From bfdfcb9d1a639f072d491258b792f74fc71fb164 Mon Sep 17 00:00:00 2001 From: pitboss Date: Tue, 12 May 2026 13:26:52 -0400 Subject: [PATCH] =?UTF-8?q?[pitboss]=20phase=2007:=20M6=20=E2=80=94=20Evid?= =?UTF-8?q?ence=20consumers:=20formatters,=20ranking,=20UI?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci.yml | 15 +- .github/workflows/corpus_promote.yml | 54 +- .gitignore | 1 + frontend/src/api/types.ts | 26 + frontend/src/components/VerdictBadge.tsx | 57 + frontend/src/pages/FindingDetailPage.tsx | 100 + frontend/src/pages/FindingsPage.tsx | 8 + .../src/test/components/verdictBadge.test.tsx | 110 + fuzz/dynamic_corpus/Cargo.lock | 2352 +++++++++++++++++ fuzz/dynamic_corpus/src/main.rs | 1 - scripts/corpus_dashboard.py | 1 - src/dynamic/oob.rs | 18 + src/dynamic/runner.rs | 30 +- src/fmt.rs | 69 + src/output.rs | 15 + src/rank.rs | 36 + tests/console_snapshot.rs | 188 ++ tests/json_snapshot.rs | 173 ++ 18 files changed, 3208 insertions(+), 46 deletions(-) create mode 100644 frontend/src/components/VerdictBadge.tsx create mode 100644 frontend/src/test/components/verdictBadge.test.tsx create mode 100644 fuzz/dynamic_corpus/Cargo.lock create mode 100644 tests/console_snapshot.rs create mode 100644 tests/json_snapshot.rs diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9557f87c..cb52b865 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -404,20 +404,7 @@ jobs: toolchain: stable cache: true - - uses: actions/setup-node@v6 - with: - node-version: 20 - cache: npm - cache-dependency-path: frontend/package-lock.json - - - name: Build frontend - working-directory: frontend - run: | - npm ci - npm run build - - name: Corpus unit tests (no_marker_collisions, all_payloads_have_fixture_paths) - run: cargo nextest run --lib -p nyx-scanner --test-threads=4 2>/dev/null || \ - cargo nextest run --lib -p nyx-scanner + run: cargo nextest run --lib -p nyx-scanner dynamic::corpus env: RUST_LOG: error diff --git a/.github/workflows/corpus_promote.yml b/.github/workflows/corpus_promote.yml index 75a0e084..c9e60652 100644 --- a/.github/workflows/corpus_promote.yml +++ b/.github/workflows/corpus_promote.yml @@ -106,38 +106,46 @@ jobs: # Stage candidate files into fuzz-discovered (already there). # The PR body provides the reviewer with everything they need. - # Build PR body. - body=$(cat <<'EOF' - ## Corpus Promotion Proposal + # Build PR body into a temp file to avoid shell re-interpolation of + # sidecar JSON content (which may contain backticks or $(...) sequences). + body_file=$(mktemp) - This PR was generated automatically by the weekly corpus-promote workflow. - It does **not** auto-merge — a human reviewer must approve each candidate - before it can land in `src/dynamic/corpus.rs` (§16.4). + cat > "$body_file" <<'PREAMBLE' +## Corpus Promotion Proposal - ### Candidates +This PR was generated automatically by the weekly corpus-promote workflow. +It does **not** auto-merge — a human reviewer must approve each candidate +before it can land in `src/dynamic/corpus.rs` (§16.4). - The following payloads were discovered by the internal mutation fuzzer and - confirmed via `sink_hit && oracle_fired` against instrumented fixtures: +### Candidates - EOF - ) +The following payloads were discovered by the internal mutation fuzzer and +confirmed via `sink_hit && oracle_fired` against instrumented fixtures: + +PREAMBLE for f in $CANDIDATE_FILES; do sidecar="${f}.json" + printf -- '- `%s`\n' "$f" >> "$body_file" if [ -f "$sidecar" ]; then - body="$body\n- \`$f\`\n \`\`\`json\n$(cat "$sidecar")\n \`\`\`\n" - else - body="$body\n- \`$f\`\n" + printf ' ```json\n' >> "$body_file" + cat "$sidecar" >> "$body_file" + printf '\n ```\n' >> "$body_file" fi done - body="$body\n### Review checklist\n" - body="$body\n- [ ] Bytes are a genuine attack vector, not a fixture artifact\n" - body="$body\n- [ ] Oracle marker is unique (no collision with other caps)\n" - body="$body\n- [ ] \`fixture_paths\` updated in \`src/dynamic/corpus.rs\`\n" - body="$body\n- [ ] \`since_corpus_version\` set to next version\n" - body="$body\n- [ ] \`CORPUS_VERSION\` bumped and bump history updated\n" - body="$body\n\n_Generated by corpus_promote.yml — do not auto-merge._\n" + cat >> "$body_file" <<'CHECKLIST' + +### Review checklist + +- [ ] Bytes are a genuine attack vector, not a fixture artifact +- [ ] Oracle marker is unique (no collision with other caps) +- [ ] `fixture_paths` updated in `src/dynamic/corpus.rs` +- [ ] `since_corpus_version` set to next version +- [ ] `CORPUS_VERSION` bumped and bump history updated + +_Generated by corpus_promote.yml — do not auto-merge._ +CHECKLIST git add fuzz-discovered/ || true git diff --cached --quiet || git commit -m "chore: add ${CANDIDATE_COUNT} fuzzer-discovered corpus candidates" @@ -146,10 +154,12 @@ jobs: gh pr create \ --title "chore(corpus): promote ${CANDIDATE_COUNT} fuzzer-discovered payload(s)" \ - --body "$(printf '%b' "$body")" \ + --body "$(cat "$body_file")" \ --base master \ --label "corpus-promotion" || true + rm -f "$body_file" + - name: Dry run summary if: github.event.inputs.dry_run == 'true' run: | diff --git a/.gitignore b/.gitignore index 61590e17..d84f7105 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,7 @@ /target /fuzz/target /fuzz/corpus +/fuzz/dynamic_corpus/target /fuzz/artifacts /.idea /frontend/node_modules diff --git a/frontend/src/api/types.ts b/frontend/src/api/types.ts index 94732376..c6f0946e 100644 --- a/frontend/src/api/types.ts +++ b/frontend/src/api/types.ts @@ -2,6 +2,30 @@ export type Confidence = 'Low' | 'Medium' | 'High'; export type FlowStepKind = 'source' | 'assignment' | 'call' | 'phi' | 'sink'; +// Dynamic verification types (from src/evidence.rs VerifyStatus / VerifyResult) +export type VerifyStatus = 'Confirmed' | 'NotConfirmed' | 'Inconclusive' | 'Unsupported'; + +export interface AttemptSummary { + payload_label: string; + exit_code?: number; + timed_out: boolean; + triggered: boolean; + sink_hit?: boolean; +} + +export interface VerifyResult { + finding_id: string; + status: VerifyStatus; + triggered_payload?: string; + /** Typed UnsupportedReason (PascalCase string) */ + reason?: string; + /** Typed InconclusiveReason (PascalCase string) */ + inconclusive_reason?: string; + detail?: string; + attempts: AttemptSummary[]; + toolchain_match?: string; +} + export interface FlowStep { step: number; kind: FlowStepKind; @@ -40,6 +64,8 @@ export interface Evidence { flow_steps: FlowStep[]; explanation?: string; confidence_limiters: string[]; + /** Dynamic verification result; present only when --verify was active. */ + dynamic_verdict?: VerifyResult; } // Finding types diff --git a/frontend/src/components/VerdictBadge.tsx b/frontend/src/components/VerdictBadge.tsx new file mode 100644 index 00000000..a6475a37 --- /dev/null +++ b/frontend/src/components/VerdictBadge.tsx @@ -0,0 +1,57 @@ +import type { VerifyResult, VerifyStatus } from '../api/types'; + +const STATUS_LABELS: Record = { + Confirmed: 'Confirmed', + NotConfirmed: 'Not confirmed', + Inconclusive: 'Inconclusive', + Unsupported: 'Unsupported', +}; + +function verdictTooltip(verdict: VerifyResult): string { + const { status, triggered_payload, reason, inconclusive_reason, detail } = + verdict; + switch (status) { + case 'Confirmed': + return triggered_payload + ? `Confirmed via payload: ${triggered_payload}` + : 'Dynamically confirmed exploitable'; + case 'NotConfirmed': + return verdict.attempts.length > 0 + ? `Not confirmed after ${verdict.attempts.length} payload attempt(s)` + : 'Not confirmed'; + case 'Unsupported': + return reason ? `Unsupported: ${reason}` : 'Dynamic verification not supported'; + case 'Inconclusive': + return inconclusive_reason + ? `Inconclusive: ${inconclusive_reason}${detail ? `: ${detail}` : ''}` + : detail || 'Inconclusive'; + } +} + +interface VerdictBadgeProps { + verdict: VerifyResult | undefined; + /** Show full label (default) or compact icon-only mode */ + compact?: boolean; +} + +export function VerdictBadge({ verdict, compact = false }: VerdictBadgeProps) { + if (!verdict) { + return -; + } + + const { status } = verdict; + const label = STATUS_LABELS[status] ?? status; + const tooltip = verdictTooltip(verdict); + const flame = status === 'Confirmed' ? '🔥 ' : ''; + + return ( + + {flame} + {compact ? status.charAt(0) : label} + + ); +} diff --git a/frontend/src/pages/FindingDetailPage.tsx b/frontend/src/pages/FindingDetailPage.tsx index e285dfd3..bc8a3a50 100644 --- a/frontend/src/pages/FindingDetailPage.tsx +++ b/frontend/src/pages/FindingDetailPage.tsx @@ -8,6 +8,7 @@ import { escapeHtml, highlightSyntax } from '../utils/syntaxHighlight'; import { parseNoteText } from '../utils/parseNote'; import { findingToMarkdown } from '../utils/findingMarkdown'; import { CopyMarkdownButton } from '../components/CopyMarkdownButton'; +import { VerdictBadge } from '../components/VerdictBadge'; import { Dropdown, DropdownItem } from '../components/ui/Dropdown'; import { CodeViewerModal } from '../modals/CodeViewerModal'; import type { @@ -16,6 +17,7 @@ import type { FlowStep, SpanEvidence, RelatedFindingView, + VerifyResult, } from '../api/types'; // ── Helpers ───────────────────────────────────────────────────────────────── @@ -701,6 +703,97 @@ function HowToFix({ finding }: { finding: FindingView }) { ); } +// ── Dynamic Verification Panel ────────────────────────────────────────────── + +function DynamicVerdictSection({ verdict }: { verdict: VerifyResult }) { + const [copied, setCopied] = useState(false); + const reproPath = `~/.cache/nyx/dynamic/repro/${verdict.finding_id}/`; + const reproCmd = './reproduce.sh'; + + const copyCmd = () => { + navigator.clipboard.writeText(reproCmd).then(() => { + setCopied(true); + setTimeout(() => setCopied(false), 2000); + }); + }; + + return ( +
+
+ + {verdict.toolchain_match && ( + + {verdict.toolchain_match === 'exact' ? 'exact toolchain' : 'approximate toolchain'} + + )} +
+ + {verdict.status === 'Confirmed' && ( +
+
+ Repro artifact: + {reproPath} +
+
+ {reproCmd} + +
+
+ )} + + {(verdict.reason || verdict.inconclusive_reason || verdict.detail) && ( +
+ {verdict.reason && ( +
+ Reason: {verdict.reason} +
+ )} + {verdict.inconclusive_reason && ( +
+ Inconclusive reason: {verdict.inconclusive_reason} +
+ )} + {verdict.detail && ( +
{verdict.detail}
+ )} +
+ )} + + {verdict.attempts.length > 0 && ( +
+ Payload attempts: +
    + {verdict.attempts.map((a, i) => ( +
  • + {a.payload_label} + + {a.triggered + ? 'triggered' + : a.timed_out + ? 'timeout' + : 'no hit'} + + {a.exit_code != null && ( + exit {a.exit_code} + )} +
    • + ))} +
+
+ )} +
+ ); +} + // ── Status Control ────────────────────────────────────────────────────────── function StatusControl({ @@ -1017,6 +1110,13 @@ export function FindingDetailPage() { )} + {/* Dynamic Verification */} + {evidence?.dynamic_verdict && ( + + + + )} + {/* Code Preview */} {hasCode && ( diff --git a/frontend/src/pages/FindingsPage.tsx b/frontend/src/pages/FindingsPage.tsx index 5f9eee96..f672198c 100644 --- a/frontend/src/pages/FindingsPage.tsx +++ b/frontend/src/pages/FindingsPage.tsx @@ -17,6 +17,7 @@ import { Dropdown, DropdownItem } from '../components/ui/Dropdown'; import { LoadingState } from '../components/ui/LoadingState'; import { ErrorState } from '../components/ui/ErrorState'; import { CopyMarkdownButton } from '../components/CopyMarkdownButton'; +import { VerdictBadge } from '../components/VerdictBadge'; import { truncPath } from '../utils/truncPath'; import { findingsToMarkdown } from '../utils/findingMarkdown'; import { ApiError } from '../api/client'; @@ -711,6 +712,7 @@ export function FindingsPage() { currentDir={state.sort_dir} onSort={handleSort} /> + Verified @@ -760,6 +762,12 @@ export function FindingsPage() { {formatTriageState(f.triage_state || f.status)} + + + ))} diff --git a/frontend/src/test/components/verdictBadge.test.tsx b/frontend/src/test/components/verdictBadge.test.tsx new file mode 100644 index 00000000..1380bd12 --- /dev/null +++ b/frontend/src/test/components/verdictBadge.test.tsx @@ -0,0 +1,110 @@ +import { describe, it, expect } from 'vitest'; +import { render, screen } from '@testing-library/react'; +import { VerdictBadge } from '@/components/VerdictBadge'; +import type { VerifyResult } from '@/api/types'; + +function makeVerdict( + status: VerifyResult['status'], + extras: Partial = {}, +): VerifyResult { + return { + finding_id: 'test-finding-id', + status, + attempts: [], + ...extras, + }; +} + +describe('VerdictBadge', () => { + it('renders dash when verdict is undefined', () => { + render(); + expect(screen.getByText('-')).toBeInTheDocument(); + }); + + it('renders Confirmed badge with flame and correct class', () => { + render( + , + ); + const badge = screen.getByTestId('verdict-badge-confirmed'); + expect(badge).toBeInTheDocument(); + expect(badge.className).toContain('badge-dyn-confirmed'); + expect(badge.textContent).toContain('🔥'); + }); + + it('renders NotConfirmed badge with correct class', () => { + render(); + const badge = screen.getByTestId('verdict-badge-notconfirmed'); + expect(badge).toBeInTheDocument(); + expect(badge.className).toContain('badge-dyn-notconfirmed'); + expect(badge.textContent).not.toContain('🔥'); + }); + + it('renders Unsupported badge with correct class', () => { + render( + , + ); + const badge = screen.getByTestId('verdict-badge-unsupported'); + expect(badge).toBeInTheDocument(); + expect(badge.className).toContain('badge-dyn-unsupported'); + }); + + it('renders Inconclusive badge with amber class', () => { + render( + , + ); + const badge = screen.getByTestId('verdict-badge-inconclusive'); + expect(badge).toBeInTheDocument(); + expect(badge.className).toContain('badge-dyn-inconclusive'); + }); + + it('tooltip contains payload for Confirmed', () => { + render( + , + ); + const badge = screen.getByTestId('verdict-badge-confirmed'); + expect(badge.getAttribute('title')).toContain('sqli-payload'); + }); + + it('tooltip contains reason for Unsupported', () => { + render( + , + ); + const badge = screen.getByTestId('verdict-badge-unsupported'); + expect(badge.getAttribute('title')).toContain('ConfidenceTooLow'); + }); + + it('compact mode renders single character', () => { + render(); + const badge = screen.getByTestId('verdict-badge-confirmed'); + // Compact: first char of status + flame emoji + expect(badge.textContent?.replace('🔥 ', '')).toBe('C'); + }); + + it('renders all four VerifyStatus variants without crashing', () => { + const statuses: VerifyResult['status'][] = [ + 'Confirmed', + 'NotConfirmed', + 'Unsupported', + 'Inconclusive', + ]; + for (const status of statuses) { + const { unmount } = render(); + expect( + screen.getByTestId(`verdict-badge-${status.toLowerCase()}`), + ).toBeInTheDocument(); + unmount(); + } + }); +}); diff --git a/fuzz/dynamic_corpus/Cargo.lock b/fuzz/dynamic_corpus/Cargo.lock new file mode 100644 index 00000000..289b5c50 --- /dev/null +++ b/fuzz/dynamic_corpus/Cargo.lock @@ -0,0 +1,2352 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "adler2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa" + +[[package]] +name = "aho-corasick" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301" +dependencies = [ + "memchr", +] + +[[package]] +name = "android_system_properties" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311" +dependencies = [ + "libc", +] + +[[package]] +name = "anstream" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "824a212faf96e9acacdbd09febd34438f8f711fb84e09a8916013cd7815ca28d" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "940b3a0ca603d1eade50a4846a2afffd5ef57a9feac2c0e2ec2e14f9ead76000" + +[[package]] +name = "anstyle-parse" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52ce7f38b242319f7cabaa6813055467063ecdc9d355bbb4ce0c68908cd8130e" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40c48f72fd53cd289104fc64099abca73db4166ad86ea0b4341abe65af83dadc" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "291e6a250ff86cd4a820112fb8898808a366d8f9f58ce16d1f538353ad55747d" +dependencies = [ + "anstyle", + "once_cell_polyfill", + "windows-sys", +] + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "arrayref" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76a2e8124351fda1ef8aaaa3bbd7ebbcb486bbcd4225aca0aa0d84bb2db8fecb" + +[[package]] +name = "arrayvec" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50" + +[[package]] +name = "async-compression" +version = "0.4.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e79b3f8a79cccc2898f31920fc69f304859b3bd567490f75ebf51ae1c792a9ac" +dependencies = [ + "compression-codecs", + "compression-core", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "atomic-waker" +version = "1.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "axum" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31b698c5f9a010f6573133b09e0de5408834d0c82f8d7475a89fc1867a71cd90" +dependencies = [ + "axum-core", + "bytes", + "form_urlencoded", + "futures-util", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-util", + "itoa", + "matchit", + "memchr", + "mime", + "percent-encoding", + "pin-project-lite", + "serde_core", + "serde_json", + "serde_path_to_error", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tower", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "axum-core" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08c78f31d7b1291f7ee735c1c6780ccde7785daae9a9206026862dab7d8792d1" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "mime", + "pin-project-lite", + "sync_wrapper", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "bitflags" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" + +[[package]] +name = "blake3" +version = "1.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0aa83c34e62843d924f905e0f5c866eb1dd6545fc4d719e803d9ba6030371fce" +dependencies = [ + "arrayref", + "arrayvec", + "cc", + "cfg-if", + "constant_time_eq", + "cpufeatures", +] + +[[package]] +name = "bstr" +version = "1.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63044e1ae8e69f3b5a92c736ca6269b8d12fa7efe39bf34ddb06d102cf0e2cab" +dependencies = [ + "memchr", + "serde", +] + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "bytes" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33" + +[[package]] +name = "bytesize" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bd91ee7b2422bcb158d90ef4d14f75ef67f340943fc4149891dcce8f8b972a3" + +[[package]] +name = "cc" +version = "1.2.62" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1dce859f0832a7d088c4f1119888ab94ef4b5d6795d1ce05afb7fe159d79f98" +dependencies = [ + "find-msvc-tools", + "shlex", +] + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "chacha20" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" +dependencies = [ + "cfg-if", + "cpufeatures", + "rand_core", +] + +[[package]] +name = "chrono" +version = "0.4.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c673075a2e0e5f4a1dde27ce9dee1ea4558c7ffe648f576438a20ca1d2acc4b0" +dependencies = [ + "iana-time-zone", + "num-traits", + "serde", + "windows-link", +] + +[[package]] +name = "clap" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ddb117e43bbf7dacf0a4190fef4d345b9bad68dfc649cb349e7d17d28428e51" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "714a53001bf66416adb0e2ef5ac857140e7dc3a0c48fb28b2f10762fc4b5069f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2ce8604710f6733aa641a2b3731eaa1e8b3d9973d5e3565da11800813f997a9" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "clap_lex" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8d4a3bb8b1e0c1050499d1815f5ab16d04f0959b233085fb31653fbfc9d98f9" + +[[package]] +name = "colorchoice" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d07550c9036bf2ae0c684c4297d503f838287c83c53686d05370d0e139ae570" + +[[package]] +name = "compression-codecs" +version = "0.4.38" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce2548391e9c1929c21bf6aa2680af86fe4c1b33e6cea9ac1cfeec0bd11218cf" +dependencies = [ + "compression-core", + "flate2", + "memchr", +] + +[[package]] +name = "compression-core" +version = "0.4.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cc14f565cf027a105f7a44ccf9e5b424348421a1d8952a8fc9d499d313107789" + +[[package]] +name = "console" +version = "0.16.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d64e8af5551369d19cf50138de61f1c42074ab970f74e99be916646777f8fc87" +dependencies = [ + "encode_unicode", + "libc", + "unicode-width", + "windows-sys", +] + +[[package]] +name = "constant_time_eq" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d52eff69cd5e647efe296129160853a42795992097e8af39800e1060caeea9b" + +[[package]] +name = "core-foundation-sys" +version = "0.8.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" + +[[package]] +name = "cpufeatures" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" +dependencies = [ + "libc", +] + +[[package]] +name = "crc32fast" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "crossbeam-channel" +version = "0.5.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9dd111b7b7f7d55b72c0a6ae361660ee5853c9af73f70c3c2ef6858b950e2e51" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" + +[[package]] +name = "dashmap" +version = "6.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf" +dependencies = [ + "cfg-if", + "crossbeam-utils", + "hashbrown 0.14.5", + "lock_api", + "once_cell", + "parking_lot_core", +] + +[[package]] +name = "deranged" +version = "0.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c" +dependencies = [ + "powerfmt", +] + +[[package]] +name = "directories" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "16f5094c54661b38d03bd7e50df373292118db60b585c08a411c6d840017fe7d" +dependencies = [ + "dirs-sys", +] + +[[package]] +name = "dirs-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab" +dependencies = [ + "libc", + "option-ext", + "redox_users", + "windows-sys", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "encode_unicode" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0" + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "errno" +version = "0.3.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "fallible-iterator" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2acce4a10f12dc2fb14a218589d4f1f62ef011b2d0cc4b3cb1bba8e94da14649" + +[[package]] +name = "fallible-streaming-iterator" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7360491ce676a36bf9bb3c56c1aa791658183a54d2744120f27285738d90465a" + +[[package]] +name = "fastrand" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" + +[[package]] +name = "find-msvc-tools" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" + +[[package]] +name = "fixedbitset" +version = "0.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" + +[[package]] +name = "flate2" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c" +dependencies = [ + "crc32fast", + "miniz_oxide", +] + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "foldhash" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb" + +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + +[[package]] +name = "futures-channel" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d" + +[[package]] +name = "futures-sink" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893" + +[[package]] +name = "futures-task" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393" + +[[package]] +name = "futures-util" +version = "0.3.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "slab", +] + +[[package]] +name = "getrandom" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "rand_core", + "wasip2", + "wasip3", +] + +[[package]] +name = "globset" +version = "0.4.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "52dfc19153a48bde0cbd630453615c8151bce3a5adfac7a0aebfbf0a1e1f57e3" +dependencies = [ + "aho-corasick", + "bstr", + "log", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "hashbrown" +version = "0.14.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "foldhash 0.1.5", +] + +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" +dependencies = [ + "foldhash 0.2.0", +] + +[[package]] +name = "hashbrown" +version = "0.17.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed5909b6e89a2db4456e54cd5f673791d7eca6732202bbf2a9cc504fe2f9b84a" + +[[package]] +name = "hashlink" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea0b22561a9c04a7cb1a302c013e0259cd3b4bb619f145b32f72b8b4bcbed230" +dependencies = [ + "hashbrown 0.16.1", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hermit-abi" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c" + +[[package]] +name = "http" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a" +dependencies = [ + "bytes", + "itoa", +] + +[[package]] +name = "http-body" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184" +dependencies = [ + "bytes", + "http", +] + +[[package]] +name = "http-body-util" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a" +dependencies = [ + "bytes", + "futures-core", + "http", + "http-body", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + +[[package]] +name = "hyper" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca" +dependencies = [ + "atomic-waker", + "bytes", + "futures-channel", + "futures-core", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "smallvec", + "tokio", +] + +[[package]] +name = "hyper-util" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" +dependencies = [ + "bytes", + "http", + "http-body", + "hyper", + "pin-project-lite", + "tokio", + "tower-service", +] + +[[package]] +name = "iana-time-zone" +version = "0.1.65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e31bc9ad994ba00e440a8aa5c9ef0ec67d5cb5e5cb0cc7f8b744a35b389cc470" +dependencies = [ + "android_system_properties", + "core-foundation-sys", + "iana-time-zone-haiku", + "js-sys", + "log", + "wasm-bindgen", + "windows-core", +] + +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f" +dependencies = [ + "cc", +] + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "ignore" +version = "0.4.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3d782a365a015e0f5c04902246139249abf769125006fbe7649e2ee88169b4a" +dependencies = [ + "crossbeam-deque", + "globset", + "log", + "memchr", + "regex-automata", + "same-file", + "walkdir", + "winapi-util", +] + +[[package]] +name = "indexmap" +version = "2.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" +dependencies = [ + "equivalent", + "hashbrown 0.17.1", + "serde", + "serde_core", +] + +[[package]] +name = "indicatif" +version = "0.18.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25470f23803092da7d239834776d653104d551bc4d7eacaf31e6837854b8e9eb" +dependencies = [ + "console", + "portable-atomic", + "unicode-width", + "unit-prefix", + "web-time", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a6cb138bb79a146c1bd460005623e142ef0181e3d0219cb493e02f7d08a35695" + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "js-sys" +version = "0.3.98" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67df7112613f8bfd9150013a0314e196f4800d3201ae742489d999db2f979f08" +dependencies = [ + "cfg-if", + "futures-util", + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.186" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" + +[[package]] +name = "libredox" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e02f3bb43d335493c96bf3fd3a321600bf6bd07ed34bc64118e9293bdffea46c" +dependencies = [ + "libc", +] + +[[package]] +name = "libsqlite3-sys" +version = "0.37.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1f111c8c41e7c61a49cd34e44c7619462967221a6443b0ec299e0ac30cfb9b1" +dependencies = [ + "cc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "linux-raw-sys" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53" + +[[package]] +name = "lock_api" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965" +dependencies = [ + "scopeguard", +] + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "matchers" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d1525a2a28c7f4fa0fc98bb91ae755d1e2d1505079e05539e35bc876b5d65ae9" +dependencies = [ + "regex-automata", +] + +[[package]] +name = "matchit" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47e1ffaa40ddd1f3ed91f717a33c8c0ee23fff369e3aa8772b9605cc1d22f4c3" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + +[[package]] +name = "miniz_oxide" +version = "0.8.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316" +dependencies = [ + "adler2", + "simd-adler32", +] + +[[package]] +name = "mio" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1" +dependencies = [ + "libc", + "wasi", + "windows-sys", +] + +[[package]] +name = "nu-ansi-term" +version = "0.50.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "num-conv" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967" + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "num_cpus" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91df4bbde75afed763b708b7eee1e8e7651e02d97f6d5dd763e89367e957b23b" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "nyx-dynamic-corpus" +version = "0.1.0" +dependencies = [ + "nyx-scanner", + "serde_json", +] + +[[package]] +name = "nyx-scanner" +version = "0.7.0" +dependencies = [ + "axum", + "bitflags", + "blake3", + "bytesize", + "chrono", + "clap", + "console", + "crossbeam-channel", + "dashmap", + "directories", + "ignore", + "indicatif", + "num_cpus", + "once_cell", + "parking_lot", + "petgraph", + "phf", + "r2d2", + "r2d2_sqlite", + "rayon", + "rmp-serde", + "rusqlite", + "rustc-hash", + "serde", + "serde_json", + "smallvec", + "terminal_size", + "thiserror", + "tokio", + "tokio-stream", + "toml", + "tower-http", + "tracing", + "tracing-subscriber", + "tree-sitter", + "tree-sitter-c", + "tree-sitter-cpp", + "tree-sitter-go", + "tree-sitter-java", + "tree-sitter-javascript", + "tree-sitter-php", + "tree-sitter-python", + "tree-sitter-ruby", + "tree-sitter-rust", + "tree-sitter-typescript", + "uuid", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "once_cell_polyfill" +version = "1.70.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" + +[[package]] +name = "option-ext" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d" + +[[package]] +name = "parking_lot" +version = "0.12.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a" +dependencies = [ + "lock_api", + "parking_lot_core", +] + +[[package]] +name = "parking_lot_core" +version = "0.9.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "smallvec", + "windows-link", +] + +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + +[[package]] +name = "petgraph" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8701b58ea97060d5e5b155d383a69952a60943f0e6dfe30b04c287beb0b27455" +dependencies = [ + "fixedbitset", + "hashbrown 0.15.5", + "indexmap", + "serde", + "serde_derive", +] + +[[package]] +name = "phf" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1562dc717473dbaa4c1f85a36410e03c047b2e7df7f45ee938fbef64ae7fadf" +dependencies = [ + "phf_macros", + "phf_shared", + "serde", +] + +[[package]] +name = "phf_generator" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "135ace3a761e564ec88c03a77317a7c6b80bb7f7135ef2544dbe054243b89737" +dependencies = [ + "fastrand", + "phf_shared", +] + +[[package]] +name = "phf_macros" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "812f032b54b1e759ccd5f8b6677695d5268c588701effba24601f6932f8269ef" +dependencies = [ + "phf_generator", + "phf_shared", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "phf_shared" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e57fef6bc5981e38c2ce2d63bfa546861309f875b8a75f092d1d54ae2d64f266" +dependencies = [ + "siphasher", +] + +[[package]] +name = "pin-project-lite" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd" + +[[package]] +name = "pkg-config" +version = "0.3.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" + +[[package]] +name = "portable-atomic" +version = "1.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49" + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "r2d2" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51de85fb3fb6524929c8a2eb85e6b6d363de4e8c48f9e2c2eac4944abc181c93" +dependencies = [ + "log", + "parking_lot", + "scheduled-thread-pool", +] + +[[package]] +name = "r2d2_sqlite" +version = "0.34.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9a289c0a3bf56505c470efa2366e76010f1d892e2492a2f96b223386d63b7e2" +dependencies = [ + "r2d2", + "rusqlite", + "uuid", +] + +[[package]] +name = "rand" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207" +dependencies = [ + "chacha20", + "getrandom 0.4.2", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63b8176103e19a2643978565ca18b50549f6101881c443590420e4dc998a3c69" + +[[package]] +name = "rayon" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22e18b0f0062d30d4230b2e85ff77fdfe4326feb054b9783a3460d8435c8ab91" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "redox_syscall" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" +dependencies = [ + "bitflags", +] + +[[package]] +name = "redox_users" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4e608c6638b9c18977b00b475ac1f28d14e84b27d8d42f70e0bf1e3dec127ac" +dependencies = [ + "getrandom 0.2.17", + "libredox", + "thiserror", +] + +[[package]] +name = "regex" +version = "1.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" + +[[package]] +name = "rmp" +version = "0.8.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ba8be72d372b2c9b35542551678538b562e7cf86c3315773cae48dfbfe7790c" +dependencies = [ + "num-traits", +] + +[[package]] +name = "rmp-serde" +version = "1.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72f81bee8c8ef9b577d1681a70ebbc962c232461e397b22c208c43c04b67a155" +dependencies = [ + "rmp", + "serde", +] + +[[package]] +name = "rsqlite-vfs" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8a1f2315036ef6b1fbacd1972e8ee7688030b0a2121edfc2a6550febd41574d" +dependencies = [ + "hashbrown 0.16.1", + "thiserror", +] + +[[package]] +name = "rusqlite" +version = "0.39.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0d2b0146dd9661bf67bb107c0bb2a55064d556eeb3fc314151b957f313bcd4e" +dependencies = [ + "bitflags", + "fallible-iterator", + "fallible-streaming-iterator", + "hashlink", + "libsqlite3-sys", + "smallvec", + "sqlite-wasm-rs", +] + +[[package]] +name = "rustc-hash" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe" + +[[package]] +name = "rustix" +version = "1.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "scheduled-thread-pool" +version = "0.2.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3cbc66816425a074528352f5789333ecff06ca41b36b0b0efdfbb29edc391a19" +dependencies = [ + "parking_lot", +] + +[[package]] +name = "scopeguard" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "indexmap", + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "serde_path_to_error" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457" +dependencies = [ + "itoa", + "serde", + "serde_core", +] + +[[package]] +name = "serde_spanned" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6662b5879511e06e8999a8a235d848113e942c9124f211511b16466ee2995f26" +dependencies = [ + "serde_core", +] + +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sharded-slab" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signal-hook-registry" +version = "1.4.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b" +dependencies = [ + "errno", + "libc", +] + +[[package]] +name = "simd-adler32" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "703d5c7ef118737c72f1af64ad2f6f8c5e1921f818cdcb97b8fe6fc69bf66214" + +[[package]] +name = "siphasher" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ee5873ec9cce0195efcb7a4e9507a04cd49aec9c83d0389df45b1ef7ba2e649" + +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + +[[package]] +name = "smallvec" +version = "1.15.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" +dependencies = [ + "serde", +] + +[[package]] +name = "socket2" +version = "0.6.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "sqlite-wasm-rs" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b2c760607300407ddeaee518acf28c795661b7108c75421303dbefb237d3a36" +dependencies = [ + "cc", + "js-sys", + "rsqlite-vfs", + "wasm-bindgen", +] + +[[package]] +name = "streaming-iterator" +version = "0.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2b2231b7c3057d5e4ad0156fb3dc807d900806020c5ffa3ee6ff2c8c76fb8520" + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" + +[[package]] +name = "terminal_size" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "230a1b821ccbd75b185820a1f1ff7b14d21da1e442e22c0863ea5f08771a8874" +dependencies = [ + "rustix", + "windows-sys", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thread_local" +version = "1.1.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f60246a4944f24f6e018aa17cdeffb7818b76356965d03b07d6a9886e8962185" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "time" +version = "0.3.47" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" +dependencies = [ + "deranged", + "itoa", + "num-conv", + "powerfmt", + "serde_core", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" + +[[package]] +name = "time-macros" +version = "0.2.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215" +dependencies = [ + "num-conv", + "time-core", +] + +[[package]] +name = "tokio" +version = "1.52.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fc7f01b389ac15039e4dc9531aa973a135d7a4135281b12d7c1bc79fd57fffe" +dependencies = [ + "libc", + "mio", + "pin-project-lite", + "signal-hook-registry", + "socket2", + "tokio-macros", + "windows-sys", +] + +[[package]] +name = "tokio-macros" +version = "2.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tokio-stream" +version = "0.1.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32da49809aab5c3bc678af03902d4ccddea2a87d028d86392a4b1560c6906c70" +dependencies = [ + "futures-core", + "pin-project-lite", + "tokio", + "tokio-util", +] + +[[package]] +name = "tokio-util" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", +] + +[[package]] +name = "toml" +version = "1.1.2+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81f3d15e84cbcd896376e6730314d59fb5a87f31e4b038454184435cd57defee" +dependencies = [ + "indexmap", + "serde_core", + "serde_spanned", + "toml_datetime", + "toml_parser", + "toml_writer", + "winnow", +] + +[[package]] +name = "toml_datetime" +version = "1.1.1+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3165f65f62e28e0115a00b2ebdd37eb6f3b641855f9d636d3cd4103767159ad7" +dependencies = [ + "serde_core", +] + +[[package]] +name = "toml_parser" +version = "1.1.2+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526" +dependencies = [ + "winnow", +] + +[[package]] +name = "toml_writer" +version = "1.1.1+spec-1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "756daf9b1013ebe47a8776667b466417e2d4c5679d441c26230efd9ef78692db" + +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-http" +version = "0.6.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68d6fdd9f81c2819c9a8b0e0cd91660e7746a8e6ea2ba7c6b2b057985f6bcb51" +dependencies = [ + "async-compression", + "bitflags", + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "pin-project-lite", + "tokio", + "tokio-util", + "tower-layer", + "tower-service", + "tracing", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + +[[package]] +name = "tracing" +version = "0.1.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100" +dependencies = [ + "log", + "pin-project-lite", + "tracing-attributes", + "tracing-core", +] + +[[package]] +name = "tracing-attributes" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "tracing-core" +version = "0.1.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a" +dependencies = [ + "once_cell", + "valuable", +] + +[[package]] +name = "tracing-log" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3" +dependencies = [ + "log", + "once_cell", + "tracing-core", +] + +[[package]] +name = "tracing-serde" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "704b1aeb7be0d0a84fc9828cae51dab5970fee5088f83d1dd7ee6f6246fc6ff1" +dependencies = [ + "serde", + "tracing-core", +] + +[[package]] +name = "tracing-subscriber" +version = "0.3.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb7f578e5945fb242538965c2d0b04418d38ec25c79d160cd279bf0731c8d319" +dependencies = [ + "matchers", + "nu-ansi-term", + "once_cell", + "regex-automata", + "serde", + "serde_json", + "sharded-slab", + "smallvec", + "thread_local", + "time", + "tracing", + "tracing-core", + "tracing-log", + "tracing-serde", +] + +[[package]] +name = "tree-sitter" +version = "0.26.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "887bd495d0582c5e3e0d8ece2233666169fa56a9644d172fc22ad179ab2d0538" +dependencies = [ + "cc", + "regex", + "regex-syntax", + "serde_json", + "streaming-iterator", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-c" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a9b2eb57a55fed6b00812912e730b7a275cf4fe98bfd6a5d76263d4438371728" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-cpp" +version = "0.23.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df2196ea9d47b4ab4a31b9297eaa5a5d19a0b121dceb9f118f6790ad0ab94743" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-go" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c8560a4d2f835cc0d4d2c2e03cbd0dde2f6114b43bc491164238d333e28b16ea" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-java" +version = "0.23.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0aa6cbcdc8c679b214e616fd3300da67da0e492e066df01bcf5a5921a71e90d6" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-javascript" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68204f2abc0627a90bdf06e605f5c470aa26fdcb2081ea553a04bdad756693f5" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-language" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "009994f150cc0cd50ff54917d5bc8bffe8cad10ca10d81c34da2ec421ae61782" + +[[package]] +name = "tree-sitter-php" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d8c17c3ab69052c5eeaa7ff5cd972dd1bc25d1b97ee779fec391ad3b5df5592" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-python" +version = "0.25.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bf85fd39652e740bf60f46f4cda9492c3a9ad75880575bf14960f775cb74a1c" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-ruby" +version = "0.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be0484ea4ef6bb9c575b4fdabde7e31340a8d2dbc7d52b321ac83da703249f95" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-rust" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439e577dbe07423ec2582ac62c7531120dbfccfa6e5f92406f93dd271a120e45" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "tree-sitter-typescript" +version = "0.23.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c5f76ed8d947a75cc446d5fccd8b602ebf0cde64ccf2ffa434d873d7a575eff" +dependencies = [ + "cc", + "tree-sitter-language", +] + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-width" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b4ac048d71ede7ee76d585517add45da530660ef4390e49b098733c6e897f254" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "unit-prefix" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81e544489bf3d8ef66c953931f56617f423cd4b5494be343d9b9d3dda037b9a3" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "uuid" +version = "1.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76" +dependencies = [ + "getrandom 0.4.2", + "js-sys", + "rand", + "wasm-bindgen", +] + +[[package]] +name = "valuable" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba73ea9cf16a25df0c8caa16c51acb937d5712a8429db78a3ee29d5dcacd3a65" + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasip2" +version = "1.0.3+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" +dependencies = [ + "wit-bindgen 0.57.1", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen 0.51.0", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.121" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49ace1d07c165b0864824eee619580c4689389afa9dc9ed3a4c75040d82e6790" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.121" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e68e6f4afd367a562002c05637acb8578ff2dea1943df76afb9e83d177c8578" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.121" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d95a9ec35c64b2a7cb35d3fead40c4238d0940c86d107136999567a4703259f2" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.121" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4e0100b01e9f0d03189a92b96772a1fb998639d981193d7dbab487302513441" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap", + "semver", +] + +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "winapi-util" +version = "0.1.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "windows-core" +version = "0.62.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" +dependencies = [ + "windows-implement", + "windows-interface", + "windows-link", + "windows-result", + "windows-strings", +] + +[[package]] +name = "windows-implement" +version = "0.60.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-interface" +version = "0.59.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + +[[package]] +name = "windows-result" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-strings" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" +dependencies = [ + "windows-link", +] + +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + +[[package]] +name = "winnow" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ee1708bef14716a11bae175f579062d4554d95be2c6829f518df847b7b3fdd0" + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/fuzz/dynamic_corpus/src/main.rs b/fuzz/dynamic_corpus/src/main.rs index 58bc571a..27eee9ef 100644 --- a/fuzz/dynamic_corpus/src/main.rs +++ b/fuzz/dynamic_corpus/src/main.rs @@ -25,7 +25,6 @@ use nyx_scanner::dynamic::corpus::{ }; use nyx_scanner::labels::Cap; use std::collections::HashSet; -use std::io::{Read, Write}; use std::path::{Path, PathBuf}; use std::time::SystemTime; diff --git a/scripts/corpus_dashboard.py b/scripts/corpus_dashboard.py index c6d0e8e9..fbd5827a 100755 --- a/scripts/corpus_dashboard.py +++ b/scripts/corpus_dashboard.py @@ -16,7 +16,6 @@ Usage: import argparse import json import os -import re import sys from dataclasses import dataclass, field from pathlib import Path diff --git a/src/dynamic/oob.rs b/src/dynamic/oob.rs index 2a436237..b8ce1a4d 100644 --- a/src/dynamic/oob.rs +++ b/src/dynamic/oob.rs @@ -80,6 +80,24 @@ impl OobListener { .map(|h| h.contains(nonce)) .unwrap_or(false) } + + /// Polls until `nonce` is recorded or `timeout` elapses. + /// + /// Returns immediately on hit; polls every 5 ms otherwise. + /// Prefer this over a fixed sleep + `was_nonce_hit` at call sites. + pub fn wait_for_nonce(&self, nonce: &str, timeout: Duration) -> bool { + let deadline = std::time::Instant::now() + timeout; + loop { + if self.was_nonce_hit(nonce) { + return true; + } + let remaining = deadline.saturating_duration_since(std::time::Instant::now()); + if remaining.is_zero() { + return false; + } + std::thread::sleep(remaining.min(Duration::from_millis(5))); + } + } } impl Drop for OobListener { diff --git a/src/dynamic/runner.rs b/src/dynamic/runner.rs index afc7544d..e0e32ee0 100644 --- a/src/dynamic/runner.rs +++ b/src/dynamic/runner.rs @@ -8,7 +8,7 @@ use crate::dynamic::build_sandbox; use crate::dynamic::corpus::{benign_payload_for, materialise_bytes, payloads_for, Oracle, Payload}; use crate::dynamic::harness::{self, HarnessError}; -use crate::dynamic::sandbox::{self, SandboxError, SandboxOptions, SandboxOutcome}; +use crate::dynamic::sandbox::{self, SandboxBackend, SandboxError, SandboxOptions, SandboxOutcome}; use crate::dynamic::spec::HarnessSpec; use crate::symbol::Lang; @@ -214,7 +214,11 @@ pub fn run_spec(spec: &HarnessSpec, opts: &SandboxOptions) -> Result Result Result bool { + match opts.backend { + SandboxBackend::Docker => true, + SandboxBackend::Auto => sandbox::docker_available(), + SandboxBackend::Process => false, + } +} + fn oracle_fired(oracle: &Oracle, outcome: &SandboxOutcome) -> bool { match oracle { Oracle::OutputContains(needle) => { diff --git a/src/fmt.rs b/src/fmt.rs index 7ff091a9..621812ac 100644 --- a/src/fmt.rs +++ b/src/fmt.rs @@ -424,6 +424,14 @@ fn render_diag(d: &Diag, width: usize) -> String { )); } + // ── Dynamic verification annotation ────────────────────────────── + if let Some(ev) = d.evidence.as_ref() { + if let Some(ref dv) = ev.dynamic_verdict { + let annotation = format_dynamic_verdict_annotation(dv); + out.push_str(&format!("{indent_str}{}\n", style(&annotation).dim())); + } + } + out } @@ -453,6 +461,67 @@ fn state_remediation_hint(rule_id: &str) -> Option<&'static str> { } } +/// Format a dynamic verification annotation line. +/// +/// Spec §5.4: `[DYN: confirmed via {payload}]` / `[DYN: not confirmed]` / +/// `[DYN: unsupported ({reason})]` / `[DYN: inconclusive ({reason})]` +fn format_dynamic_verdict_annotation(dv: &crate::evidence::VerifyResult) -> String { + use crate::evidence::VerifyStatus; + match dv.status { + VerifyStatus::Confirmed => { + let pid = dv.triggered_payload.as_deref().unwrap_or("unknown"); + format!("[DYN: confirmed via {pid}]") + } + VerifyStatus::NotConfirmed => "[DYN: not confirmed]".to_string(), + VerifyStatus::Unsupported => { + let reason = dv + .reason + .as_ref() + .map(format_unsupported_reason) + .unwrap_or_else(|| "unknown".to_string()); + format!("[DYN: unsupported ({reason})]") + } + VerifyStatus::Inconclusive => { + let reason = dv + .inconclusive_reason + .map(format_inconclusive_reason) + .unwrap_or_else(|| { + dv.detail + .as_deref() + .map(|d| d.chars().take(40).collect()) + .unwrap_or_else(|| "unknown".to_string()) + }); + format!("[DYN: inconclusive ({reason})]") + } + } +} + +fn format_unsupported_reason(r: &crate::evidence::UnsupportedReason) -> String { + use crate::evidence::UnsupportedReason; + match r { + UnsupportedReason::BackendUnavailable => "backend unavailable".to_string(), + UnsupportedReason::EntryKindUnsupported => "entry kind not supported".to_string(), + UnsupportedReason::ConfidenceTooLow => "confidence too low".to_string(), + UnsupportedReason::NoFlowSteps => "no flow steps".to_string(), + UnsupportedReason::NoPayloadsForCap => "no payloads for cap".to_string(), + UnsupportedReason::SpecDerivationFailed => "spec derivation failed".to_string(), + UnsupportedReason::RequiredFileRedactedForSecrets(_) => { + "file redacted for secrets".to_string() + } + UnsupportedReason::LangUnsupported => "language not supported".to_string(), + } +} + +fn format_inconclusive_reason(r: crate::evidence::InconclusiveReason) -> String { + use crate::evidence::InconclusiveReason; + match r { + InconclusiveReason::OracleCollisionSuspected => "oracle collision".to_string(), + InconclusiveReason::NonReproducible => "non-reproducible".to_string(), + InconclusiveReason::BuildFailed => "build failed".to_string(), + InconclusiveReason::SandboxError => "sandbox error".to_string(), + } +} + /// Colored severity tag with icon. The tag is the visual anchor of each finding. /// /// - HIGH: bold red diff --git a/src/output.rs b/src/output.rs index fba5c2d0..f252763b 100644 --- a/src/output.rs +++ b/src/output.rs @@ -282,6 +282,21 @@ pub fn build_sarif(diags: &[Diag], scan_root: &Path) -> Value { } } + // Dynamic verification vendor extension (§5.4). + // `partialFingerprints.dynamic_verdict_status` is a stable string + // consumers can key on without parsing the full verdict object. + // `properties.nyx_dynamic_verdict` carries the full VerifyResult. + if let Some(dv) = d.evidence.as_ref().and_then(|ev| ev.dynamic_verdict.as_ref()) { + result["partialFingerprints"] = json!({ + "dynamic_verdict_status": serde_json::to_value(dv.status) + .unwrap_or(Value::Null) + }); + props.insert( + "nyx_dynamic_verdict".into(), + serde_json::to_value(dv).unwrap_or(Value::Null), + ); + } + // Add rollup data if present if let Some(ref rollup) = d.rollup { props.insert( diff --git a/src/rank.rs b/src/rank.rs index 7d9ab2f4..592da6af 100644 --- a/src/rank.rs +++ b/src/rank.rs @@ -90,6 +90,22 @@ pub fn compute_attack_rank(diag: &Diag) -> AttackRank { } } + // ── 7a. Dynamic verification delta ───────────────────────────── + // + // `Confirmed` findings are verified exploitable — boost rank so they + // surface above equivalent static-only findings. + // `NotConfirmed` findings where all available payloads were tried + // (corpus exhausted) receive a mild downward nudge. + // All other verdicts (Unsupported, Inconclusive, no verdict) are + // unaffected: no data is better than speculative data. + // + // TODO(M7): calibrate N (boost) and M (penalty) from telemetry + // collected here. Placeholder values: N=20, M=5. + if let Some(delta) = dynamic_verdict_delta(diag) { + score += delta; + components.push(("dynamic_verdict".into(), format!("{delta:+}"))); + } + // ── 7. Completeness penalty (engine provenance notes) ──────────── // // When the analysis engine hit a cap, widening, or lowering bail, @@ -204,6 +220,26 @@ pub fn rank_diags(diags: &mut [Diag]) { // Scoring helpers // ───────────────────────────────────────────────────────────────────────────── +/// Rank delta from the dynamic verification verdict. +/// +/// Returns `None` when there is no verdict (static-only scan) or the verdict +/// does not change the score (Unsupported, Inconclusive). +/// +/// TODO(M7): N=20 and M=5 are placeholders; calibrate from telemetry. +fn dynamic_verdict_delta(diag: &Diag) -> Option { + use crate::evidence::VerifyStatus; + let dv = diag.evidence.as_ref()?.dynamic_verdict.as_ref()?; + match dv.status { + VerifyStatus::Confirmed => Some(20.0), + // Apply penalty only when the corpus was actually exhausted (attempts + // were made); a NotConfirmed with zero attempts means something went + // wrong before payload execution, which is an Inconclusive path, not + // a meaningful negative signal. + VerifyStatus::NotConfirmed if !dv.attempts.is_empty() => Some(-5.0), + _ => None, + } +} + /// Bonus based on analysis kind inferred from rule ID + evidence. fn analysis_kind_bonus(rule_id: &str, evidence: Option<&Evidence>) -> f64 { if rule_id.starts_with("taint-data-exfiltration") { diff --git a/tests/console_snapshot.rs b/tests/console_snapshot.rs new file mode 100644 index 00000000..d67a6f94 --- /dev/null +++ b/tests/console_snapshot.rs @@ -0,0 +1,188 @@ +//! Snapshot-style tests for the `[DYN: ...]` annotation in console output. +//! +//! Each `VerifyStatus` variant must produce the correct dim annotation line +//! beneath the finding block when `evidence.dynamic_verdict` is set. + +use nyx_scanner::commands::scan::Diag; +use nyx_scanner::evidence::{ + AttemptSummary, Evidence, InconclusiveReason, UnsupportedReason, VerifyResult, VerifyStatus, +}; +use nyx_scanner::fmt::render_console; +use nyx_scanner::patterns::{FindingCategory, Severity}; + +// ── Helper ─────────────────────────────────────────────────────────────────── + +fn strip_ansi(s: &str) -> String { + let mut out = String::new(); + let mut in_escape = false; + for ch in s.chars() { + if ch == '\x1b' { + in_escape = true; + } else if in_escape { + if ch == 'm' { + in_escape = false; + } + } else { + out.push(ch); + } + } + out +} + +fn base_diag() -> Diag { + Diag { + path: "src/main.rs".into(), + line: 42, + col: 5, + severity: Severity::High, + id: "taint-unsanitised-flow".into(), + category: FindingCategory::Security, + path_validated: false, + guard_kind: None, + message: Some("unsanitised input flows to exec".into()), + labels: vec![], + confidence: None, + evidence: None, + rank_score: None, + rank_reason: None, + suppressed: false, + suppression: None, + rollup: None, + finding_id: String::new(), + alternative_finding_ids: Vec::new(), + stable_hash: 0, + } +} + +fn diag_with_verdict(status: VerifyStatus) -> Diag { + let verdict = match status { + VerifyStatus::Confirmed => VerifyResult { + finding_id: "abc123".into(), + status, + triggered_payload: Some("sqli-tautology".into()), + reason: None, + inconclusive_reason: None, + detail: None, + attempts: vec![AttemptSummary { + payload_label: "sqli-tautology".into(), + exit_code: Some(0), + timed_out: false, + triggered: true, + sink_hit: true, + }], + toolchain_match: Some("exact".into()), + }, + VerifyStatus::NotConfirmed => VerifyResult { + finding_id: "abc123".into(), + status, + triggered_payload: None, + reason: None, + inconclusive_reason: None, + detail: None, + attempts: vec![AttemptSummary { + payload_label: "sqli-tautology".into(), + exit_code: Some(0), + timed_out: false, + triggered: false, + sink_hit: false, + }], + toolchain_match: Some("exact".into()), + }, + VerifyStatus::Unsupported => VerifyResult { + finding_id: "abc123".into(), + status, + triggered_payload: None, + reason: Some(UnsupportedReason::NoPayloadsForCap), + inconclusive_reason: None, + detail: None, + attempts: vec![], + toolchain_match: None, + }, + VerifyStatus::Inconclusive => VerifyResult { + finding_id: "abc123".into(), + status, + triggered_payload: None, + reason: None, + inconclusive_reason: Some(InconclusiveReason::BuildFailed), + detail: Some("build failed after 3 attempts: linker error".into()), + attempts: vec![], + toolchain_match: None, + }, + }; + + let mut d = base_diag(); + d.evidence = Some(Evidence { + dynamic_verdict: Some(verdict), + ..Default::default() + }); + d +} + +// ── Tests ──────────────────────────────────────────────────────────────────── + +#[test] +fn console_confirmed_shows_payload_id() { + let diag = diag_with_verdict(VerifyStatus::Confirmed); + let output = render_console(&[diag], "proj", None); + let stripped = strip_ansi(&output); + assert!( + stripped.contains("[DYN: confirmed via sqli-tautology]"), + "expected DYN confirmed annotation, got:\n{stripped}" + ); +} + +#[test] +fn console_not_confirmed_shows_annotation() { + let diag = diag_with_verdict(VerifyStatus::NotConfirmed); + let output = render_console(&[diag], "proj", None); + let stripped = strip_ansi(&output); + assert!( + stripped.contains("[DYN: not confirmed]"), + "expected DYN not-confirmed annotation, got:\n{stripped}" + ); +} + +#[test] +fn console_unsupported_shows_reason() { + let diag = diag_with_verdict(VerifyStatus::Unsupported); + let output = render_console(&[diag], "proj", None); + let stripped = strip_ansi(&output); + assert!( + stripped.contains("[DYN: unsupported (no payloads for cap)]"), + "expected DYN unsupported annotation, got:\n{stripped}" + ); +} + +#[test] +fn console_inconclusive_shows_reason() { + let diag = diag_with_verdict(VerifyStatus::Inconclusive); + let output = render_console(&[diag], "proj", None); + let stripped = strip_ansi(&output); + assert!( + stripped.contains("[DYN: inconclusive (build failed)]"), + "expected DYN inconclusive annotation, got:\n{stripped}" + ); +} + +#[test] +fn console_no_annotation_when_no_dynamic_verdict() { + let diag = base_diag(); + let output = render_console(&[diag], "proj", None); + let stripped = strip_ansi(&output); + assert!( + !stripped.contains("[DYN:"), + "expected no DYN annotation when evidence is None:\n{stripped}" + ); +} + +#[test] +fn console_no_annotation_when_evidence_has_no_verdict() { + let mut diag = base_diag(); + diag.evidence = Some(Evidence::default()); + let output = render_console(&[diag], "proj", None); + let stripped = strip_ansi(&output); + assert!( + !stripped.contains("[DYN:"), + "expected no DYN annotation when dynamic_verdict is None:\n{stripped}" + ); +} diff --git a/tests/json_snapshot.rs b/tests/json_snapshot.rs new file mode 100644 index 00000000..d289fe87 --- /dev/null +++ b/tests/json_snapshot.rs @@ -0,0 +1,173 @@ +//! Snapshot-style tests for `evidence.dynamic_verdict` in JSON output. +//! +//! When `--verify` is active and produces a verdict, the serialized `Diag` +//! must carry `evidence.dynamic_verdict` with the correct status string and +//! all other fields. When no verdict is set the key must be absent (due to +//! `skip_serializing_if = "Option::is_none"`). + +use nyx_scanner::commands::scan::Diag; +use nyx_scanner::evidence::{ + AttemptSummary, Evidence, VerifyResult, VerifyStatus, +}; +use nyx_scanner::patterns::{FindingCategory, Severity}; + +fn base_diag() -> Diag { + Diag { + path: "src/main.rs".into(), + line: 10, + col: 5, + severity: Severity::High, + id: "taint-unsanitised-flow".into(), + category: FindingCategory::Security, + path_validated: false, + guard_kind: None, + message: None, + labels: vec![], + confidence: None, + evidence: None, + rank_score: None, + rank_reason: None, + suppressed: false, + suppression: None, + rollup: None, + finding_id: String::new(), + alternative_finding_ids: Vec::new(), + stable_hash: 0, + } +} + +// ── Tests ──────────────────────────────────────────────────────────────────── + +#[test] +fn json_dynamic_verdict_confirmed_serialises_correctly() { + let mut diag = base_diag(); + diag.evidence = Some(Evidence { + dynamic_verdict: Some(VerifyResult { + finding_id: "deadbeef01234567".into(), + status: VerifyStatus::Confirmed, + triggered_payload: Some("sqli-tautology".into()), + reason: None, + inconclusive_reason: None, + detail: None, + attempts: vec![AttemptSummary { + payload_label: "sqli-tautology".into(), + exit_code: Some(0), + timed_out: false, + triggered: true, + sink_hit: true, + }], + toolchain_match: Some("exact".into()), + }), + ..Default::default() + }); + + let json = serde_json::to_string(&diag).expect("serialisation must succeed"); + + assert!( + json.contains("\"dynamic_verdict\""), + "JSON must contain dynamic_verdict key: {json}" + ); + assert!( + json.contains("\"Confirmed\""), + "JSON must contain Confirmed status: {json}" + ); + assert!( + json.contains("\"sqli-tautology\""), + "JSON must contain triggered payload: {json}" + ); + assert!( + json.contains("\"finding_id\""), + "JSON must contain finding_id: {json}" + ); +} + +#[test] +fn json_dynamic_verdict_not_confirmed_serialises_correctly() { + let mut diag = base_diag(); + diag.evidence = Some(Evidence { + dynamic_verdict: Some(VerifyResult { + finding_id: "abcd1234abcd1234".into(), + status: VerifyStatus::NotConfirmed, + triggered_payload: None, + reason: None, + inconclusive_reason: None, + detail: None, + attempts: vec![], + toolchain_match: Some("exact".into()), + }), + ..Default::default() + }); + + let json = serde_json::to_string(&diag).expect("serialisation must succeed"); + + assert!( + json.contains("\"NotConfirmed\""), + "JSON must contain NotConfirmed status: {json}" + ); + // triggered_payload is None → must not appear (skip_serializing_if) + assert!( + !json.contains("\"triggered_payload\""), + "triggered_payload None must be omitted: {json}" + ); +} + +#[test] +fn json_no_dynamic_verdict_when_not_set() { + let mut diag = base_diag(); + diag.evidence = Some(Evidence::default()); + + let json = serde_json::to_string(&diag).expect("serialisation must succeed"); + + // dynamic_verdict is None → must not appear (skip_serializing_if) + assert!( + !json.contains("dynamic_verdict"), + "dynamic_verdict must be absent when not set: {json}" + ); +} + +#[test] +fn json_no_evidence_no_dynamic_verdict() { + let diag = base_diag(); + + let json = serde_json::to_string(&diag).expect("serialisation must succeed"); + + assert!( + !json.contains("evidence"), + "evidence must be absent when None: {json}" + ); + assert!( + !json.contains("dynamic_verdict"), + "dynamic_verdict must be absent when evidence is None: {json}" + ); +} + +#[test] +fn json_unsupported_verdict_has_reason() { + use nyx_scanner::evidence::UnsupportedReason; + + let mut diag = base_diag(); + diag.evidence = Some(Evidence { + dynamic_verdict: Some(VerifyResult { + finding_id: "0000000000000000".into(), + status: VerifyStatus::Unsupported, + triggered_payload: None, + reason: Some(UnsupportedReason::ConfidenceTooLow), + inconclusive_reason: None, + detail: None, + attempts: vec![], + toolchain_match: None, + }), + ..Default::default() + }); + + let json = serde_json::to_string(&diag).expect("serialisation must succeed"); + + assert!( + json.contains("\"Unsupported\""), + "JSON must contain Unsupported status: {json}" + ); + assert!( + json.contains("\"ConfidenceTooLow\""), + "JSON must contain typed reason: {json}" + ); +}