Add multi-language AST-pattern scanning support

- Introduced `patterns` module with language-specific vulnerability patterns. - Added `query_cache` utility for caching compiled queries. - Expanded `scan.rs` to support scanning multiple languages dynamically. - Updated `Cargo.toml` with additional tree-sitter dependencies. - Added severity filtering to `ScannerConfig` for better configuration.
2026-06-15 20:05:13 +02:00 · 2025-06-17 01:17:48 +02:00 · 2025-06-17 01:17:48 +02:00 · 22369cc404
commit 22369cc404
parent 0831b9fb48
17 changed files with 665 additions and 25 deletions
--- a/src/patterns/javascript.rs
+++ b/src/patterns/javascript.rs
@ -0,0 +1,40 @@
+use crate::patterns::{Pattern, Severity};
+
+pub const PATTERNS: &[Pattern] = &[
+  Pattern {
+    id: "eval_call",
+    description: "Use of eval()",
+    query: "(call_expression function: (identifier) @id (#eq? @id \"eval\")) @vuln",
+    severity: Severity::High,
+  },
+  Pattern {
+    id: "new_function",
+    description: "new Function() constructor",
+    query: "(new_expression constructor: (identifier) @id (#eq? @id \"Function\")) @vuln",
+    severity: Severity::High,
+  },
+  Pattern {
+    id: "document_write",
+    description: "document.write() call",
+    query: "(call_expression function: (member_expression object: (identifier) @obj (#eq? @obj \"document\") property: (property_identifier) @prop (#eq? @prop \"write\"))) @vuln",
+    severity: Severity::Medium,
+  },
+  Pattern {
+    id: "inner_html_assignment",
+    description: "Assignment to element.innerHTML",
+    query: "(assignment_expression left: (member_expression property: (property_identifier) @prop (#eq? @prop \"innerHTML\"))) @vuln",
+    severity: Severity::Medium,
+  },
+  Pattern {
+    id: "settimeout_string",
+    description: "setTimeout / setInterval with a string argument",
+    query: "(call_expression function: (identifier) @id (#match? @id \"setTimeout|setInterval\") arguments: (arguments (string) @code . _)) @vuln",
+    severity: Severity::Medium,
+  },
+  Pattern {
+    id: "json_parse",
+    description: "JSON.parse on dynamic string",
+    query: "(call_expression function: (member_expression object: (identifier) @obj (#eq? @obj \"JSON\") property: (property_identifier) @prop (#eq? @prop \"parse\"))) @vuln",
+    severity: Severity::Low,
+  },
+];