Add PDF/CSV/XML report formats, fix a broad set of correctness bugs, strip all comments
Report formats:
- add PDF, CSV, and XML generators alongside the existing json/markdown/
html/sarif/hackerone/bugcrowd, wired intonox report --format - CSV output is sanitized against formula/CSV injection from
scanned-target-derived finding data
Bug fixes:
- scope: IsCIDRInScope only checked a candidate range's base address,
letting a wider out-of-scope CIDR slip in under a narrower allowed one - report: HTML report generation was completely broken (text/template
can't index a map[Severity]int with a bare string literal) - likely
never worked in production - cli: replace the os.Exit(1)-after-defer pattern throughout with
returned errors, so Storage.Close/Engine.Stop/log flush actually run
on every error path - engine: fix a worker-pool deadlock on scan cancellation and a rate
limiter bypass for workflow-driven scans - runners: fix a hang when a subprocess writes past the output cap
- storage: fix orphaned checkpoint rows on scan delete and a missing
foreign_keys pragma for :memory: databases - httpclient/capture/evasion: ctx not bound to outgoing requests, an
off-by-one in truncation detection, and a 429 retry that could
resend a drained body - crawler: fix a send-on-closed-channel panic/race on cancellation
- several scanning-module false positive/negative fixes: 2FA
brute-force check, wrong apex-domain extraction, a broken scheme
check duplicated across 8 files, subdomain-takeover false positives,
DNS-error-as-missing-record conflation, and others