vaspera 2.10.1 → 2.11.0

package/dist/scanners/openapi.js

@@ -0,0 +1,226 @@
+/**
+ * OpenAPI Security Scanner
+ *
+ * Validates OpenAPI/Swagger specifications for security issues
+ * using Spectral with security-focused rules.
+ *
+ * @module scanners/openapi
+ */
+import { exec } from "child_process";
+import { promisify } from "util";
+import { readFile, readdir } from "fs/promises";
+import { join, extname } from "path";
+const execAsync = promisify(exec);
+const SECURITY_RULES = `
+extends: ["spectral:oas"]
+rules:
+  # Authentication
+  operation-security-defined:
+    description: Operations must have security defined
+    given: "$.paths[*][get,post,put,patch,delete]"
+    then:
+      field: security
+      function: truthy
+    severity: error
+
+  # HTTPS only
+  servers-https:
+    description: Server URLs should use HTTPS
+    given: "$.servers[*].url"
+    then:
+      function: pattern
+      functionOptions:
+        match: "^https://"
+    severity: error
+
+  # No credentials in URLs
+  no-credentials-in-url:
+    description: URLs should not contain credentials
+    given: "$.servers[*].url"
+    then:
+      function: pattern
+      functionOptions:
+        notMatch: "://[^/]*:[^/]*@"
+    severity: error
+
+  # Rate limiting headers
+  rate-limit-headers:
+    description: Responses should include rate limiting headers
+    given: "$.paths[*][*].responses[*].headers"
+    then:
+      function: schema
+      functionOptions:
+        schema:
+          anyOf:
+            - required: ["X-RateLimit-Limit"]
+            - required: ["X-Rate-Limit-Limit"]
+            - required: ["RateLimit-Limit"]
+    severity: warn
+
+  # Sensitive data in query params
+  no-sensitive-query-params:
+    description: Sensitive data should not be in query parameters
+    given: "$.paths[*][*].parameters[?(@.in=='query')]"
+    then:
+      field: name
+      function: pattern
+      functionOptions:
+        notMatch: "(?i)(password|secret|token|api_key|apikey|auth|credential)"
+    severity: error
+`;
+export async function checkSpectralAvailable() {
+    try {
+        const { stdout } = await execAsync("npx spectral --version", { timeout: 10000 });
+        return {
+            scanner: "spectral",
+            available: true,
+            version: stdout.trim(),
+        };
+    }
+    catch {
+        return {
+            scanner: "spectral",
+            available: false,
+            error: "Spectral not available. Install with: npm install -g @stoplight/spectral-cli",
+        };
+    }
+}
+function mapSeverity(severity) {
+    switch (severity) {
+        case 0:
+            return "high";
+        case 1:
+            return "medium";
+        case 2:
+            return "low";
+        default:
+            return "info";
+    }
+}
+export async function runSpectral(specPath, options) {
+    const startTime = Date.now();
+    try {
+        const availability = await checkSpectralAvailable();
+        if (!availability.available) {
+            return {
+                scanner: "spectral",
+                findings: [],
+                duration: Date.now() - startTime,
+                success: false,
+                error: availability.error,
+            };
+        }
+        let command = `npx spectral lint "${specPath}" -f json`;
+        if (options?.rulesetPath) {
+            command += ` -r "${options.rulesetPath}"`;
+        }
+        const { stdout, stderr } = await execAsync(command, {
+            timeout: options?.timeout || 60000,
+            maxBuffer: 10 * 1024 * 1024,
+        }).catch((error) => {
+            if (error.stdout) {
+                return { stdout: error.stdout, stderr: error.stderr || "" };
+            }
+            throw error;
+        });
+        const results = JSON.parse(stdout || "[]");
+        const findings = results.map((result) => ({
+            scanner: "spectral",
+            ruleId: `spectral:${result.code}`,
+            file: result.source,
+            line: result.range.start.line + 1,
+            column: result.range.start.character + 1,
+            endLine: result.range.end.line + 1,
+            message: result.message,
+            severity: mapSeverity(result.severity),
+            confidence: 100,
+            metadata: {
+                path: result.path.join("."),
+            },
+        }));
+        return {
+            scanner: "spectral",
+            findings,
+            duration: Date.now() - startTime,
+            success: true,
+            version: availability.version,
+        };
+    }
+    catch (error) {
+        return {
+            scanner: "spectral",
+            findings: [],
+            duration: Date.now() - startTime,
+            success: false,
+            error: error instanceof Error ? error.message : "Unknown error",
+        };
+    }
+}
+export async function findOpenAPISpecs(projectPath) {
+    const specs = [];
+    const extensions = [".yaml", ".yml", ".json"];
+    const patterns = ["openapi", "swagger", "api-spec", "api"];
+    async function searchDir(dir, depth = 0) {
+        if (depth > 3)
+            return;
+        try {
+            const entries = await readdir(dir, { withFileTypes: true });
+            for (const entry of entries) {
+                const fullPath = join(dir, entry.name);
+                if (entry.isDirectory() && !entry.name.startsWith(".") && entry.name !== "node_modules") {
+                    await searchDir(fullPath, depth + 1);
+                }
+                else if (entry.isFile()) {
+                    const ext = extname(entry.name).toLowerCase();
+                    const nameWithoutExt = entry.name.slice(0, -ext.length).toLowerCase();
+                    if (extensions.includes(ext) && patterns.some((p) => nameWithoutExt.includes(p))) {
+                        try {
+                            const content = await readFile(fullPath, "utf-8");
+                            if (content.includes("openapi") || content.includes("swagger")) {
+                                specs.push(fullPath);
+                            }
+                        }
+                        catch {
+                            // Skip files that can't be read
+                        }
+                    }
+                }
+            }
+        }
+        catch {
+            // Skip directories that can't be read
+        }
+    }
+    await searchDir(projectPath);
+    return specs;
+}
+export async function runOpenAPIScan(projectPath, options) {
+    const startTime = Date.now();
+    const specs = await findOpenAPISpecs(projectPath);
+    if (specs.length === 0) {
+        return {
+            scanner: "openapi",
+            findings: [],
+            duration: Date.now() - startTime,
+            success: true,
+            filesScanned: 0,
+        };
+    }
+    const allFindings = [];
+    for (const spec of specs) {
+        const result = await runSpectral(spec, options);
+        allFindings.push(...result.findings);
+    }
+    return {
+        scanner: "openapi",
+        findings: allFindings,
+        duration: Date.now() - startTime,
+        success: true,
+        filesScanned: specs.length,
+    };
+}
+export async function detectOpenAPI(projectPath) {
+    const specs = await findOpenAPISpecs(projectPath);
+    return specs.length > 0;
+}
+//# sourceMappingURL=openapi.js.map

package/dist/scanners/openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../src/scanners/openapi.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAGrC,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAclC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwDtB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACjF,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,8EAA8E;SACtF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB;IACnC,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,CAAC;YACJ,OAAO,MAAM,CAAC;QAChB,KAAK,CAAC;YACJ,OAAO,QAAQ,CAAC;QAClB,KAAK,CAAC;YACJ,OAAO,KAAK,CAAC;QACf;YACE,OAAO,MAAM,CAAC;IAClB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAAgB,EAChB,OAAoD;IAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,sBAAsB,EAAE,CAAC;QACpD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,UAAU;gBACnB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,GAAG,sBAAsB,QAAQ,WAAW,CAAC;QACxD,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;YACzB,OAAO,IAAI,QAAQ,OAAO,CAAC,WAAW,GAAG,CAAC;QAC5C,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;YAClD,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,KAAK;YAClC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACjB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAqB,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAA2B,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAChE,OAAO,EAAE,UAAmB;YAC5B,MAAM,EAAE,YAAY,MAAM,CAAC,IAAI,EAAE;YACjC,IAAI,EAAE,MAAM,CAAC,MAAM;YACnB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC;YACjC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC;YACxC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC;YAClC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,QAAQ,EAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC;YACtC,UAAU,EAAE,GAAG;YACf,QAAQ,EAAE;gBACR,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;aAC5B;SACF,CAAC,CAAC,CAAC;QAEJ,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,UAAU;YACnB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACxD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3D,KAAK,UAAU,SAAS,CAAC,GAAW,EAAE,KAAK,GAAG,CAAC;QAC7C,IAAI,KAAK,GAAG,CAAC;YAAE,OAAO;QAEtB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;YAE5D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBAEvC,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;oBACxF,MAAM,SAAS,CAAC,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;gBACvC,CAAC;qBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;oBAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;oBAC9C,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;oBAEtE,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;wBACjF,IAAI,CAAC;4BACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;4BAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gCAC/D,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;4BACvB,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC;4BACP,gCAAgC;wBAClC,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;IAC7B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAElD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO;YACL,OAAO,EAAE,SAAS;YAClB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,YAAY,EAAE,CAAC;SAChB,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAA2B,EAAE,CAAC;IAE/C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAChD,WAAW,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,OAAO;QACL,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,KAAK,CAAC,MAAM;KAC3B,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,WAAmB;IACrD,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAClD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;AAC1B,CAAC"}

package/dist/scanners/runtime/types.d.ts

@@ -90,9 +90,9 @@ export declare const GoldenPathFlowSchema: z.ZodObject<{
         description?: string | undefined;
         timeout?: number | undefined;
         url?: string | undefined;
+        headers?: Record<string, string> | undefined;
         body?: Record<string, unknown> | undefined;
         method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
-        headers?: Record<string, string> | undefined;
         screenshot?: boolean | undefined;
         selector?: string | undefined;
     }, {
@@ -101,9 +101,9 @@ export declare const GoldenPathFlowSchema: z.ZodObject<{
         description?: string | undefined;
         timeout?: number | undefined;
         url?: string | undefined;
+        headers?: Record<string, string> | undefined;
         body?: Record<string, unknown> | undefined;
         method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
-        headers?: Record<string, string> | undefined;
         screenshot?: boolean | undefined;
         selector?: string | undefined;
     }>, "many">;
@@ -116,9 +116,9 @@ export declare const GoldenPathFlowSchema: z.ZodObject<{
         description?: string | undefined;
         timeout?: number | undefined;
         url?: string | undefined;
+        headers?: Record<string, string> | undefined;
         body?: Record<string, unknown> | undefined;
         method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
-        headers?: Record<string, string> | undefined;
         screenshot?: boolean | undefined;
         selector?: string | undefined;
     }[];
@@ -133,9 +133,9 @@ export declare const GoldenPathFlowSchema: z.ZodObject<{
         description?: string | undefined;
         timeout?: number | undefined;
         url?: string | undefined;
+        headers?: Record<string, string> | undefined;
         body?: Record<string, unknown> | undefined;
         method?: "GET" | "POST" | "PUT" | "DELETE" | "PATCH" | undefined;
-        headers?: Record<string, string> | undefined;
         screenshot?: boolean | undefined;
         selector?: string | undefined;
     }[];

package/dist/scanners/rust.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Rust Security Scanner
+ *
+ * Scans Rust projects for security vulnerabilities using
+ * cargo-audit and clippy.
+ *
+ * @module scanners/rust
+ */
+import type { ScannerResult, ScannerAvailability } from "./types.js";
+export declare function checkCargoAuditAvailable(): Promise<ScannerAvailability>;
+export declare function checkClippyAvailable(): Promise<ScannerAvailability>;
+export declare function runCargoAudit(projectPath: string, options?: {
+    timeout?: number;
+}): Promise<ScannerResult>;
+export declare function runClippy(projectPath: string, options?: {
+    timeout?: number;
+}): Promise<ScannerResult>;
+export declare function runRustScanners(projectPath: string, options?: {
+    timeout?: number;
+}): Promise<ScannerResult>;
+export declare function detectRust(projectPath: string): Promise<boolean>;
+//# sourceMappingURL=rust.d.ts.map

package/dist/scanners/rust.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rust.d.ts","sourceRoot":"","sources":["../../src/scanners/rust.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,KAAK,EAAwB,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAmE3F,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAe7E;AAED,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAezE;AAgBD,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,CAAC,aAAa,CAAC,CAqFxB;AAED,wBAAsB,SAAS,CAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,CAAC,aAAa,CAAC,CAmFxB;AAED,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7B,OAAO,CAAC,aAAa,CAAC,CAkBxB;AAED,wBAAsB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOtE"}

package/dist/scanners/rust.js

@@ -0,0 +1,239 @@
+/**
+ * Rust Security Scanner
+ *
+ * Scans Rust projects for security vulnerabilities using
+ * cargo-audit and clippy.
+ *
+ * @module scanners/rust
+ */
+import { exec } from "child_process";
+import { promisify } from "util";
+import { access } from "fs/promises";
+import { join } from "path";
+const execAsync = promisify(exec);
+export async function checkCargoAuditAvailable() {
+    try {
+        const { stdout } = await execAsync("cargo audit --version", { timeout: 10000 });
+        return {
+            scanner: "cargo-audit",
+            available: true,
+            version: stdout.trim(),
+        };
+    }
+    catch {
+        return {
+            scanner: "cargo-audit",
+            available: false,
+            error: "cargo-audit not found. Install with: cargo install cargo-audit",
+        };
+    }
+}
+export async function checkClippyAvailable() {
+    try {
+        const { stdout } = await execAsync("cargo clippy --version", { timeout: 10000 });
+        return {
+            scanner: "clippy",
+            available: true,
+            version: stdout.trim(),
+        };
+    }
+    catch {
+        return {
+            scanner: "clippy",
+            available: false,
+            error: "clippy not found. Install with: rustup component add clippy",
+        };
+    }
+}
+function mapAuditSeverity(severity) {
+    switch (severity.toLowerCase()) {
+        case "critical":
+            return "critical";
+        case "high":
+            return "high";
+        case "medium":
+        case "moderate":
+            return "medium";
+        default:
+            return "low";
+    }
+}
+export async function runCargoAudit(projectPath, options) {
+    const startTime = Date.now();
+    try {
+        const availability = await checkCargoAuditAvailable();
+        if (!availability.available) {
+            return {
+                scanner: "cargo-audit",
+                findings: [],
+                duration: Date.now() - startTime,
+                success: false,
+                error: availability.error,
+            };
+        }
+        const { stdout } = await execAsync(`cd "${projectPath}" && cargo audit --json`, {
+            timeout: options?.timeout || 120000,
+            maxBuffer: 10 * 1024 * 1024,
+        }).catch((error) => {
+            if (error.stdout) {
+                return { stdout: error.stdout, stderr: error.stderr || "" };
+            }
+            throw error;
+        });
+        const output = JSON.parse(stdout);
+        const findings = [];
+        for (const vuln of output.vulnerabilities.list) {
+            findings.push({
+                scanner: "cargo-audit",
+                ruleId: `cargo-audit:${vuln.advisory.id}`,
+                file: "Cargo.lock",
+                line: 1,
+                message: `${vuln.advisory.title} in ${vuln.package.name}@${vuln.package.version}`,
+                severity: mapAuditSeverity(vuln.advisory.severity),
+                confidence: 100,
+                metadata: {
+                    package: vuln.package.name,
+                    version: vuln.package.version,
+                    advisoryUrl: vuln.advisory.url,
+                    patchedVersions: vuln.versions.patched,
+                    cvss: vuln.advisory.cvss,
+                    description: vuln.advisory.description,
+                },
+            });
+        }
+        // Add warnings for unmaintained packages
+        for (const warn of output.warnings.unmaintained || []) {
+            findings.push({
+                scanner: "cargo-audit",
+                ruleId: `cargo-audit:${warn.advisory.id}`,
+                file: "Cargo.lock",
+                line: 1,
+                message: `Unmaintained package: ${warn.package.name}@${warn.package.version} - ${warn.advisory.title}`,
+                severity: "low",
+                confidence: 100,
+                metadata: {
+                    package: warn.package.name,
+                    version: warn.package.version,
+                    type: "unmaintained",
+                },
+            });
+        }
+        return {
+            scanner: "cargo-audit",
+            findings,
+            duration: Date.now() - startTime,
+            success: true,
+            version: availability.version,
+        };
+    }
+    catch (error) {
+        return {
+            scanner: "cargo-audit",
+            findings: [],
+            duration: Date.now() - startTime,
+            success: false,
+            error: error instanceof Error ? error.message : "Unknown error",
+        };
+    }
+}
+export async function runClippy(projectPath, options) {
+    const startTime = Date.now();
+    try {
+        const availability = await checkClippyAvailable();
+        if (!availability.available) {
+            return {
+                scanner: "clippy",
+                findings: [],
+                duration: Date.now() - startTime,
+                success: false,
+                error: availability.error,
+            };
+        }
+        const { stdout, stderr } = await execAsync(`cd "${projectPath}" && cargo clippy --message-format=json -- -W clippy::all -W clippy::pedantic -W clippy::nursery 2>&1`, {
+            timeout: options?.timeout || 300000,
+            maxBuffer: 50 * 1024 * 1024,
+        }).catch((error) => {
+            if (error.stdout) {
+                return { stdout: error.stdout, stderr: error.stderr || "" };
+            }
+            throw error;
+        });
+        const findings = [];
+        const lines = stdout.split("\n").filter((l) => l.trim());
+        for (const line of lines) {
+            try {
+                const msg = JSON.parse(line);
+                if (msg.reason === "compiler-message" && msg.message && msg.message.spans?.length > 0) {
+                    const primarySpan = msg.message.spans.find((s) => s.is_primary) || msg.message.spans[0];
+                    // Only include security-relevant lints
+                    const code = msg.message.code?.code || "";
+                    const isSecurityRelevant = code.includes("unsafe") ||
+                        code.includes("panic") ||
+                        code.includes("unwrap") ||
+                        code.includes("expect") ||
+                        code.includes("transmute") ||
+                        msg.message.level === "error";
+                    if (isSecurityRelevant) {
+                        findings.push({
+                            scanner: "clippy",
+                            ruleId: `clippy:${code}`,
+                            file: primarySpan.file_name.replace(projectPath + "/", ""),
+                            line: primarySpan.line_start,
+                            endLine: primarySpan.line_end,
+                            column: primarySpan.column_start,
+                            message: msg.message.message,
+                            severity: msg.message.level === "error" ? "high" : "medium",
+                            confidence: 100,
+                            evidence: primarySpan.text?.[0]?.text,
+                        });
+                    }
+                }
+            }
+            catch {
+                // Skip non-JSON lines
+            }
+        }
+        return {
+            scanner: "clippy",
+            findings,
+            duration: Date.now() - startTime,
+            success: true,
+            version: availability.version,
+        };
+    }
+    catch (error) {
+        return {
+            scanner: "clippy",
+            findings: [],
+            duration: Date.now() - startTime,
+            success: false,
+            error: error instanceof Error ? error.message : "Unknown error",
+        };
+    }
+}
+export async function runRustScanners(projectPath, options) {
+    const startTime = Date.now();
+    const [auditResult, clippyResult] = await Promise.all([
+        runCargoAudit(projectPath, options),
+        runClippy(projectPath, options),
+    ]);
+    const findings = [...auditResult.findings, ...clippyResult.findings];
+    const success = auditResult.success || clippyResult.success;
+    return {
+        scanner: "rust",
+        findings,
+        duration: Date.now() - startTime,
+        success,
+        error: !success ? "No Rust scanners available" : undefined,
+    };
+}
+export async function detectRust(projectPath) {
+    try {
+        await access(join(projectPath, "Cargo.toml"));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=rust.js.map

package/dist/scanners/rust.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rust.js","sourceRoot":"","sources":["../../src/scanners/rust.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAiElC,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,uBAAuB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAChF,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,gEAAgE;SACxE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QACjF,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,SAAS,EAAE,KAAK;YAChB,KAAK,EAAE,6DAA6D;SACrE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,UAAU;YACb,OAAO,UAAU,CAAC;QACpB,KAAK,MAAM;YACT,OAAO,MAAM,CAAC;QAChB,KAAK,QAAQ,CAAC;QACd,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,wBAAwB,EAAE,CAAC;QACtD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,aAAa;gBACtB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAChC,OAAO,WAAW,yBAAyB,EAC3C;YACE,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CACF,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAqB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACpD,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,aAAsB;gBAC/B,MAAM,EAAE,eAAe,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;gBACzC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;gBACjF,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;gBAClD,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE;oBACR,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;oBAC1B,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;oBAC7B,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC9B,eAAe,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO;oBACtC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;oBACxB,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,EAAE,EAAE,CAAC;YACtD,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,aAAsB;gBAC/B,MAAM,EAAE,eAAe,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;gBACzC,IAAI,EAAE,YAAY;gBAClB,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,yBAAyB,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE;gBACtG,QAAQ,EAAE,KAAK;gBACf,UAAU,EAAE,GAAG;gBACf,QAAQ,EAAE;oBACR,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;oBAC1B,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;oBAC7B,IAAI,EAAE,cAAc;iBACrB;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,aAAa;YACtB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC5B,OAAO;gBACL,OAAO,EAAE,QAAQ;gBACjB,QAAQ,EAAE,EAAE;gBACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAChC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CACxC,OAAO,WAAW,uGAAuG,EACzH;YACE,OAAO,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM;YACnC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CACF,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YAChB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC5C,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;oBACtF,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAExF,uCAAuC;oBACvC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC;oBAC1C,MAAM,kBAAkB,GACtB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACtB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBACvB,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;wBACvB,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;wBAC1B,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC;oBAEhC,IAAI,kBAAkB,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,OAAO,EAAE,QAAiB;4BAC1B,MAAM,EAAE,UAAU,IAAI,EAAE;4BACxB,IAAI,EAAE,WAAW,CAAC,SAAS,CAAC,OAAO,CAAC,WAAW,GAAG,GAAG,EAAE,EAAE,CAAC;4BAC1D,IAAI,EAAE,WAAW,CAAC,UAAU;4BAC5B,OAAO,EAAE,WAAW,CAAC,QAAQ;4BAC7B,MAAM,EAAE,WAAW,CAAC,YAAY;4BAChC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;4BAC5B,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;4BAC3D,UAAU,EAAE,GAAG;4BACf,QAAQ,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI;yBACtC,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,QAAQ;YACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,YAAY,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,QAAQ;YACjB,QAAQ,EAAE,EAAE;YACZ,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;YAChC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,OAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,CAAC,WAAW,EAAE,YAAY,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACpD,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC;QACnC,SAAS,CAAC,WAAW,EAAE,OAAO,CAAC;KAChC,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,CAAC;IAE5D,OAAO;QACL,OAAO,EAAE,MAAM;QACf,QAAQ;QACR,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;QAChC,OAAO;QACP,KAAK,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,SAAS;KAC3D,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}