Feat/configurable sanitizers and js precision (#32)

* chore: Exclude CLAUDE.md from Cargo.toml * feat: Add configurable analysis rules and CLI commands for custom sanitizers and terminators * feat: Enhance resource management and analysis efficiency - Implemented parallel summary merging in `scan_filesystem` using rayon for improved performance. - Introduced `GlobalSummaries::merge()` for efficient merging of summaries. - Optimized file reading and hashing to eliminate redundant I/O operations. - Added `should_scan_with_hash()` and `upsert_file_with_hash()` methods to streamline file processing. - Enhanced taint analysis with in-place mutations to reduce memory allocations. - Updated resource acquisition patterns to exclude false positives for `freopen` and wrapper functions. * feat: Implement severity downgrade for findings in non-production paths and add source kind inference * feat: Update versioning information in SECURITY.md for new stable line * feat: Update categories in Cargo.toml to include parser-implementations and text-processing * feat: Update dependencies in Cargo.lock for improved compatibility and performance * feat: Update dependencies in Cargo.lock and Cargo.toml for improved compatibility
2026-06-24 20:28:06 +02:00 · 2026-02-25 04:02:11 -05:00 · 2026-02-25 04:02:11 -05:00 · 19b578c5c4
commit 19b578c5c4
parent f96a89e7c1
37 changed files with 3775 additions and 432 deletions
--- a/src/commands/mod.rs
+++ b/src/commands/mod.rs
@ -1,4 +1,5 @@
 pub mod clean;
+pub mod config;
 pub mod index;
 pub mod list;
 pub mod scan;
@ -12,6 +13,7 @@ use std::path::Path;
 pub fn handle_command(
    command: Commands,
    database_dir: &Path,
+    config_dir: &Path,
    config: &mut Config,
 ) -> NyxResult<()> {
    match command {
@ -24,6 +26,7 @@ pub fn handle_command(
            ast_only,
            cfg_only,
            all_targets,
+            include_nonprod,
        } => {
            if high_only {
                config.scanner.min_severity = Severity::High
@ -41,10 +44,37 @@ pub fn handle_command(
                config.scanner.mode = AnalysisMode::Full
            };

-            scan::handle(&path, no_index, rebuild_index, format, database_dir, config)
+            if include_nonprod {
+                config.scanner.include_nonprod = true
+            };
+
+            scan::handle(&path, no_index, rebuild_index, format, database_dir, config)?;
+        }
+        Commands::Index { action } => {
+            index::handle(action, database_dir, config)?;
+        }
+        Commands::List { verbose } => {
+            list::handle(verbose, database_dir)?;
+        }
+        Commands::Clean { project, all } => {
+            clean::handle(project, all, database_dir)?;
+        }
+        Commands::Config { action } => {
+            use crate::cli::ConfigAction;
+            match action {
+                ConfigAction::Show => self::config::show(config)?,
+                ConfigAction::Path => self::config::path(config_dir)?,
+                ConfigAction::AddRule {
+                    lang,
+                    matcher,
+                    kind,
+                    cap,
+                } => self::config::add_rule(config_dir, &lang, &matcher, &kind, &cap)?,
+                ConfigAction::AddTerminator { lang, name } => {
+                    self::config::add_terminator(config_dir, &lang, &name)?
+                }
+            }
        }
-        Commands::Index { action } => index::handle(action, database_dir, config),
-        Commands::List { verbose } => list::handle(verbose, database_dir),
-        Commands::Clean { project, all } => clean::handle(project, all, database_dir),
    }
+    Ok(())
 }