From d7b8833ec6107a790292bacfcd8b8ebbcf20c2bd Mon Sep 17 00:00:00 2001
From: elipeter <elicpeter@gmail.com>
Date: Tue, 17 Jun 2025 18:36:46 +0200
Subject: [PATCH] Switch `read_to_string` to `read` in `scan.rs` and simplify
 Python patterns

- Updated `scan.rs` to use `std::fs::read` for handling files as bytes instead of strings.
- Simplified Python patterns by removing redundant or low-priority vulnerability checks.
---
 src/commands/scan.rs   |  7 ++++---
 src/patterns/python.rs | 20 +-------------------
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/src/commands/scan.rs b/src/commands/scan.rs
index 03ec00b4..6b4a73bb 100644
--- a/src/commands/scan.rs
+++ b/src/commands/scan.rs
@@ -129,7 +129,8 @@ pub(crate) fn run_rules_on_file(
     path: &Path,
     cfg: &Config,
 ) -> Result<Vec<Diag>, Box<dyn std::error::Error>> {
-    let source = std::fs::read_to_string(path)?;
+    let bytes = std::fs::read(path)?;
+
     let mut parser = Parser::new();
 
     let lang_key = match path
@@ -153,7 +154,7 @@ pub(crate) fn run_rules_on_file(
     let (ts_lang, lang_name) = lang_key;
 
     parser.set_language(&ts_lang)?;
-    let tree = parser.parse(&source, None).ok_or("tree‑sitter failed")?;
+    let tree = parser.parse(&*bytes, None).ok_or("tree‑sitter failed")?;
     let root = tree.root_node();
 
     let compiled = query_cache::for_lang(lang_name, ts_lang);
@@ -164,7 +165,7 @@ pub(crate) fn run_rules_on_file(
         if cfg.scanner.min_severity > cq.meta.severity {
             continue;
         }
-        let mut matches = cursor.matches(&cq.query, root, source.as_bytes());
+        let mut matches = cursor.matches(&cq.query, root, &*bytes);
         while let Some(m) = matches.next() {
             for cap in m.captures.iter().filter(|c| c.index == 0) {
                 let point = cap.node.start_position();
diff --git a/src/patterns/python.rs b/src/patterns/python.rs
index cd605880..86b6ae29 100644
--- a/src/patterns/python.rs
+++ b/src/patterns/python.rs
@@ -13,28 +13,10 @@ pub const PATTERNS: &[Pattern] = &[
     query: "(call function: (identifier) @id (#eq? @id \"exec\")) @vuln",
     severity: Severity::High,
   },
-  Pattern {
-    id: "pickle_load",
-    description: "pickle.load / loads – unsafe deserialization",
-    query: "(call function: (attribute attribute: (identifier) @attr (#match? @attr \"load(s)?\") object: (identifier) @pkg (#eq? @pkg \"pickle\"))) @vuln",
-    severity: Severity::High,
-  },
   Pattern {
     id: "subprocess_shell_true",
     description: "subprocess.* with shell=True",
     query: "(call function: (attribute object: (identifier) @pkg (#eq? @pkg \"subprocess\")) arguments: (argument_list . (keyword_argument name: (identifier) @k (#eq? @k \"shell\")) (true) @val)) @vuln",
     severity: Severity::Medium,
-  },
-  Pattern {
-    id: "random_random",
-    description: "random.random() for security-sensitive randomness",
-    query: "(call function: (attribute attribute: (identifier) @attr (#eq? @attr \"random\") object: (identifier) @pkg (#eq? @pkg \"random\"))) @vuln",
-    severity: Severity::Low,
-  },
-  Pattern {
-    id: "sql_concat",
-    description: "SQL query built via f-string or +-concat",
-    query: "(call function: (attribute attribute: (identifier) @m (#match? @m \"execute|executemany\")) arguments: (argument_list (f_string) @fstr)) @vuln",
-    severity: Severity::Medium,
-  },
+  }
 ];