syncable_cli/analyzer/security/
core.rs

1//! # Core Security Analysis Types
2//!
3//! Base types and functionality shared across all security analyzers.
4
5use serde::{Deserialize, Serialize};
6use std::collections::HashMap;
7use std::path::PathBuf;
8
9/// Security finding severity levels
10#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Hash)]
11pub enum SecuritySeverity {
12    Critical,
13    High,
14    Medium,
15    Low,
16    Info,
17}
18
19/// Categories of security findings
20#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
21pub enum SecurityCategory {
22    /// Exposed secrets, API keys, passwords
23    SecretsExposure,
24    /// Insecure configuration settings
25    InsecureConfiguration,
26    /// Language/framework-specific security patterns
27    CodeSecurityPattern,
28    /// Infrastructure and deployment security
29    InfrastructureSecurity,
30    /// Authentication and authorization issues
31    AuthenticationSecurity,
32    /// Data protection and privacy concerns
33    DataProtection,
34    /// Network and communication security
35    NetworkSecurity,
36    /// Compliance and regulatory requirements
37    Compliance,
38    /// Code injection vulnerabilities (eval, exec, etc.)
39    CodeInjection,
40    /// Command injection vulnerabilities (subprocess, os.system, etc.)
41    CommandInjection,
42}
43
44/// A security finding with details and remediation
45#[derive(Debug, Clone, Serialize, Deserialize)]
46pub struct SecurityFinding {
47    pub id: String,
48    pub title: String,
49    pub description: String,
50    pub severity: SecuritySeverity,
51    pub category: SecurityCategory,
52    pub file_path: Option<PathBuf>,
53    pub line_number: Option<usize>,
54    pub column_number: Option<usize>,
55    pub evidence: Option<String>,
56    pub remediation: Vec<String>,
57    pub references: Vec<String>,
58    pub cwe_id: Option<String>,
59    pub compliance_frameworks: Vec<String>,
60}
61
62/// Comprehensive security analysis report
63#[derive(Debug, Serialize, Deserialize)]
64pub struct SecurityReport {
65    pub analyzed_at: chrono::DateTime<chrono::Utc>,
66    pub overall_score: f32, // 0-100, higher is better
67    pub risk_level: SecuritySeverity,
68    pub total_findings: usize,
69    pub findings_by_severity: HashMap<SecuritySeverity, usize>,
70    pub findings_by_category: HashMap<SecurityCategory, usize>,
71    pub findings: Vec<SecurityFinding>,
72    pub recommendations: Vec<String>,
73    pub compliance_status: HashMap<String, ComplianceStatus>,
74}
75
76/// Compliance framework status
77#[derive(Debug, Clone, Serialize, Deserialize)]
78pub struct ComplianceStatus {
79    pub framework: String,
80    pub coverage: f32, // 0-100%
81    pub missing_controls: Vec<String>,
82    pub recommendations: Vec<String>,
83}
84
85/// Base security analyzer trait
86pub trait SecurityAnalyzer {
87    type Config;
88    type Error: std::error::Error;
89
90    /// Analyze a project for security issues
91    fn analyze_project(
92        &self,
93        project_root: &std::path::Path,
94    ) -> Result<SecurityReport, Self::Error>;
95
96    /// Get the analyzer's configuration
97    fn config(&self) -> &Self::Config;
98
99    /// Get supported file extensions for this analyzer
100    fn supported_extensions(&self) -> Vec<&'static str>;
101}
syncable_cli/analyzer/security/core.rs

syncable_cli/analyzer/security/
core.rs
