apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity

[pitboss/grind] deferred session-0001 (20260521T201327Z-3848)

Browse source
This commit is contained in:
pitboss 2026-05-21 15:26:49 -05:00
parent 3a35cd6c8f
commit 159a779f31
19 changed files with 305 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

30
src/server/jobs.rs
View file

@ -239,7 +239,7 @@ impl JobManager {
Some(&log_collector),
)?;
let pool = Indexer::init(&db_path)?;
scan::scan_with_index_parallel_observer(
let mut diags = scan::scan_with_index_parallel_observer(
&project_name,
pool,
&config,
@ -250,7 +250,23 @@ impl JobManager {
Some(&log_collector),
None,
None,
)
)?;
for diag in &mut diags {
diag.stable_hash = scan::compute_stable_hash(diag);
}
#[cfg(feature = "dynamic")]
{
let _verify_opts = scan::verify_findings_for_scan(
&mut diags,
&project_name,
&db_path,
&scan_root,
&config,
false,
true,
);
}
Ok(diags)
});
let elapsed = start.elapsed().as_secs_f64();
@ -274,6 +290,16 @@ impl JobManager {
for d in &mut diags {
d.stable_hash = scan::compute_stable_hash(d);
}
let dynamic_summary = scan::DynamicVerificationSummary::from_diags(&diags);
if !dynamic_summary.is_empty() {
log_collector.info(
format!(
"Dynamic verification: {}",
scan::format_dynamic_verification_summary(&dynamic_summary)
),
None,
);
}
log_collector.info(format!("Scan completed: {} findings", diags.len()), None);
(JobStatus::Completed, Some(Arc::new(diags)), None)
}

2
src/server/models.rs
View file

@ -717,6 +717,8 @@ pub struct ScannerQuality {
pub symex_verified_rate: f64,
/// Count broken down by symbolic verdict label.
pub symex_breakdown: HashMap<String, usize>,
/// Dynamic verifier verdict counts from the latest scan.
pub dynamic_verification: crate::commands::scan::DynamicVerificationSummary,
}
/// One issue-category bucket (rule-family derived). Broader than OWASP, with

3
src/server/routes/overview.rs
View file

@ -837,6 +837,9 @@ fn compute_scanner_quality(
call_resolution_rate,
symex_verified_rate,
symex_breakdown: breakdown,
dynamic_verification: crate::commands::scan::DynamicVerificationSummary::from_diags(
findings,
),
})
}

11
src/server/routes/scans.rs
View file

@ -40,8 +40,8 @@ struct StartScanRequest {
/// `false` - force off even if config says on.
/// absent - inherit config default.
///
/// Requires `--features dynamic`; `true` returns 400 when the
/// feature is absent.
/// Included in default builds; custom builds without `dynamic` return 400
/// when verification is requested.
verify: Option<bool>,
/// Also verify `Confidence < Medium` findings. Default false.
verify_all_confidence: Option<bool>,
@ -126,6 +126,13 @@ async fn start_scan(
config.scanner.verify_all_confidence = true;
}
#[cfg(not(feature = "dynamic"))]
if config.scanner.verify || config.scanner.verify_all_confidence {
return Err(bad_request(
"dynamic verification is enabled, but this binary was built without dynamic support; rebuild with `cargo build --features dynamic` or skip dynamic verification for this scan",
));
}
let event_tx = state.event_tx.clone();
let db_pool = state.db_pool.clone();
let database_dir = state.database_dir.clone();