Separate observation from evaluation in blacklist sources

Each source's Query() method previously set r.Listed and r.Severity, embedding verdict logic inside the prober. Evaluation now lives in a dedicated Evaluate(SourceResult) (bool, string) method per source, keeping Query() as pure observation. A package-level EvaluateResult() helper looks up the source by ID and delegates to its Evaluate method; rules.go, report.go, types.go, and provider.go all call this instead of reading pre-set r.Listed/r.Severity values. An unknownSource sentinel handles results whose source is no longer registered.
2026-05-15 18:04:10 +08:00 · 2026-05-15 18:04:10 +08:00 · c437339bda
commit c437339bda
parent 01909debad
13 changed files with 123 additions and 44 deletions
--- a/checker/urlhaus.go
+++ b/checker/urlhaus.go
@ -120,8 +120,6 @@ func (s *urlhausSource) Query(ctx context.Context, domain, registered string, op
 		if len(parsed.URLs) == 0 {
 			return []SourceResult{res}
 		}
-		res.Listed = true
-		res.Severity = SeverityCrit
 		threats := map[string]bool{}
 		details := urlhausDetails{}
 		for _, u := range parsed.URLs {
@ -148,6 +146,13 @@ func (s *urlhausSource) Query(ctx context.Context, domain, registered string, op
 	return []SourceResult{res}
 }

+func (*urlhausSource) Evaluate(r SourceResult) (bool, string) {
+	if r.Enabled && r.Error == "" && len(r.Evidence) > 0 {
+		return true, SeverityCrit
+	}
+	return false, ""
+}
+
 func (*urlhausSource) Diagnose(res SourceResult) Diagnosis {
 	online := 0
 	for _, e := range res.Evidence {