Add multi-language AST-pattern scanning support

- Introduced `patterns` module with language-specific vulnerability patterns. - Added `query_cache` utility for caching compiled queries. - Expanded `scan.rs` to support scanning multiple languages dynamically. - Updated `Cargo.toml` with additional tree-sitter dependencies. - Added severity filtering to `ScannerConfig` for better configuration.
2026-06-09 19:45:13 +02:00 · 2025-06-17 01:17:48 +02:00 · 2025-06-17 01:17:48 +02:00 · 22369cc404
commit 22369cc404
parent 0831b9fb48
17 changed files with 665 additions and 25 deletions
--- a/src/utils/config.rs
+++ b/src/utils/config.rs
@ -2,10 +2,14 @@ use serde::{Deserialize, Serialize};
 use std::path::{Path};
 use std::fs;
 use toml;
+use crate::patterns::Severity;

 #[derive(Debug, Serialize, Deserialize, Clone)]
 #[serde(default)]
 pub struct ScannerConfig {
+    /// The minimum severity level to output
+    pub min_severity: Severity,
+    
    /// The maximum file size to scan, in megabytes. TODO: IMPLEMENT
    pub max_file_size_mb: u64,
    
@ -39,6 +43,7 @@ pub struct ScannerConfig {
 impl Default for ScannerConfig {
    fn default() -> Self {
        Self {
+            min_severity: Severity::Low,
            max_file_size_mb: 100,
            excluded_extensions: vec![
                "jpg", "png", "gif", "mp4", "avi", "mkv",
--- a/src/utils/mod.rs
+++ b/src/utils/mod.rs
@ -1,5 +1,6 @@
 pub mod project;
 pub mod config;
+pub(crate) mod query_cache;

 // Re-export commonly used functions for convenience
 pub use project::{get_project_info};
--- a/src/utils/query_cache.rs
+++ b/src/utils/query_cache.rs
@ -0,0 +1,37 @@
+use std::collections::HashMap;
+use std::sync::{Arc, RwLock};
+
+use once_cell::sync::Lazy;
+use tree_sitter::{Language, Query};
+
+use crate::patterns::{self, Pattern};
+
+#[derive(Clone)]
+pub struct CompiledQuery {
+  pub meta: Pattern,
+  pub query: Arc<Query>,         
+}
+
+static CACHE: Lazy<RwLock<HashMap<&'static str, Vec<CompiledQuery>>>> =
+  Lazy::new(|| RwLock::new(HashMap::new()));
+
+pub fn for_lang(lang: &'static str, ts_lang: Language) -> Vec<CompiledQuery> {
+  // fast-path read
+  if let Some(v) = CACHE.read().unwrap().get(lang) {
+    return v.clone();
+  }
+
+  // compile under write-lock exactly once
+  let patterns = patterns::load(lang);
+  let mut vec = Vec::with_capacity(patterns.len());
+
+  for p in patterns {
+    match Query::new(&ts_lang, p.query) {
+      Ok(q) => vec.push(CompiledQuery { meta: p, query: Arc::new(q) }),
+      Err(e) => tracing::warn!(lang, id = p.id, "query compile error: {e}"),
+    }
+  }
+
+  CACHE.write().unwrap().insert(lang, vec.clone());
+  vec
+}