vsec 0.0.1

Detect secrets and in Rust codebases
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190

// src/models/context.rs

use std::path::PathBuf;

/// Tracks the analysis context as we traverse the AST
#[derive(Debug, Clone, Default)]
pub struct AnalysisContext {
    /// Current file being analyzed
    pub file_path: PathBuf,

    /// Stack of scopes we're inside
    pub scope_stack: Vec<Scope>,

    /// Whether we're in a test context
    pub in_test_context: bool,

    /// Whether we're in an example
    pub in_example: bool,

    /// Whether we're in a benchmark
    pub in_benchmark: bool,

    /// Current function name (if any)
    pub current_function: Option<String>,

    /// Current impl block (if any)
    pub current_impl: Option<ImplContext>,

    /// Visibility of current item
    pub visibility: Visibility,

    /// Whether current function contains auth-related patterns
    /// (e.g., ".get("authorization")", "unauthenticated", etc.)
    pub has_auth_indicators: bool,
}

impl AnalysisContext {
    pub fn new(file_path: PathBuf) -> Self {
        let path_context = PathContext::analyze(&file_path);

        Self {
            file_path,
            in_test_context: path_context.is_test,
            in_example: path_context.is_example,
            in_benchmark: path_context.is_benchmark,
            ..Default::default()
        }
    }

    pub fn push_scope(&mut self, scope: Scope) {
        self.scope_stack.push(scope);
    }

    pub fn pop_scope(&mut self) -> Option<Scope> {
        self.scope_stack.pop()
    }

    pub fn should_skip(&self) -> bool {
        self.in_test_context || self.in_example || self.in_benchmark
    }
}

/// Structured path context analysis (OS-independent)
#[derive(Debug, Clone, Default)]
pub struct PathContext {
    /// Normalized path components
    pub components: Vec<String>,
    pub is_test: bool,
    pub is_example: bool,
    pub is_benchmark: bool,
    pub is_generated: bool,
}

impl PathContext {
    pub fn analyze(path: &std::path::Path) -> Self {
        let components: Vec<String> = path
            .components()
            .filter_map(|c| c.as_os_str().to_str())
            .map(String::from)
            .collect();

        let is_test = components.iter().any(|c| {
            c == "tests"
                || c == "test"
                || c.ends_with("_test.rs")
                || c.starts_with("test_")
                || c.ends_with("_test")    // e2e_test, integration_test, etc.
                || c.ends_with("_tests")   // unit_tests, etc.
        });

        let is_example = components
            .iter()
            .any(|c| c == "examples" || c == "example");

        let is_benchmark = components.iter().any(|c| c == "benches" || c == "bench");

        let is_generated = components
            .iter()
            .any(|c| c == "generated" || c == "target" || c.ends_with(".generated.rs"));

        Self {
            components,
            is_test,
            is_example,
            is_benchmark,
            is_generated,
        }
    }
}

/// Different types of scopes
#[derive(Debug, Clone)]
pub enum Scope {
    /// Regular module: `mod foo { ... }`
    Module(String),

    /// Test module: `#[cfg(test)] mod tests { ... }`
    TestModule,

    /// Regular function
    Function(String),

    /// Test function: `#[test] fn test_foo() { ... }`
    TestFunction,

    /// Impl block
    Impl(ImplContext),

    /// Trait impl
    TraitImpl {
        trait_name: String,
        for_type: String,
    },

    /// Block expression
    Block,

    /// Closure
    Closure,

    /// Match arm
    MatchArm,

    /// If block
    IfBlock,

    /// Loop
    Loop,
}

/// Context for an impl block
#[derive(Debug, Clone)]
pub struct ImplContext {
    pub type_name: String,
    pub trait_name: Option<String>,
}

/// Visibility levels
#[derive(Debug, Clone, Default, PartialEq, Eq)]
pub enum Visibility {
    #[default]
    Private,
    PubCrate,
    PubSuper,
    PubIn(String),
    Public,
}

impl Visibility {
    /// Parse from syn Visibility
    pub fn from_syn(vis: &syn::Visibility) -> Self {
        match vis {
            syn::Visibility::Public(_) => Self::Public,
            syn::Visibility::Restricted(r) => {
                let path = r
                    .path
                    .segments
                    .first()
                    .map(|s| s.ident.to_string())
                    .unwrap_or_default();
                match path.as_str() {
                    "crate" => Self::PubCrate,
                    "super" => Self::PubSuper,
                    other => Self::PubIn(other.to_string()),
                }
            }
            syn::Visibility::Inherited => Self::Private,
        }
    }
}