Merge remote-tracking branch 'origin/master' into 9.9.0

Author: DenisPodgurskii

src/ptk/automationBridge.js

@@ -50,6 +50,31 @@
         })
     }
 
+    /**
+     * Prefer the native encoder when available, but keep a fallback
+     * because PTK still supports older browser/extension
+     */
+    function bytesToBase64(value) {
+        if (!(value instanceof Uint8Array)) {
+            throw new TypeError('unsupported_chunk_payload_type')
+        }
+        if (!value.length) return ''
+
+        if (typeof value.toBase64 === 'function') {
+            return value.toBase64()
+        }
+
+        const chunkSize = 0x8000
+        const parts = []
+        // Build a binary string in safe chunks for btoa() on older runtimes
+        for (let i = 0; i < value.length; i += chunkSize) {
+            const slice = value.subarray(i, i + chunkSize)
+            parts.push(String.fromCharCode.apply(null, slice))
+        }
+
+        return btoa(parts.join(''))
+    }
+
     window.addEventListener('message', (event) => {
         // Only accept messages from same window
         if (event.source !== window) return
@@ -98,7 +123,7 @@
                 version: this.version,
                 bridgeId: this.bridgeId,
                 capabilities: enabled
-                    ? ['startSession', 'endSession', 'getStats', 'getFindings', 'exportScan', 'getSessionProgress']
+                    ? ['startSession', 'endSession', 'getStats', 'getFindings', 'exportScan', 'getSessionProgress', 'exportScanChunk', 'releaseExportScan']
                     : [],
                 automationEnabled: enabled,
                 error: enabled ? undefined : 'automation_disabled'
@@ -287,6 +312,55 @@
             }
         },
 
+        // Return chunk data as base64 at the page boundary so external callers get a JSON-safe response shape
+        async exportScanChunk(options = {}) {
+            if (this._automationEnabled === false) {
+                return { ok: false, error: 'automation_disabled' }
+            }
+
+            try {
+                const response = await sendMessage('export-scan-chunk', { options })
+                // Normalise low-level failure variants from the extension side into one bridge-level check
+                if (response.ok === false || response.success === false) {
+                    return { ok: false, error: response.error || 'export_not_found_or_expired' }
+                }
+
+                if (!(response.chunk instanceof Uint8Array)) {
+                    return { ok: false, error: 'unsupported_chunk_payload_type' }
+                }
+
+                const chunkBytes = response.chunk
+                return {
+                    ok: true,
+                    exportId: response.exportId,
+                    index: response.index,
+                    chunkCount: response.chunkCount,
+                    encoding: 'base64',
+                    byteLength: chunkBytes.byteLength,
+                    chunkBase64: bytesToBase64(chunkBytes)
+                }
+            } catch (err) {
+                return { ok: false, error: err.message }
+            }
+        },
+
+        // Release retained chunked export state once the caller has finished fetching the report
+        async releaseExportScan(options = {}) {
+            if (this._automationEnabled === false) {
+                return { ok: false, error: 'automation_disabled' }
+            }
+
+            try {
+                const response = await sendMessage('release-export-scan', { options })
+                if (response.ok === false || response.success === false) {
+                    return { ok: false, error: response.error || 'export_not_found_or_expired' }
+                }
+                return { ok: true }
+            } catch (err) {
+                return { ok: false, error: err.message }
+            }
+        },
+
         isAvailable() { return true },
         getSessionId() { return currentSessionId },
         _automationEnabled: initialAutomationEnabled

src/ptk/content.js

@@ -54,6 +54,41 @@ function sendRuntimeMessage(payload) {
     }
 }
 
+function normalizeAutomationBridgeResponse(type, response) {
+    // Some replies use ok, some use success; only explicit false means failure here
+    const isSuccessfulResponse = response && response.ok !== false && response.success !== false
+    if (type === 'export-scan-chunk' && isSuccessfulResponse) {
+        if (response.chunk instanceof Uint8Array) {
+            return response
+        }
+
+        const serializedChunk = response.chunk
+        if (Array.isArray(serializedChunk)) {
+            return {
+                ...response,
+                chunk: Uint8Array.from(serializedChunk)
+            }
+        }
+
+        if (serializedChunk && typeof serializedChunk === 'object') {
+            // Chrome runtime messaging uses JSON serialization, so Uint8Array
+            // chunk payloads can arrive as numeric-keyed plain objects here
+            const byteKeys = Object.keys(serializedChunk)
+                .filter((key) => /^\d+$/.test(key))
+                .sort((left, right) => Number(left) - Number(right))
+
+            if (byteKeys.length) {
+                return {
+                    ...response,
+                    chunk: Uint8Array.from(byteKeys.map((key) => serializedChunk[key]))
+                }
+            }
+        }
+    }
+
+    return response
+}
+
 let ptkUserInteractionSent = false;
 let ptkUserInteractionHooked = false;
 
@@ -689,7 +724,16 @@ window.addEventListener("message", (event) => {
 }, false)
 
 function handleAutomationBridgeMessage(data) {
-    const validTypes = ['session-start', 'session-end', 'get-stats', 'get-findings', 'export-scan', 'get-session-progress']
+    const validTypes = [
+        'session-start',
+        'session-end',
+        'get-stats',
+        'get-findings',
+        'export-scan',
+        'get-session-progress',
+        'export-scan-chunk',
+        'release-export-scan'
+    ]
     if (!validTypes.includes(data.type)) return
 
     const payload = {
@@ -705,11 +749,12 @@ function handleAutomationBridgeMessage(data) {
     }
 
     browser.runtime.sendMessage(payload).then((response) => {
+        const normalizedResponse = normalizeAutomationBridgeResponse(data.type, response)
         window.postMessage({
             source: 'ptk-extension',
             nonce: automationNonce,  // Include nonce in response
             requestId: data.requestId,
-            ...response
+            ...normalizedResponse
         }, '*')
     }).catch((error) => {
         console.error('[PTK Content] Message error:', error)