Skip to main content

threatdeflect_core/
lib.rs

1//! # threatdeflect-core
2//!
3//! High-performance secret detection, confidence scoring, and IOC extraction engine.
4//!
5//! ## Overview
6//!
7//! This crate provides a configurable analyzer that scans source code for:
8//! - Leaked credentials (AWS keys, GitHub tokens, API keys, etc.)
9//! - Suspicious commands (reverse shells, crypto miners, encoded payloads)
10//! - Indicators of Compromise (URLs/IPs, including base64-encoded)
11//!
12//! Each finding includes a **confidence score** (0.0–1.0) based on Shannon entropy,
13//! file context (test/production/example), placeholder detection, and assignment patterns.
14//!
15//! ## Quick start
16//!
17//! ```rust
18//! use threatdeflect_core::SecretAnalyzer;
19//!
20//! let rules = vec![
21//!     ("AWS Key".to_string(), r"AKIA[0-9A-Z]{16}".to_string()),
22//! ];
23//! let analyzer = SecretAnalyzer::new(rules, Vec::<(String, String)>::new()).unwrap();
24//! let result = analyzer.analyze_content("key = AKIAIOSFODNN7EXAMPLE1", "config.py", "config.py");
25//! assert!(!result.findings.is_empty());
26//! ```
27
28pub mod analyzer;
29pub mod confidence;
30pub mod context;
31pub mod error;
32pub mod types;
33pub mod walker;
34
35pub use analyzer::SecretAnalyzer;
36pub use error::AnalyzerError;
37pub use types::{AnalysisResult, FileContext, Finding, Ioc};
38pub use walker::list_scannable_files;