linthis 0.20.0

A fast, cross-platform multi-language linter and formatter
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

// Copyright 2024 zhlinh and linthis Project Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found at
//
// https://opensource.org/license/MIT
//
// The above copyright notice and this permission
// notice shall be included in all copies or
// substantial portions of the Software.

//! SAST finding data structure for source code security analysis results.

use std::path::PathBuf;

use serde::{Deserialize, Serialize};

use crate::security::vulnerability::Severity;

/// A security finding from SAST (Static Application Security Testing) analysis.
///
/// Unlike `Vulnerability` which represents dependency/supply-chain issues,
/// `SastFinding` represents security issues found directly in source code.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SastFinding {
    /// Rule identifier (e.g., "python.lang.security.audit.exec-detected")
    pub rule_id: String,
    /// Severity level
    pub severity: Severity,
    /// Human-readable description of the issue
    pub message: String,
    /// Source file path
    pub file_path: PathBuf,
    /// Line number (1-based)
    pub line: usize,
    /// Column number (1-based, optional)
    pub column: Option<usize>,
    /// End line number (optional)
    pub end_line: Option<usize>,
    /// End column number (optional)
    pub end_column: Option<usize>,
    /// Code snippet showing the problematic code
    pub code_snippet: Option<String>,
    /// Suggested fix or remediation
    pub fix_suggestion: Option<String>,
    /// Category (e.g., "injection", "crypto", "auth")
    pub category: String,
    /// CWE identifiers (e.g., ["CWE-89", "CWE-564"])
    pub cwe_ids: Vec<String>,
    /// Source tool name (e.g., "opengrep", "bandit", "gosec")
    pub source: String,
    /// Programming language (e.g., "python", "go", "c")
    pub language: String,
}

impl SastFinding {
    /// Get a short summary string
    pub fn summary(&self) -> String {
        format!(
            "[{}] {} ({}:{})",
            self.severity,
            self.rule_id,
            self.file_path.display(),
            self.line,
        )
    }

    /// Check if this finding meets a severity threshold
    pub fn meets_severity_threshold(&self, threshold: &Severity) -> bool {
        self.severity.meets_threshold(threshold)
    }
}