module NoirPassiveScan
Defined in:
passive_scan/detect.crpassive_scan/rules.cr
Class Method Summary
-
.detect(file_path : String, file_content : String, rules : Array(PassiveScan), logger : NoirLogger) : Array(PassiveScanResult)
Pure detection: runs every supplied rule against
file_content. -
.detect_with_severity(file_path : String, file_content : String, rules : Array(PassiveScan), logger : NoirLogger, min_severity : String) : Array(PassiveScanResult)
Backwards-compatible entry point used by existing specs.
-
.filter_rules_by_severity(rules : Array(PassiveScan), min_severity : String) : Array(PassiveScan)
Pre-filter the rule set against
min_severity. - .load_rules(path : String, logger : NoirLogger) : Array(PassiveScan)
Class Method Detail
Pure detection: runs every supplied rule against file_content.
Callers are responsible for pre-filtering by severity (see
.filter_rules_by_severity). Returns an empty array (no allocation
beyond the literal) when there are no rules to run, so callers can
short-circuit on passive_scans.empty? before reading the file.
Backwards-compatible entry point used by existing specs. Pre-filters
the rule set by severity and dispatches to .detect.
Pre-filter the rule set against min_severity. Callers should run
this once at scan-startup and pass the result into .detect per
file, so the per-(file × rule) severity comparison is amortized
down to a single pass over the rule set.