pub struct ScannerConfig { /* private fields */ }Expand description
Common configuration shared by all scanners.
This struct provides a unified way to manage RuleEngine settings, ignore filters, and common file operations across different scanner implementations.
Implementations§
Source§impl ScannerConfig
impl ScannerConfig
Sourcepub fn with_max_file_size(self, max_file_size: u64) -> Self
pub fn with_max_file_size(self, max_file_size: u64) -> Self
Overrides the maximum size (in bytes) of a file that will be read into
memory. Files above the cap are refused before allocation (see
MAX_FILE_SIZE).
Sourcepub fn max_file_size(&self) -> u64
pub fn max_file_size(&self) -> u64
Returns the configured maximum file size in bytes.
Sourcepub fn with_recursive(self, recursive: bool) -> Self
pub fn with_recursive(self, recursive: bool) -> Self
Enables or disables recursive scanning. When disabled, only scans the immediate directory (max_depth = 1).
Sourcepub fn is_recursive(&self) -> bool
pub fn is_recursive(&self) -> bool
Returns whether recursive scanning is enabled.
Sourcepub fn max_depth(&self) -> Option<usize>
pub fn max_depth(&self) -> Option<usize>
Returns the max_depth for directory walking based on recursive setting.
- recursive = true: None (unlimited depth)
- recursive = false: Some(3) (default depth for reasonable scanning)
Sourcepub fn with_skip_comments(self, skip: bool) -> Self
pub fn with_skip_comments(self, skip: bool) -> Self
Enables or disables comment skipping during scanning.
Sourcepub fn with_inline_suppression(self, allow: bool) -> Self
pub fn with_inline_suppression(self, allow: bool) -> Self
Enables or disables strict secrets mode.
When enabled, dummy key heuristics are disabled for test files.
Enables honoring of in-band suppression directives (cc-audit-disable,
cc-audit-ignore) read from scanned content. Off by default: untrusted
content must not declare which rules may fire on it (issue #156).
pub fn with_strict_secrets(self, strict: bool) -> Self
Sourcepub fn with_ignore_filter(self, filter: IgnoreFilter) -> Self
pub fn with_ignore_filter(self, filter: IgnoreFilter) -> Self
Sets an ignore filter for file filtering.
Sourcepub fn with_dynamic_rules(self, rules: Vec<DynamicRule>) -> Self
pub fn with_dynamic_rules(self, rules: Vec<DynamicRule>) -> Self
Adds dynamic rules loaded from custom YAML files.
Sourcepub fn with_progress_callback(self, callback: ProgressCallback) -> Self
pub fn with_progress_callback(self, callback: ProgressCallback) -> Self
Sets a progress callback that will be called for each scanned file.
Sourcepub fn report_progress(&self)
pub fn report_progress(&self)
Reports progress by calling the progress callback if set. This should be called by scanners after processing each file.
Sourcepub fn is_ignored(&self, path: &Path) -> bool
pub fn is_ignored(&self, path: &Path) -> bool
Returns whether the given path should be ignored.
Sourcepub fn ignore_filter(&self) -> Option<&IgnoreFilter>
pub fn ignore_filter(&self) -> Option<&IgnoreFilter>
Returns a reference to the ignore filter, if set.
Sourcepub fn read_file(&self, path: &Path) -> Result<String>
pub fn read_file(&self, path: &Path) -> Result<String>
Reads a file and returns its content as a string.
Refuses files larger than the configured cap (ScannerConfig::max_file_size)
before allocating, so an oversized untrusted artifact cannot OOM-kill the
scan (issue #143). Otherwise reads raw bytes and lossy-decodes them
(invalid UTF-8 → replacement char) so a single non-UTF-8 byte cannot
silently neutralize the scan for an entire file (issue #129). Only genuine
IO errors and the size cap are propagated; a legacy-encoded or
partially-binary file is still scanned rather than failing open.
Sourcepub fn check_content(&self, content: &str, file_path: &str) -> Vec<Finding>
pub fn check_content(&self, content: &str, file_path: &str) -> Vec<Finding>
Checks the content against all rules and returns findings.
Sourcepub fn check_frontmatter(
&self,
frontmatter: &str,
file_path: &str,
) -> Vec<Finding>
pub fn check_frontmatter( &self, frontmatter: &str, file_path: &str, ) -> Vec<Finding>
Checks YAML frontmatter for specific rules (e.g., OP-001).
Sourcepub fn skip_comments(&self) -> bool
pub fn skip_comments(&self) -> bool
Returns whether skip_comments is enabled.
Sourcepub fn strict_secrets(&self) -> bool
pub fn strict_secrets(&self) -> bool
Returns whether strict_secrets is enabled.
Sourcepub fn engine(&self) -> &RuleEngine
pub fn engine(&self) -> &RuleEngine
Returns a reference to the underlying RuleEngine.
Trait Implementations§
Auto Trait Implementations§
impl !RefUnwindSafe for ScannerConfig
impl !UnwindSafe for ScannerConfig
impl Freeze for ScannerConfig
impl Send for ScannerConfig
impl Sync for ScannerConfig
impl Unpin for ScannerConfig
impl UnsafeUnpin for ScannerConfig
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
Source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more