fatt 0.1.1

Find All The Things - A high-performance, distributed security scanning tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258

use anyhow::{Context, Result};
use serde::{Deserialize, Serialize};
use std::cmp::Ordering;
use std::fs::File;
use std::io::{prelude::*, BufReader};
use std::path::Path;
use tracing::{debug, info};

use crate::logger;

/// Severity levels for rules
#[derive(Debug, Deserialize, Serialize, Clone, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum Severity {
    Critical,
    High,
    Medium,
    Low,
    Info,
}

impl Severity {
    /// Convert severity to a numeric value for ordering
    pub fn to_value(&self) -> u8 {
        match self {
            Severity::Critical => 5,
            Severity::High => 4,
            Severity::Medium => 3,
            Severity::Low => 2,
            Severity::Info => 1,
        }
    }
}

impl PartialOrd for Severity {
    fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
        Some(self.to_value().cmp(&other.to_value()))
    }
}

impl Ord for Severity {
    fn cmp(&self, other: &Self) -> std::cmp::Ordering {
        self.to_value().cmp(&other.to_value())
    }
}

impl std::fmt::Display for Severity {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Severity::Critical => write!(f, "critical"),
            Severity::High => write!(f, "high"),
            Severity::Medium => write!(f, "medium"),
            Severity::Low => write!(f, "low"),
            Severity::Info => write!(f, "info"),
        }
    }
}

/// A scanning rule definition
#[derive(Debug, Deserialize, Serialize, Clone)]
pub struct Rule {
    pub name: String,
    pub path: String,
    pub signature: String,
    #[serde(default)]
    pub description: Option<String>,
    #[serde(default)]
    pub severity: Option<Severity>,
}

impl Rule {
    /// Create a new rule
    #[allow(dead_code)]
    pub fn new(
        name: &str,
        path: &str,
        signature: &str,
        description: &str,
        severity: Severity,
    ) -> Self {
        Self {
            name: name.to_string(),
            path: path.to_string(),
            signature: signature.to_string(),
            description: Some(description.to_string()),
            severity: Some(severity),
        }
    }
}

/// Collection of rules from a rules file
#[derive(Debug, Deserialize, Serialize, Clone)]
pub struct RuleSet {
    pub rules: Vec<Rule>,
}

impl RuleSet {
    /// Load rules from a YAML file
    pub fn from_file<P: AsRef<Path>>(path: P) -> Result<Self> {
        let file = File::open(path.as_ref()).context(format!(
            "Failed to open rules file: {}",
            path.as_ref().display()
        ))?;

        let reader = BufReader::new(file);
        let mut ruleset: RuleSet = serde_yaml::from_reader(reader).context(format!(
            "Failed to parse rules file: {}",
            path.as_ref().display()
        ))?;

        // Sort rules by severity (highest first)
        ruleset.sort_by_severity();

        info!(
            "📋 Loaded {} rules from {}",
            ruleset.rules.len(),
            path.as_ref().display()
        );

        for rule in &ruleset.rules {
            logger::log_rule_loaded(&rule.name, 1); // Just count the signature as 1 pattern
        }

        Ok(ruleset)
    }

    /// Sort rules by severity (highest first)
    pub fn sort_by_severity(&mut self) {
        self.rules.sort_by(|a, b| {
            // Use Option::cmp to handle None values
            match (&a.severity, &b.severity) {
                (Some(a_sev), Some(b_sev)) => b_sev.cmp(a_sev), // Highest severity first
                (Some(_), None) => Ordering::Less,
                (None, Some(_)) => Ordering::Greater,
                (None, None) => Ordering::Equal,
            }
        });
    }
}

/// Load rules from a YAML file
pub fn load_rules(rules_file: &str) -> Result<RuleSet> {
    RuleSet::from_file(rules_file)
}

/// Add a new rule to the rules file
pub fn add_rule(yaml_file: &str) -> Result<()> {
    // This function would parse the provided YAML file and add the rules
    // to the main rules file, avoiding duplicates

    // Load the existing rules
    let existing_rules_path = "rules.yaml";
    let mut existing_ruleset = load_rules(existing_rules_path)?;

    // Load the new rules
    let new_ruleset = load_rules(yaml_file)?;

    // Track number of new rules added
    let original_count = existing_ruleset.rules.len();

    // Add new rules, avoiding duplicates by name
    for new_rule in new_ruleset.rules {
        if !existing_ruleset
            .rules
            .iter()
            .any(|r| r.name == new_rule.name)
        {
            existing_ruleset.rules.push(new_rule);
        } else {
            debug!("Rule '{}' already exists, skipping", new_rule.name);
        }
    }

    // Calculate how many new rules were added
    let added_count = existing_ruleset.rules.len() - original_count;

    // Write the updated rules back to the file
    let yaml =
        serde_yaml::to_string(&existing_ruleset).context("Failed to serialize rules to YAML")?;

    let mut file = File::create(existing_rules_path).context(format!(
        "Failed to open rules file for writing: {}",
        existing_rules_path
    ))?;

    file.write_all(yaml.as_bytes()).context(format!(
        "Failed to write to rules file: {}",
        existing_rules_path
    ))?;

    info!(
        "✅ Added {} new rules to {}",
        added_count, existing_rules_path
    );

    Ok(())
}

/// Remove a rule from the rules file
pub fn remove_rule(rule_name: &str) -> Result<()> {
    // Load existing rules
    let existing_rules_path = "rules.yaml";
    let mut ruleset = load_rules(existing_rules_path)?;

    // Check if the rule exists
    let original_count = ruleset.rules.len();
    ruleset.rules.retain(|rule| rule.name != rule_name);

    if ruleset.rules.len() == original_count {
        info!(
            "⚠️ Rule '{}' not found in {}",
            rule_name, existing_rules_path
        );
        return Ok(());
    }

    // Write the updated rules back to the file
    let yaml = serde_yaml::to_string(&ruleset).context("Failed to serialize rules to YAML")?;

    let mut file = File::create(existing_rules_path).context(format!(
        "Failed to open rules file for writing: {}",
        existing_rules_path
    ))?;

    file.write_all(yaml.as_bytes()).context(format!(
        "Failed to write to rules file: {}",
        existing_rules_path
    ))?;

    info!(
        "✅ Removed rule '{}' from {}",
        rule_name, existing_rules_path
    );

    Ok(())
}

/// List all rules in the rules file
pub fn list_rules(rules_file: &str) -> Result<()> {
    let ruleset = load_rules(rules_file)?;

    println!("📋 Rules in {}:", rules_file);
    println!("{:<30} {:<15} {:<}", "Name", "Severity", "Description");
    println!("{:-<60}", "");

    for rule in &ruleset.rules {
        let severity = match &rule.severity {
            Some(s) => s.to_string(),
            None => "N/A".to_string(),
        };
        let description = rule.description.as_deref().unwrap_or("N/A");
        println!("{:<30} {:<15} {:<}", rule.name, severity, description);
    }

    println!("\nTotal rules: {}", ruleset.rules.len());

    Ok(())
}