                for match in matches:
-                    if len(match) > 2 and not match.startswith(('http', 'data:', 'javascript:', '#')):
-                        endpoints.add(match)
-
-# Merge all endpoints
-all_endpoints = set()
-all_endpoints.update(endpoints)
-all_endpoints.update(html_endpoints)
-all_endpoints.update(js_endpoints)
-
-# Clean and deduplicate
-clean_endpoints = []
-seen = set()
-for ep in sorted(all_endpoints):
-    # Normalize
-    ep = ep.split('?')[0]  # Remove query params
-    ep = ep.split('#')[0]  # Remove fragments
-    ep = ep.rstrip('/')
-    if ep and ep not in seen and len(ep) > 1:
-        seen.add(ep)
-        clean_endpoints.append(ep)
-
-# Generate report
-print(f"\\n{'='*60}")
-print(f"ENDPOINT DISCOVERY REPORT")
-print(f"{'='*60}")
-print(f"Target: {target}")
-print(f"Total unique endpoints found: {len(clean_endpoints)}")
-print(f"  - From HTML: {len(html_endpoints)}")
-print(f"  - From JS files: {len(js_endpoints)}")
-print(f"  - From sitemap/robots: {len(endpoints)}")
-print(f"{'='*60}")
-print()
-
-# Output as JSON for programmatic use
-result = {
-    "target": target,
-    "total_endpoints": len(clean_endpoints),
-    "endpoints": clean_endpoints,
-    "sources": {
-        "html": len(html_endpoints),
-        "javascript": len(js_endpoints),
-        "sitemap_robots": len(endpoints)
-    }
-}
-
-print(json.dumps(result, indent=2, ensure_ascii=False))
-`;
-
-    const shell = ctx as unknown as { $: (strings: TemplateStringsArray, ...expr: unknown[]) => Promise<{ toString(): string }> };
-    const cmd = `${deps}python3 -c "${pythonCode.replace(/"/g, '\\"').replace(/\n/g, '\\n')}"`;
-    
-    try {
-      const result = await shell.$`${cmd}`;
-      return result.toString();
-    } catch (error) {
-      const err = error as Error;
-      return `Error: ${err.message}`;
-    }
-  }
-});

package/src/tools/report-generator.ts

@@ -1,355 +0,0 @@
-/**
- * Report Generator Tool
- * 
- * Generates structured security test reports in multiple formats.
- * Supports OWASP API Top 10 template and custom templates.
- */
-
-import { tool } from "@opencode-ai/plugin";
-
-export const reportGenerateTool = tool({
-  description: "生成安全测试报告。支持 Markdown、HTML、JSON 格式，内置 OWASP API Top 10 模板",
-  args: {
-    format: tool.schema.enum(["markdown", "html", "json"]).optional(),
-    template: tool.schema.enum(["owasp-api", "custom"]).optional(),
-    target: tool.schema.string().optional(),
-    findings: tool.schema.string().optional(),
-    severity_filter: tool.schema.enum(["all", "critical", "high", "medium", "low", "info"]).optional()
-  },
-  async execute(args, ctx) {
-    const { join } = require("path");
-    const { existsSync, writeFileSync, mkdirSync } = require("fs");
-    
-    const format = (args.format as string) || "markdown";
-    const template = (args.template as string) || "owasp-api";
-    const target = (args.target as string) || "Unknown";
-    const findings = (args.findings as string) || "";
-    const severityFilter = (args.severity_filter as string) || "all";
-    
-    const corePath = join(ctx.directory, "skills/api-security-testing/core");
-    const deps = existsSync(join(ctx.directory, "skills/api-security-testing/requirements.txt")) 
-      ? `pip install -q -r "${join(ctx.directory, "skills/api-security-testing/requirements.txt")}" 2>/dev/null; ` 
-      : "";
-    
-    const pythonCode = `
-import sys
-import json
-import re
-from datetime import datetime
-
-sys.path.insert(0, '${corePath.replace(/\\\\/g, "/")}')
-
-format = "${format}"
-template = "${template}"
-target = "${target.replace(/"/g, '\\"')}"
-findings = """${(findings || "").replace(/"/g, '\\"').replace(/\\n/g, '\\n')}"""
-severity_filter = "${severityFilter}"
-
-# Parse findings if JSON
-parsed_findings = []
-if findings.strip():
-    try:
-        parsed_findings = json.loads(findings)
-    except:
-        # Try to parse as line-separated JSON
-        for line in findings.strip().split('\\n'):
-            if line.strip():
-                try:
-                    parsed_findings.append(json.loads(line))
-                except:
-                    pass
-
-# Filter by severity
-if severity_filter != "all" and parsed_findings:
-    parsed_findings = [f for f in parsed_findings if f.get("severity", "").lower() == severity_filter.lower()]
-
-# Count by severity
-severity_counts = {"critical": 0, "high": 0, "medium": 0, "low": 0, "info": 0}
-for f in parsed_findings:
-    sev = f.get("severity", "info").lower()
-    if sev in severity_counts:
-        severity_counts[sev] += 1
-
-total_vulns = len(parsed_findings)
-critical_count = severity_counts["critical"]
-high_count = severity_counts["high"]
-medium_count = severity_counts["medium"]
-low_count = severity_counts["low"]
-info_count = severity_counts["info"]
-
-# Calculate risk score
-risk_score = (critical_count * 10) + (high_count * 7) + (medium_count * 4) + (low_count * 1)
-if risk_score >= 50:
-    risk_level = "CRITICAL"
-    risk_color = "#FF0000"
-elif risk_score >= 30:
-    risk_level = "HIGH"
-    risk_color = "#FF6600"
-elif risk_score >= 15:
-    risk_level = "MEDIUM"
-    risk_color = "#FFCC00"
-elif risk_score > 0:
-    risk_level = "LOW"
-    risk_color = "#00CC00"
-else:
-    risk_level = "NONE"
-    risk_color = "#006600"
-
-now = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
-
-if format == "markdown":
-    report = f"""# API 安全测试报告
-
-## 基本信息
-
-| 项目 | 值 |
-|------|------|
-| 目标 | {target} |
-| 测试时间 | {now} |
-| 测试模板 | {template} |
-| 风险等级 | **{risk_level}** |
-| 风险分数 | {risk_score}/100 |
-
-## 漏洞统计
-
-| 严重程度 | 数量 |
-|---------|------|
-| 🔴 Critical | {critical_count} |
-| 🟠 High | {high_count} |
-| 🟡 Medium | {medium_count} |
-| 🟢 Low | {low_count} |
-| 🔵 Info | {info_count} |
-| **总计** | **{total_vulns}** |
-
-## 漏洞详情
-
-"""
-    
-    if not parsed_findings:
-        report += "未发现安全漏洞。\\n\\n"
-    else:
-        for i, finding in enumerate(parsed_findings, 1):
-            title = finding.get("title", finding.get("vulnerability", f"Vulnerability #{i}"))
-            severity = finding.get("severity", "Unknown").upper()
-            endpoint = finding.get("endpoint", finding.get("url", "N/A"))
-            description = finding.get("description", finding.get("detail", "No description"))
-            poc = finding.get("poc", finding.get("proof_of_concept", ""))
-            recommendation = finding.get("recommendation", finding.get("fix", "Review and fix the identified issue"))
-            cwe = finding.get("cwe", finding.get("cwe_id", ""))
-            owasp = finding.get("owasp", finding.get("owasp_category", ""))
-            
-            severity_emoji = {"CRITICAL": "🔴", "HIGH": "🟠", "MEDIUM": "🟡", "LOW": "🟢", "INFO": "🔵"}.get(severity, "⚪")
-            
-            report += f"""### {i}. {severity_emoji} [{severity}] {title}
-
-| 属性 | 值 |
-|------|------|
-| 端点 | \`{endpoint}\` |
-| CWE | {cwe or "N/A"} |
-| OWASP | {owasp or "N/A"} |
-
-**描述:**
-
-{description}
-
-"""
-            if poc:
-                report += f"""**PoC:**
-
-\`\`\`bash
-{poc}
-\`\`\`
-
-"""
-            report += f"""**修复建议:**
-
-{recommendation}
-
----
-
-"""
-
-    report += f"""## 测试覆盖范围
-
-| 测试类别 | 状态 |
-|---------|------|
-| SQL 注入 | ✅ 已测试 |
-| XSS 跨站脚本 | ✅ 已测试 |
-| IDOR 越权 | ✅ 已测试 |
-| 认证绕过 | ✅ 已测试 |
-| 敏感数据泄露 | ✅ 已测试 |
-| 业务逻辑漏洞 | ✅ 已测试 |
-| 安全配置 | ✅ 已测试 |
-| 暴力破解 | ✅ 已测试 |
-| SSRF | ✅ 已测试 |
-| GraphQL 注入 | ✅ 已测试 |
-
----
-
-*报告生成时间: {now}*
-*工具: opencode-api-security-testing v5.1.0*
-"""
-
-elif format == "html":
-    report = f"""<!DOCTYPE html>
-<html lang="zh-CN">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>API 安全测试报告 - {target}</title>
-    <style>
-        body {{ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 20px; background: #f5f5f5; }}
-        .container {{ max-width: 1200px; margin: 0 auto; background: white; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); overflow: hidden; }}
-        .header {{ background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); color: white; padding: 30px; }}
-        .header h1 {{ margin: 0 0 10px 0; font-size: 28px; }}
-        .header .meta {{ opacity: 0.9; font-size: 14px; }}
-        .stats {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); gap: 15px; padding: 20px; }}
-        .stat-card {{ background: #f8f9fa; border-radius: 8px; padding: 15px; text-align: center; }}
-        .stat-card .number {{ font-size: 32px; font-weight: bold; }}
-        .stat-card .label {{ font-size: 12px; color: #666; text-transform: uppercase; }}
-        .stat-card.critical .number {{ color: #dc3545; }}
-        .stat-card.high .number {{ color: #fd7e14; }}
-        .stat-card.medium .number {{ color: #ffc107; }}
-        .stat-card.low .number {{ color: #28a745; }}
-        .findings {{ padding: 20px; }}
-        .finding {{ border: 1px solid #e9ecef; border-radius: 8px; margin-bottom: 15px; overflow: hidden; }}
-        .finding-header {{ padding: 15px; display: flex; align-items: center; gap: 10px; }}
-        .finding-header.critical {{ background: #fff5f5; border-left: 4px solid #dc3545; }}
-        .finding-header.high {{ background: #fff8f0; border-left: 4px solid #fd7e14; }}
-        .finding-header.medium {{ background: #fffdf0; border-left: 4px solid #ffc107; }}
-        .finding-header.low {{ background: #f0fff4; border-left: 4px solid #28a745; }}
-        .severity-badge {{ padding: 3px 8px; border-radius: 4px; font-size: 11px; font-weight: bold; color: white; }}
-        .severity-badge.critical {{ background: #dc3545; }}
-        .severity-badge.high {{ background: #fd7e14; }}
-        .severity-badge.medium {{ background: #ffc107; color: #333; }}
-        .severity-badge.low {{ background: #28a745; }}
-        .finding-body {{ padding: 15px; }}
-        .finding-body table {{ width: 100%; border-collapse: collapse; margin-bottom: 10px; }}
-        .finding-body th, .finding-body td {{ padding: 8px; text-align: left; border-bottom: 1px solid #e9ecef; }}
-        .finding-body th {{ background: #f8f9fa; font-weight: 600; }}
-        .finding-body pre {{ background: #f8f9fa; padding: 10px; border-radius: 4px; overflow-x: auto; }}
-        .footer {{ padding: 20px; text-align: center; color: #666; font-size: 12px; border-top: 1px solid #e9ecef; }}
-    </style>
-</head>
-<body>
-    <div class="container">
-        <div class="header">
-            <h1>🔒 API 安全测试报告</h1>
-            <div class="meta">
-                目标: {target} | 时间: {now} | 风险等级: <strong style="color: {risk_color}">{risk_level}</strong> | 分数: {risk_score}/100
-            </div>
-        </div>
-        
-        <div class="stats">
-            <div class="stat-card critical">
-                <div class="number">{critical_count}</div>
-                <div class="label">Critical</div>
-            </div>
-            <div class="stat-card high">
-                <div class="number">{high_count}</div>
-                <div class="label">High</div>
-            </div>
-            <div class="stat-card medium">
-                <div class="number">{medium_count}</div>
-                <div class="label">Medium</div>
-            </div>
-            <div class="stat-card low">
-                <div class="number">{low_count}</div>
-                <div class="label">Low</div>
-            </div>
-            <div class="stat-card">
-                <div class="number">{total_vulns}</div>
-                <div class="label">Total</div>
-            </div>
-        </div>
-        
-        <div class="findings">
-"""
-    
-    if not parsed_findings:
-        report += """<div style="padding: 40px; text-align: center; color: #28a745;">
-            <h2>✅ 未发现安全漏洞</h2>
-            <p>所有测试项目均已通过</p>
-        </div>"""
-    else:
-        for i, finding in enumerate(parsed_findings, 1):
-            title = finding.get("title", finding.get("vulnerability", f"Vulnerability #{i}"))
-            severity = finding.get("severity", "Unknown").lower()
-            endpoint = finding.get("endpoint", finding.get("url", "N/A"))
-            description = finding.get("description", finding.get("detail", "No description"))
-            poc = finding.get("poc", finding.get("proof_of_concept", ""))
-            recommendation = finding.get("recommendation", finding.get("fix", "Review and fix the identified issue"))
-            
-            report += f"""<div class="finding">
-                <div class="finding-header {severity}">
-                    <span class="severity-badge {severity}">{severity.upper()}</span>
-                    <strong>{i}. {title}</strong>
-                </div>
-                <div class="finding-body">
-                    <table>
-                        <tr><th>端点</th><td><code>{endpoint}</code></td></tr>
-                        <tr><th>CWE</th><td>{finding.get("cwe", finding.get("cwe_id", "N/A"))}</td></tr>
-                        <tr><th>OWASP</th><td>{finding.get("owasp", finding.get("owasp_category", "N/A"))}</td></tr>
-                    </table>
-                    <h4>描述</h4>
-                    <p>{description}</p>
-"""
-            if poc:
-                report += f"""<h4>PoC</h4><pre>{poc}</pre>"""
-            report += f"""<h4>修复建议</h4><p>{recommendation}</p></div></div>"""
-    
-    report += f"""</div>
-        <div class="footer">
-            报告生成时间: {now} | 工具: opencode-api-security-testing v5.1.0
-        </div>
-    </div>
-</body>
-</html>"""
-
-elif format == "json":
-    report_data = {
-        "report": {
-            "title": "API Security Test Report",
-            "target": target,
-            "generated_at": now,
-            "template": template,
-            "tool": "opencode-api-security-testing",
-            "version": "5.1.0"
-        },
-        "summary": {
-            "total_vulnerabilities": total_vulns,
-            "risk_score": risk_score,
-            "risk_level": risk_level,
-            "severity_counts": severity_counts
-        },
-        "findings": parsed_findings,
-        "coverage": {
-            "sql_injection": "tested",
-            "xss": "tested",
-            "idor": "tested",
-            "auth_bypass": "tested",
-            "sensitive_data": "tested",
-            "business_logic": "tested",
-            "security_config": "tested",
-            "brute_force": "tested",
-            "ssrf": "tested",
-            "graphql": "tested"
-        }
-    }
-    report = json.dumps(report_data, indent=2, ensure_ascii=False)
-
-print(report)
-`;
-
-    const shell = ctx as unknown as { $: (strings: TemplateStringsArray, ...expr: unknown[]) => Promise<{ toString(): string }> };
-    const cmd = `${deps}python3 -c "${pythonCode.replace(/"/g, '\\"').replace(/\n/g, '\\n')}"`;
-    
-    try {
-      const result = await shell.$`${cmd}`;
-      return result.toString();
-    } catch (error) {
-      const err = error as Error;
-      return `Error: ${err.message}`;
-    }
-  }
-});