smart-tree 8.0.1

Smart Tree - An intelligent, AI-friendly directory visualization tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344

//! Security Vigilance Mode - Smart Tree as your security sentinel! 🕵️‍♂️
//! 
//! Always watching for anomalies, even in the "boring" places where bad actors hide.
//! Takes random samples, tracks recent modifications, and looks for suspicious patterns.

use crate::scanner::FileNode;
use chrono::{DateTime, Local, Duration};
use rand::{thread_rng, Rng};
use std::collections::{HashMap, VecDeque};
use std::fs;
use std::io::Read;
use std::path::{Path, PathBuf};

/// Security alert levels
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
pub enum AlertLevel {
    /// 🟢 Normal - Nothing suspicious
    Normal,
    /// 🟡 Interesting - Worth noting
    Interesting,
    /// 🟠 Suspicious - Potential issue
    Suspicious,
    /// 🔴 Critical - Definite security concern
    Critical,
}

impl AlertLevel {
    pub fn emoji(&self) -> &'static str {
        match self {
            Self::Normal => "🟢",
            Self::Interesting => "🟡",
            Self::Suspicious => "🟠",
            Self::Critical => "🔴",
        }
    }
}

/// Security finding
#[derive(Debug, Clone)]
pub struct SecurityFinding {
    pub path: PathBuf,
    pub alert_level: AlertLevel,
    pub reason: String,
    pub details: Option<String>,
    pub timestamp: DateTime<Local>,
}

/// Tracks recent file modifications
#[derive(Debug)]
pub struct RecentWriteTracker {
    /// Last N modified files per directory
    recent_writes: HashMap<PathBuf, VecDeque<(PathBuf, DateTime<Local>)>>,
    /// How many recent writes to track
    track_count: usize,
}

impl RecentWriteTracker {
    pub fn new(track_count: usize) -> Self {
        Self {
            recent_writes: HashMap::new(),
            track_count,
        }
    }
    
    pub fn add_file(&mut self, dir: &Path, file: &Path, modified: DateTime<Local>) {
        let writes = self.recent_writes
            .entry(dir.to_path_buf())
            .or_insert_with(|| VecDeque::with_capacity(self.track_count));
        
        writes.push_front((file.to_path_buf(), modified));
        if writes.len() > self.track_count {
            writes.pop_back();
        }
    }
    
    pub fn get_recent_writes(&self, dir: &Path) -> Vec<(PathBuf, DateTime<Local>)> {
        self.recent_writes
            .get(dir)
            .map(|deque| deque.iter().cloned().collect())
            .unwrap_or_default()
    }
}

/// Security vigilance analyzer
pub struct SecurityVigilance {
    /// Track recent writes
    write_tracker: RecentWriteTracker,
    
    /// Security findings
    findings: Vec<SecurityFinding>,
    
    /// Suspicious patterns to look for
    suspicious_patterns: Vec<(regex::Regex, String, AlertLevel)>,
    
    /// Suspicious file names
    suspicious_names: HashMap<String, (String, AlertLevel)>,
    
    /// Allowed sample size for file inspection
    max_sample_size: usize,
    
    /// Directories that should rarely change
    protected_paths: Vec<String>,
}

impl SecurityVigilance {
    pub fn new() -> Self {
        let mut suspicious_patterns = vec![];
        let mut suspicious_names = HashMap::new();
        
        // Suspicious content patterns
        suspicious_patterns.push((
            regex::Regex::new(r"eval\s*\(|exec\s*\(").unwrap(),
            "Dynamic code execution detected".to_string(),
            AlertLevel::Suspicious,
        ));
        
        suspicious_patterns.push((
            regex::Regex::new(r"(?i)(password|passwd|pwd)\s*=\s*[\"'][^\"']+[\"']").unwrap(),
            "Hardcoded password detected".to_string(),
            AlertLevel::Critical,
        ));
        
        suspicious_patterns.push((
            regex::Regex::new(r"(?i)api[_-]?key\s*=\s*[\"'][^\"']+[\"']").unwrap(),
            "Hardcoded API key detected".to_string(),
            AlertLevel::Critical,
        ));
        
        suspicious_patterns.push((
            regex::Regex::new(r"0x[0-9a-fA-F]{40,}").unwrap(),
            "Possible crypto wallet address".to_string(),
            AlertLevel::Interesting,
        ));
        
        suspicious_patterns.push((
            regex::Regex::new(r"(?i)wget|curl.*http").unwrap(),
            "Network download command detected".to_string(),
            AlertLevel::Suspicious,
        ));
        
        suspicious_patterns.push((
            regex::Regex::new(r"/etc/passwd|/etc/shadow").unwrap(),
            "System file access detected".to_string(),
            AlertLevel::Critical,
        ));
        
        // Suspicious file names
        suspicious_names.insert(".env.prod".to_string(), 
            ("Production environment file".to_string(), AlertLevel::Suspicious));
        suspicious_names.insert("id_rsa".to_string(), 
            ("Private SSH key".to_string(), AlertLevel::Critical));
        suspicious_names.insert(".npmrc".to_string(), 
            ("NPM configuration with possible tokens".to_string(), AlertLevel::Interesting));
        suspicious_names.insert("wallet.dat".to_string(), 
            ("Cryptocurrency wallet file".to_string(), AlertLevel::Critical));
        
        // Backdoor-ish names
        suspicious_names.insert("backdoor.js".to_string(), 
            ("Suspicious filename: backdoor".to_string(), AlertLevel::Critical));
        suspicious_names.insert("shell.php".to_string(), 
            ("Web shell detected".to_string(), AlertLevel::Critical));
        suspicious_names.insert("c99.php".to_string(), 
            ("Known web shell name".to_string(), AlertLevel::Critical));
        
        let protected_paths = vec![
            "node_modules".to_string(),
            ".git".to_string(),
            "System32".to_string(),
            "/etc".to_string(),
            "/usr/bin".to_string(),
            "/usr/local/bin".to_string(),
        ];
        
        Self {
            write_tracker: RecentWriteTracker::new(5),
            findings: Vec::new(),
            suspicious_patterns,
            suspicious_names,
            max_sample_size: 1024, // 1KB sample
            protected_paths,
        }
    }
    
    /// Analyze a file node for security issues
    pub fn analyze_node(&mut self, node: &FileNode, parent_path: &Path) {
        let full_path = parent_path.join(&node.name);
        
        // Check if this is a recent write
        if let Ok(metadata) = fs::metadata(&full_path) {
            if let Ok(modified) = metadata.modified() {
                let modified_time: DateTime<Local> = modified.into();
                let now = Local::now();
                
                // Track if modified in last 24 hours
                if now.signed_duration_since(modified_time) < Duration::hours(24) {
                    self.write_tracker.add_file(parent_path, &full_path, modified_time);
                    
                    // Extra vigilance for recent writes in protected paths
                    if self.is_protected_path(&full_path) {
                        self.add_finding(SecurityFinding {
                            path: full_path.clone(),
                            alert_level: AlertLevel::Interesting,
                            reason: "Recent modification in protected directory".to_string(),
                            details: Some(format!("Modified: {}", modified_time.format("%Y-%m-%d %H:%M:%S"))),
                            timestamp: now,
                        });
                    }
                }
            }
        }
        
        // Check suspicious file names
        if let Some((reason, level)) = self.suspicious_names.get(&node.name.to_lowercase()) {
            self.add_finding(SecurityFinding {
                path: full_path.clone(),
                alert_level: *level,
                reason: reason.clone(),
                details: None,
                timestamp: Local::now(),
            });
        }
        
        // Sample file content for suspicious patterns
        if !node.is_directory && node.size > 0 {
            self.sample_file_content(&full_path);
        }
    }
    
    /// Take a random sample from a file and check for suspicious patterns
    fn sample_file_content(&mut self, path: &Path) {
        // Skip binary files (simple heuristic based on extension)
        if let Some(ext) = path.extension() {
            let ext_str = ext.to_string_lossy().to_lowercase();
            if matches!(ext_str.as_str(), "exe" | "dll" | "so" | "dylib" | "bin" | "jpg" | "png" | "mp4") {
                return;
            }
        }
        
        // Try to read a sample
        if let Ok(mut file) = fs::File::open(path) {
            let file_size = file.metadata().map(|m| m.len()).unwrap_or(0);
            
            if file_size > 0 {
                let mut buffer = vec![0u8; self.max_sample_size.min(file_size as usize)];
                
                // Random offset for larger files
                if file_size > self.max_sample_size as u64 {
                    let max_offset = file_size - self.max_sample_size as u64;
                    let offset = thread_rng().gen_range(0..max_offset);
                    let _ = file.seek(std::io::SeekFrom::Start(offset));
                }
                
                if let Ok(bytes_read) = file.read(&mut buffer) {
                    buffer.truncate(bytes_read);
                    
                    // Convert to string (lossy for non-UTF8)
                    let content = String::from_utf8_lossy(&buffer);
                    
                    // Check patterns
                    for (pattern, reason, level) in &self.suspicious_patterns {
                        if pattern.is_match(&content) {
                            self.add_finding(SecurityFinding {
                                path: path.to_path_buf(),
                                alert_level: *level,
                                reason: reason.clone(),
                                details: Some("Found in random sample".to_string()),
                                timestamp: Local::now(),
                            });
                        }
                    }
                }
            }
        }
    }
    
    /// Check if a path is in a protected directory
    fn is_protected_path(&self, path: &Path) -> bool {
        let path_str = path.to_string_lossy().to_lowercase();
        self.protected_paths.iter().any(|protected| {
            path_str.contains(&protected.to_lowercase())
        })
    }
    
    /// Add a security finding
    pub fn add_finding(&mut self, finding: SecurityFinding) {
        self.findings.push(finding);
    }
    
    /// Get all findings sorted by severity
    pub fn get_findings(&self) -> Vec<&SecurityFinding> {
        let mut findings: Vec<_> = self.findings.iter().collect();
        findings.sort_by_key(|f| std::cmp::Reverse(f.alert_level));
        findings
    }
    
    /// Get summary of findings
    pub fn summary(&self) -> String {
        let mut summary = String::from("🕵️ Security Vigilance Report\n\n");
        
        let mut counts = HashMap::new();
        for finding in &self.findings {
            *counts.entry(finding.alert_level).or_insert(0) += 1;
        }
        
        if counts.is_empty() {
            summary.push_str("✅ No security issues detected!\n");
        } else {
            summary.push_str("Findings by severity:\n");
            for level in [AlertLevel::Critical, AlertLevel::Suspicious, AlertLevel::Interesting, AlertLevel::Normal] {
                if let Some(count) = counts.get(&level) {
                    summary.push_str(&format!("  {} {} findings\n", level.emoji(), count));
                }
            }
            
            // Show critical findings
            summary.push_str("\n");
            for finding in self.findings.iter().filter(|f| f.alert_level == AlertLevel::Critical) {
                summary.push_str(&format!(
                    "{} {} - {}\n", 
                    finding.alert_level.emoji(),
                    finding.path.display(),
                    finding.reason
                ));
            }
        }
        
        summary
    }
}

// Vigilance patterns that could be in AI modes:
//
// 1. Always show last 5 modified files in each directory
// 2. Random sampling from files to detect:
//    - Hardcoded secrets
//    - Malicious code patterns
//    - Suspicious network calls
//    - Backdoors
// 3. Track modifications in "boring" directories like node_modules
// 4. Alert on files that shouldn't exist (like .env.prod in git)
// 5. Detect anomalies in system directories

// Trisha says: "It's like having a security guard who actually checks 
// the boring supply closets where people hide things! Smart!" 🔍