syncable_cli/analyzer/security/
core.rs

1//! # Core Security Analysis Types
2//! 
3//! Base types and functionality shared across all security analyzers.
4
5use std::collections::HashMap;
6use std::path::PathBuf;
7use serde::{Deserialize, Serialize};
8
9/// Security finding severity levels
10#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Hash)]
11pub enum SecuritySeverity {
12    Critical,
13    High,
14    Medium,
15    Low,
16    Info,
17}
18
19/// Categories of security findings
20#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
21pub enum SecurityCategory {
22    /// Exposed secrets, API keys, passwords
23    SecretsExposure,
24    /// Insecure configuration settings
25    InsecureConfiguration,
26    /// Language/framework-specific security patterns
27    CodeSecurityPattern,
28    /// Infrastructure and deployment security
29    InfrastructureSecurity,
30    /// Authentication and authorization issues
31    AuthenticationSecurity,
32    /// Data protection and privacy concerns
33    DataProtection,
34    /// Network and communication security
35    NetworkSecurity,
36    /// Compliance and regulatory requirements
37    Compliance,
38}
39
40/// A security finding with details and remediation
41#[derive(Debug, Clone, Serialize, Deserialize)]
42pub struct SecurityFinding {
43    pub id: String,
44    pub title: String,
45    pub description: String,
46    pub severity: SecuritySeverity,
47    pub category: SecurityCategory,
48    pub file_path: Option<PathBuf>,
49    pub line_number: Option<usize>,
50    pub column_number: Option<usize>,
51    pub evidence: Option<String>,
52    pub remediation: Vec<String>,
53    pub references: Vec<String>,
54    pub cwe_id: Option<String>,
55    pub compliance_frameworks: Vec<String>,
56}
57
58/// Comprehensive security analysis report
59#[derive(Debug, Serialize, Deserialize)]
60pub struct SecurityReport {
61    pub analyzed_at: chrono::DateTime<chrono::Utc>,
62    pub overall_score: f32, // 0-100, higher is better
63    pub risk_level: SecuritySeverity,
64    pub total_findings: usize,
65    pub findings_by_severity: HashMap<SecuritySeverity, usize>,
66    pub findings_by_category: HashMap<SecurityCategory, usize>,
67    pub findings: Vec<SecurityFinding>,
68    pub recommendations: Vec<String>,
69    pub compliance_status: HashMap<String, ComplianceStatus>,
70}
71
72/// Compliance framework status
73#[derive(Debug, Clone, Serialize, Deserialize)]
74pub struct ComplianceStatus {
75    pub framework: String,
76    pub coverage: f32, // 0-100%
77    pub missing_controls: Vec<String>,
78    pub recommendations: Vec<String>,
79}
80
81/// Base security analyzer trait
82pub trait SecurityAnalyzer {
83    type Config;
84    type Error: std::error::Error;
85    
86    /// Analyze a project for security issues
87    fn analyze_project(&self, project_root: &std::path::Path) -> Result<SecurityReport, Self::Error>;
88    
89    /// Get the analyzer's configuration
90    fn config(&self) -> &Self::Config;
91    
92    /// Get supported file extensions for this analyzer
93    fn supported_extensions(&self) -> Vec<&'static str>;
94}