Skip to main content

Reportable

secfinding

Trait Reportable 

Source 
pub trait Reportable {
    // Required methods
    fn scanner(&self) -> &str;
    fn target(&self) -> &str;
    fn severity(&self) -> Severity;
    fn title(&self) -> &str;

    // Provided methods
    fn detail(&self) -> &str { ... }
    fn cwe_ids(&self) -> Vec<String> { ... }
    fn cve_ids(&self) -> Vec<String> { ... }
    fn tags(&self) -> Vec<String> { ... }
    fn confidence(&self) -> Option<f64> { ... }
    fn rule_id(&self) -> String { ... }
    fn sarif_level(&self) -> &str { ... }
    fn exploit_hint(&self) -> Option<&str> { ... }
}
Expand description

Trait for any finding-like type that can be rendered into reports.

Implement this on your domain-specific finding type. The secreport crate accepts &[impl Reportable] for all output formats.

Only scanner, target, severity, and title are required. Everything else has sensible defaults.

Required Methods§

Source

fn scanner(&self) -> &str

Which tool produced this finding.

Source

fn target(&self) -> &str

What was scanned (URL, file path, package name, etc.).

Source

fn severity(&self) -> Severity

How severe is this finding.

Source

fn title(&self) -> &str

Short human-readable title.

Provided Methods§

Source

fn detail(&self) -> &str

Detailed description.

Examples found in repository?
examples/custom_reportable.rs (line 59)
47fn main() {
48    let f = PolicyFinding {
49        source: "s3://bucket/config.yaml".into(),
50        title: "Excessive privilege policy statement".into(),
51        score: 0.93,
52    };
53
54    println!("scanner: {}", f.scanner());
55    println!("target: {}", f.target());
56    println!("severity: {}", f.severity());
57    println!("rule id: {}", f.rule_id());
58    println!("tags: {}", f.tags().join(", "));
59    println!("{}", f.detail());
60}
Source

fn cwe_ids(&self) -> Vec<String>

CWE identifiers (e.g. ["CWE-89"]).

Source

fn cve_ids(&self) -> Vec<String>

CVE identifiers.

Source

fn tags(&self) -> Vec<String>

Free-form tags.

Examples found in repository?
examples/custom_reportable.rs (line 58)
47fn main() {
48    let f = PolicyFinding {
49        source: "s3://bucket/config.yaml".into(),
50        title: "Excessive privilege policy statement".into(),
51        score: 0.93,
52    };
53
54    println!("scanner: {}", f.scanner());
55    println!("target: {}", f.target());
56    println!("severity: {}", f.severity());
57    println!("rule id: {}", f.rule_id());
58    println!("tags: {}", f.tags().join(", "));
59    println!("{}", f.detail());
60}
Source

fn confidence(&self) -> Option<f64>

Confidence score 0.0-1.0 (None = not applicable).

Source

fn rule_id(&self) -> String

SARIF rule ID (defaults to “scanner/title-slug”).

Examples found in repository?
examples/custom_reportable.rs (line 57)
47fn main() {
48    let f = PolicyFinding {
49        source: "s3://bucket/config.yaml".into(),
50        title: "Excessive privilege policy statement".into(),
51        score: 0.93,
52    };
53
54    println!("scanner: {}", f.scanner());
55    println!("target: {}", f.target());
56    println!("severity: {}", f.severity());
57    println!("rule id: {}", f.rule_id());
58    println!("tags: {}", f.tags().join(", "));
59    println!("{}", f.detail());
60}
Source

fn sarif_level(&self) -> &str

SARIF severity level string.

Source

fn exploit_hint(&self) -> Option<&str>

Exploit hint / PoC command.

Implementors§

Source§

impl Reportable for Finding

Blanket: secfinding’s own Finding implements Reportable.