Expand description
Universal security finding types for the Santh ecosystem.
Every Santh tool — web scanners, code analyzers, secret detectors, template engines — produces findings. This crate provides the shared types so all tools speak the same language.
§Core Types
Severity— Info, Low, Medium, High, CriticalFindingKind— What was found (vulnerability, misconfiguration, exposure, etc.)Evidence— Typed proof attached to a findingFinding— The universal finding struct
§Usage
use secfinding::{Finding, Severity, Evidence, FindingKind};
let finding = Finding::builder("my-scanner", "https://example.com", Severity::High)
.title("SQL Injection")
.detail("User input in login form is not sanitized")
.kind(FindingKind::Vulnerability)
.evidence(Evidence::HttpResponse {
status: 500,
headers: vec![],
body_excerpt: Some("SQL syntax error".into()),
})
.tag("sqli")
.tag("owasp-a03")
.cve("CVE-2024-12345")
.exploit_hint("sqlmap -u 'https://example.com/login' --data 'user=admin'")
.build()
.unwrap();Modules§
- prelude
- Convenience re-exports for common usage.
Structs§
- Finding
- A single security finding produced by any Santh tool.
- Finding
Builder - Builder for constructing findings with a fluent API.
- Finding
Filter - Configuration for filtering findings from scan output.
- Location
- Specific location where a finding was discovered.
Enums§
- Evidence
- Concrete evidence proving a finding is real.
- Finding
Build Error - Errors that can occur when building a
Finding. - Finding
Kind - What kind of security issue was found.
- Finding
Status - Current lifecycle state of a finding.
- Location
Error - Errors that can occur when creating a
Location. - Severity
- Severity of a security finding.
Traits§
- Reportable
- Trait for any finding-like type that can be rendered into reports.
Functions§
- filter
- Filter findings by severity, scanner allow/deny list, tags, kinds, confidence, and dates.