save progress

2026-01-06 09:42:02 +02:00
parent 94d68bee8b
commit 37e11918e0
443 changed files with 85863 additions and 897 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/StellaOps.Scanner.Analyzers.Lang.Python.csproj
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Python/StellaOps.Scanner.Analyzers.Lang.Python.csproj
@@ -14,6 +14,10 @@
    <None Include="**\*" Exclude="**\*.cs;**\*.json;bin\**;obj\**" />
  </ItemGroup>

+  <ItemGroup>
+    <InternalsVisibleTo Include="StellaOps.Scanner.Analyzers.Lang.Python.Tests" />
+  </ItemGroup>
+
  <ItemGroup>
    <ProjectReference Include="..\StellaOps.Scanner.Analyzers.Lang\StellaOps.Scanner.Analyzers.Lang.csproj" />
    <ProjectReference Include="..\StellaOps.Scanner.Surface.Validation\StellaOps.Scanner.Surface.Validation.csproj" />
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Secrets/SecretsAnalyzer.cs
@@ -59,17 +59,17 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
    /// <summary>
    /// Analyzes raw file content for secrets. Adapter for Worker stage executor.
    /// </summary>
-    public async ValueTask<List<SecretFinding>> AnalyzeAsync(
+    public async ValueTask<List<SecretLeakEvidence>> AnalyzeAsync(
        byte[] content,
        string relativePath,
        CancellationToken ct)
    {
        if (!IsEnabled || content is null || content.Length == 0)
        {
-            return new List<SecretFinding>();
+            return new List<SecretLeakEvidence>();
        }

-        var findings = new List<SecretFinding>();
+        var findings = new List<SecretLeakEvidence>();

        foreach (var rule in _ruleset!.GetRulesForFile(relativePath))
        {
@@ -85,23 +85,8 @@ public sealed class SecretsAnalyzer : ILanguageAnalyzer
                    continue;
                }

-                var maskedSecret = _masker.Mask(match.Secret);
-                var finding = new SecretFinding
-                {
-                    RuleId = rule.Id,
-                    RuleName = rule.Name,
-                    Severity = rule.Severity,
-                    Confidence = confidence,
-                    FilePath = relativePath,
-                    LineNumber = match.LineNumber,
-                    ColumnStart = match.ColumnStart,
-                    ColumnEnd = match.ColumnEnd,
-                    MatchedText = maskedSecret,
-                    Category = rule.Category,
-                    DetectedAtUtc = _timeProvider.GetUtcNow()
-                };
-
-                findings.Add(finding);
+                var evidence = SecretLeakEvidence.FromMatch(match, _masker, _ruleset, _timeProvider);
+                findings.Add(evidence);
            }
        }