mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-15 20:05:13 +02:00
f96a89e7c1
* feat: Enhance control flow analysis with function summaries and taint analysis * feat: Update taint analysis to utilize function summaries for enhanced tracking * Refactor `walk.rs` batch processing and override handling: - Renamed `Batcher` to `BatchSender` for clarity. - Added `BatchSender::new` constructor for cleaner initialization. - Simplified batch size management in `BatchSender`. - Extracted `build_overrides` function for reusable override construction. - Improved error handling and validation in override building. - Enhanced performance with directory and file type filtering in `walk`. * Improve logging and streamline directory walk process: - Added detailed `tracing` logs for debugging batch flushes, override construction, and walk initialization/completion. - Optimized and simplified `filter_entry` logic for directory and file type filters. - Improved metadata checks and max file size enforcement during the scan. * Refactor and optimize taint tracking, label rules, and directory walk process: - Replaced `DefaultHasher` with `blake3::Hasher` for improved taint hashing. - Enhanced sorting and hashing logic in `taint.rs` for consistency and efficiency. - Removed unused `set_hash` function and redundant imports across files. - Improved batch sender logic in `walk.rs`, renaming key components for clarity. - Unified `spawn_senders` and `spawn_file_walker` with thread handling and channel tuple return. - Expanded label rules with additional matchers for sources, sanitizers, and sinks. - Deprecated `dump_cfg` and specific logging utilities in `cfg.rs` for code cleanup. * fix: fixed let chains error in walk.rs * fix: updated dependencies * fix: updated dependencies * chore: Remove standard error in scan.rs * feat: Introduce function summaries for enhanced taint and control flow analysis * feat: Enhance taint analysis with interop support and function summaries * feat: Add configuration analysis module and enhance matcher rules * feat: Add arity column to function_summaries and handle schema migration * fix: fixed clippy &PathBuf warnings * chore: Update dependencies and versioning in Cargo files * docs: Update README to enhance clarity and detail on features and analysis modes * chore: Update CHANGELOG for version 0.2.0 with new features, changes, and fixes * docs: Update SECURITY.md to clarify version support status --------- Co-authored-by: elipeter <eli.peter@es.fcm.travel>
68 lines
2 KiB
Rust
68 lines
2 KiB
Rust
use std::env;
|
|
use std::fs;
|
|
use std::process::Command;
|
|
|
|
/// Infrastructure provisioning tool — Rust core.
|
|
/// Reads infrastructure config from environment and executes provisioning commands.
|
|
|
|
struct InfraConfig {
|
|
provider: String,
|
|
region: String,
|
|
ssh_key_path: String,
|
|
cluster_name: String,
|
|
}
|
|
|
|
fn load_infra_config() -> InfraConfig {
|
|
InfraConfig {
|
|
provider: env::var("CLOUD_PROVIDER").unwrap(),
|
|
region: env::var("CLOUD_REGION").unwrap(),
|
|
ssh_key_path: env::var("SSH_KEY_PATH").expect("SSH_KEY_PATH required"),
|
|
cluster_name: env::var("CLUSTER_NAME").unwrap(),
|
|
}
|
|
}
|
|
|
|
/// Provisions a new cluster by shelling out to the provider CLI.
|
|
/// VULN: env var flows into Command (command injection)
|
|
fn provision_cluster() {
|
|
let cfg = load_infra_config();
|
|
let cmd = format!(
|
|
"{}-cli create-cluster --name {} --region {} --ssh-key {}",
|
|
cfg.provider, cfg.cluster_name, cfg.region, cfg.ssh_key_path
|
|
);
|
|
let output = Command::new("sh")
|
|
.arg("-c")
|
|
.arg(&cmd)
|
|
.output()
|
|
.expect("provisioning failed");
|
|
|
|
if !output.status.success() {
|
|
panic!("Cluster provisioning failed: {}", String::from_utf8_lossy(&output.stderr));
|
|
}
|
|
}
|
|
|
|
/// Reads a Terraform state file and applies changes.
|
|
/// VULN: file contents flow into Command
|
|
fn apply_terraform() {
|
|
let state = fs::read_to_string("/etc/terraform/main.tf").unwrap();
|
|
let workspace = state.lines()
|
|
.find(|l| l.starts_with("workspace"))
|
|
.unwrap_or("default");
|
|
Command::new("terraform")
|
|
.arg("apply")
|
|
.arg("-auto-approve")
|
|
.arg("-var")
|
|
.arg(format!("workspace={}", workspace))
|
|
.status()
|
|
.unwrap();
|
|
}
|
|
|
|
/// Destroys infrastructure — reads target from env.
|
|
/// VULN: env var flows into Command
|
|
fn destroy_cluster() {
|
|
let cluster = env::var("DESTROY_TARGET").unwrap();
|
|
Command::new("sh")
|
|
.arg("-c")
|
|
.arg(format!("kubectl delete cluster {}", cluster))
|
|
.status()
|
|
.expect("destroy failed");
|
|
}
|