Separate observation from evaluation in blacklist sources

Each source's Query() method previously set r.Listed and r.Severity, embedding verdict logic inside the prober. Evaluation now lives in a dedicated Evaluate(SourceResult) (bool, string) method per source, keeping Query() as pure observation. A package-level EvaluateResult() helper looks up the source by ID and delegates to its Evaluate method; rules.go, report.go, types.go, and provider.go all call this instead of reading pre-set r.Listed/r.Severity values. An unknownSource sentinel handles results whose source is no longer registered.
2026-05-15 18:04:10 +08:00 · 2026-05-15 18:04:10 +08:00 · c437339bda
commit c437339bda
parent 01909debad
13 changed files with 123 additions and 44 deletions
--- a/checker/virustotal.go
+++ b/checker/virustotal.go
@ -146,17 +146,6 @@ func (s *virusTotalSource) Query(ctx context.Context, domain, registered string,
 		return d.Vendors[i].Engine < d.Vendors[j].Engine
 	})
 	res.Details = mustJSON(d)
-
-	if d.Malicious == 0 && d.Suspicious == 0 {
-		// Clean.
-		return []SourceResult{res}
-	}
-	res.Listed = true
-	if d.Malicious > 0 {
-		res.Severity = SeverityCrit
-	} else {
-		res.Severity = SeverityWarn
-	}
 	for _, v := range d.Vendors {
 		res.Reasons = append(res.Reasons, v.Engine)
 		res.Evidence = append(res.Evidence, Evidence{
@ -167,6 +156,23 @@ func (s *virusTotalSource) Query(ctx context.Context, domain, registered string,
 	return []SourceResult{res}
 }

+func (*virusTotalSource) Evaluate(r SourceResult) (bool, string) {
+	var d vtDetails
+	if len(r.Details) == 0 {
+		return false, ""
+	}
+	if err := json.Unmarshal(r.Details, &d); err != nil {
+		return false, ""
+	}
+	if d.Malicious == 0 && d.Suspicious == 0 {
+		return false, ""
+	}
+	if d.Malicious > 0 {
+		return true, SeverityCrit
+	}
+	return true, SeverityWarn
+}
+
 func (*virusTotalSource) Diagnose(res SourceResult) Diagnosis {
 	var d vtDetails
 	_ = json.Unmarshal(res.Details, &d)