syncable_cli/analyzer/security/
mod.rs

1//! # Security Analysis Module
2//! 
3//! Modular security analysis with language-specific analyzers for better threat detection.
4//! 
5//! This module provides a layered approach to security analysis:
6//! - Core security patterns (generic)
7//! - Language-specific analyzers (JS/TS, Python, etc.)
8//! - Framework-specific detection
9//! - Context-aware severity assessment
10
11use std::path::Path;
12use thiserror::Error;
13
14pub mod core;
15pub mod javascript;
16pub mod patterns;
17pub mod config;
18pub mod gitignore;
19
20pub use core::{SecurityAnalyzer, SecurityReport, SecurityFinding, SecuritySeverity, SecurityCategory};
21pub use javascript::JavaScriptSecurityAnalyzer;
22pub use patterns::SecretPatternManager;
23pub use config::SecurityAnalysisConfig;
24pub use gitignore::{GitIgnoreAnalyzer, GitIgnoreStatus, GitIgnoreRisk};
25
26/// Modular security analyzer that delegates to language-specific analyzers
27pub struct ModularSecurityAnalyzer {
28    javascript_analyzer: JavaScriptSecurityAnalyzer,
29    // TODO: Add other language analyzers
30    // python_analyzer: PythonSecurityAnalyzer,
31    // rust_analyzer: RustSecurityAnalyzer,
32}
33
34impl ModularSecurityAnalyzer {
35    pub fn new() -> Result<Self, SecurityError> {
36        Ok(Self {
37            javascript_analyzer: JavaScriptSecurityAnalyzer::new()?,
38        })
39    }
40    
41    pub fn with_config(config: SecurityAnalysisConfig) -> Result<Self, SecurityError> {
42        Ok(Self {
43            javascript_analyzer: JavaScriptSecurityAnalyzer::with_config(config.clone())?,
44        })
45    }
46    
47    /// Analyze a project with appropriate language-specific analyzers
48    pub fn analyze_project(&mut self, project_root: &Path, languages: &[crate::analyzer::DetectedLanguage]) -> Result<SecurityReport, SecurityError> {
49        let mut all_findings = Vec::new();
50        
51        // Analyze JavaScript/TypeScript files
52        if languages.iter().any(|lang| matches!(lang.name.as_str(), "JavaScript" | "TypeScript" | "JSX" | "TSX")) {
53            let js_report = self.javascript_analyzer.analyze_project(project_root)?;
54            all_findings.extend(js_report.findings);
55        }
56        
57        // TODO: Add other language analyzers based on detected languages
58        
59        // Combine results into a comprehensive report
60        Ok(SecurityReport::from_findings(all_findings))
61    }
62}
63
64#[derive(Debug, Error)]
65pub enum SecurityError {
66    #[error("Security analysis failed: {0}")]
67    AnalysisFailed(String),
68    
69    #[error("Pattern compilation error: {0}")]
70    PatternError(#[from] regex::Error),
71    
72    #[error("IO error: {0}")]
73    Io(#[from] std::io::Error),
74    
75    #[error("JavaScript security analysis error: {0}")]
76    JavaScriptError(String),
77}