ai_coding_shield/scanner/

vuln_db.rs

use serde::{Deserialize, Serialize};
use reqwest::Client;


#[derive(Debug, Serialize, Deserialize)]
struct OsvQuery {
    package: OsvPackage,
}

#[derive(Debug, Serialize, Deserialize)]
struct OsvPackage {
    name: String,
    ecosystem: String,
}

#[derive(Debug, Serialize, Deserialize)]
struct OsvResponse {
    vulns: Option<Vec<OsvVuln>>,
}

#[derive(Debug, Serialize, Deserialize)]
struct OsvVuln {
    id: String,
    summary: Option<String>,
    details: Option<String>,
    severity: Option<Vec<OsvSeverity>>,
    database_specific: Option<OsvDatabaseSpecific>,
}

#[derive(Debug, Serialize, Deserialize)]
struct OsvSeverity {
    #[serde(rename = "type")]
    severity_type: String,
    score: String,
}

#[derive(Debug, Serialize, Deserialize)]
struct OsvDatabaseSpecific {
    severity: Option<String>, // LOW, MODERATE, HIGH, CRITICAL
}

pub struct VulnerabilityScanner {
    client: Client,
}

impl VulnerabilityScanner {
    pub fn new() -> Self {
        Self {
            client: Client::new(),
        }
    }

    pub async fn check_package(&self, ecosystem: &str, name: &str) -> anyhow::Result<Option<String>> {
        let query = OsvQuery {
            package: OsvPackage {
                name: name.to_string(),
                ecosystem: ecosystem.to_string(),
            },
        };

        let resp = self.client.post("https://api.osv.dev/v1/query")
            .json(&query)
            .send()
            .await?;

        if !resp.status().is_success() {
            return Ok(None);
        }

        let body: OsvResponse = resp.json().await?;

        if let Some(vulns) = body.vulns {
            if vulns.is_empty() {
                return Ok(None);
            }

            // Summarize vulnerabilities
            let mut summary;
            let count = vulns.len();
            
            // Find highest severity
            let mut highest_sev = "LOW";
            
            for vuln in &vulns {
                if let Some(db) = &vuln.database_specific {
                     if let Some(sev) = &db.severity {
                         if sev == "CRITICAL" { highest_sev = "CRITICAL"; }
                         else if sev == "HIGH" && highest_sev != "CRITICAL" { highest_sev = "HIGH"; }
                         else if sev == "MODERATE" && highest_sev != "CRITICAL" && highest_sev != "HIGH" { highest_sev = "MODERATE"; }
                     }
                }
            }
            
            summary = format!("Found {} known vulnerabilities (Max: {}). ", count, highest_sev);
            
            // Add top 3 IDs
            let ids: Vec<String> = vulns.iter().take(3).map(|v| v.id.clone()).collect();
            summary.push_str(&format!("IDs: {}", ids.join(", ")));

            return Ok(Some(summary));
        }

        Ok(None)
    }
}