feat(rust): Implement RustCargoLockParser and RustFingerprintScanner

- Added RustCargoLockParser to parse Cargo.lock files and extract package information. - Introduced RustFingerprintScanner to scan for Rust fingerprint records in JSON files. - Created test fixtures for Rust language analysis, including Cargo.lock and fingerprint JSON files. - Developed tests for RustLanguageAnalyzer to ensure deterministic output based on provided fixtures. - Added expected output files for both simple and signed Rust applications.
2025-10-22 18:11:01 +03:00
parent c377229931
commit 35c5614eb7
66 changed files with 4200 additions and 217 deletions
--- a/src/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/simple/expected.json
+++ b/src/StellaOps.Scanner.Analyzers.Lang.Tests/Fixtures/lang/rust/simple/expected.json
@@ -0,0 +1,90 @@
+[
+  {
+    "analyzerId": "rust",
+    "componentKey": "bin::sha256:22caa7413d89026b52db64c8abc254bf9e7647ab9216e79c6972a39451f8c41e",
+    "name": "unknown_tool",
+    "type": "bin",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "binary.path": "usr/local/bin/unknown_tool",
+      "binary.sha256": "22caa7413d89026b52db64c8abc254bf9e7647ab9216e79c6972a39451f8c41e",
+      "provenance": "binary"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "binary",
+        "locator": "usr/local/bin/unknown_tool",
+        "sha256": "22caa7413d89026b52db64c8abc254bf9e7647ab9216e79c6972a39451f8c41e"
+      }
+    ]
+  },
+  {
+    "analyzerId": "rust",
+    "componentKey": "purl::pkg:cargo/my_app@0.1.0",
+    "purl": "pkg:cargo/my_app@0.1.0",
+    "name": "my_app",
+    "version": "0.1.0",
+    "type": "cargo",
+    "usedByEntrypoint": true,
+    "metadata": {
+      "binary.paths": "usr/local/bin/my_app",
+      "binary.sha256": "a95a4f4854bf973deacbd937bd1189fc3d0eef7a4fd4f7960f37cf66162c82fd",
+      "cargo.lock.path": "Cargo.lock",
+      "fingerprint.profile": "debug",
+      "fingerprint.targetKind": "bin",
+      "source": "registry\u002Bhttps://github.com/rust-lang/crates.io-index"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "binary",
+        "locator": "usr/local/bin/my_app",
+        "sha256": "a95a4f4854bf973deacbd937bd1189fc3d0eef7a4fd4f7960f37cf66162c82fd"
+      },
+      {
+        "kind": "file",
+        "source": "cargo.fingerprint",
+        "locator": "target/debug/.fingerprint/my_app-1234567890abcdef/bin-my_app-1234567890abcdef.json",
+        "value": "bin"
+      },
+      {
+        "kind": "file",
+        "source": "cargo.lock",
+        "locator": "Cargo.lock",
+        "value": "my_app 0.1.0"
+      }
+    ]
+  },
+  {
+    "analyzerId": "rust",
+    "componentKey": "purl::pkg:cargo/serde@1.0.188",
+    "purl": "pkg:cargo/serde@1.0.188",
+    "name": "serde",
+    "version": "1.0.188",
+    "type": "cargo",
+    "usedByEntrypoint": false,
+    "metadata": {
+      "cargo.lock.path": "Cargo.lock",
+      "checksum": "abc123",
+      "fingerprint.profile": "release",
+      "fingerprint.targetKind": "lib",
+      "source": "registry\u002Bhttps://github.com/rust-lang/crates.io-index"
+    },
+    "evidence": [
+      {
+        "kind": "file",
+        "source": "cargo.fingerprint",
+        "locator": "target/debug/.fingerprint/serde-abcdef1234567890/libserde-abcdef1234567890.json",
+        "value": "lib"
+      },
+      {
+        "kind": "file",
+        "source": "cargo.lock",
+        "locator": "Cargo.lock",
+        "value": "serde 1.0.188",
+        "sha256": "abc123"
+      }
+    ]
+  }
+]