Enum Evidence

Source

#[non_exhaustive]pub enum Evidence {
    HttpResponse {
        status: u16,
        headers: Vec<(String, String)>,
        body_excerpt: Option<String>,
    },
    DnsRecord {
        record_type: String,
        value: String,
    },
    Banner {
        raw: String,
    },
    JsSnippet {
        url: String,
        line: usize,
        snippet: String,
    },
    Certificate {
        subject: String,
        san: Vec<String>,
        issuer: String,
        expires: String,
    },
    CodeSnippet {
        file: String,
        line: usize,
        column: Option<usize>,
        snippet: String,
        language: Option<String>,
    },
    HttpRequest {
        method: String,
        url: String,
        headers: Vec<(String, String)>,
        body: Option<String>,
    },
    PatternMatch {
        pattern: String,
        matched: String,
    },
    Raw(String),
}

Expand description

Concrete evidence proving a finding is real.

Extensible via #[non_exhaustive] — new evidence types can be added for new tools (firmware, mobile, etc.) without breaking existing consumers.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

§

HttpResponse

HTTP response data (status, headers, body excerpt).

Fields

§status: u16

HTTP status code.

§headers: Vec<(String, String)>

Response headers as key-value pairs.

§body_excerpt: Option<String>

First N bytes of the response body.

§

DnsRecord

DNS record evidence.

Fields

§record_type: String

Record type (A, AAAA, CNAME, MX, TXT, etc.).

§value: String

Record value.

Service banner captured during port scanning.

§

JsSnippet

JavaScript source snippet with context.

Fields

§url: String

URL of the JS file.

§line: usize

Line number in the file.

§snippet: String

The matched code snippet.

§

Certificate

TLS certificate information.

Fields

§subject: String

Certificate subject (CN).

§san: Vec<String>

Subject Alternative Names.

§issuer: String

Certificate issuer.

§expires: String

Expiration date.

§

CodeSnippet

Source code snippet (for SAST, malware detection).

Fields

§file: String

File path.

§line: usize

Line number.

§column: Option<usize>

Column number (optional).

§snippet: String

The matched code.

§language: Option<String>

Programming language.

§

HttpRequest

HTTP request that triggered the finding (for template/vuln scanners).

Fields

§method: String

HTTP method.

§url: String

Full URL.

§headers: Vec<(String, String)>

Request headers.

§body: Option<String>

Request body.

§

PatternMatch

Matched pattern or regex (for pattern-based scanners).

Fields

§pattern: String

The pattern or regex that matched.

§matched: String

The matched content.

§

Raw(String)

Unstructured evidence — fallback for anything that doesn’t fit above.

Implementations§

Source §

impl Evidence

Source

pub fn http_status(status: u16) -> Self

Create an HTTP response evidence with just a status code.

Examples found in repository ?

examples/basic.rs (line 8)

3fn main() {
4    let finding = Finding::builder("basic-scanner", "https://example.com", Severity::High)
5        .title("Potential command injection")
6        .detail("Untrusted input reaches shell execution")
7        .tag("rce")
8        .evidence(secfinding::Evidence::http_status(500))
9        .build();
10
11    println!("{finding}");
12
13    let json = serde_json::to_string_pretty(&finding).unwrap();
14    println!("{json}");
15}