feat: add security requirements to vuln report

jwong101 · jwong101 · commit 5aeffdc724f3 · 2025-04-23T15:46:25.000-04:00
diff --git a/crates/forge_analyzer/src/checkers.rs b/crates/forge_analyzer/src/checkers.rs
@@ -453,6 +453,7 @@ impl IntoVuln for AuthZVuln {
             severity: Severity::High,
             app_key: reporter.app_key().to_owned(),
             app_name: reporter.app_name().to_owned(),
+            marketplace_security_requirement: "Requirement 1.2",
             date: reporter.current_date(),
         }
     }
@@ -733,6 +734,7 @@ impl IntoVuln for AuthNVuln {
             severity: Severity::High,
             app_key: reporter.app_key().to_owned(),
             app_name: reporter.app_name().to_owned(),
+            marketplace_security_requirement: "Requirement 1.1",
             date: reporter.current_date(),
         }
     }
@@ -904,6 +906,7 @@ impl IntoVuln for SecretVuln {
             recommendation: "Use secrets as enviornment variables instead of hardcoding them.",
             proof: format!("Hardcoded secret found in found via {}", self.stack),
             severity: Severity::High,
+            marketplace_security_requirement: "Requirement 2.5",
             app_key: reporter.app_key().to_owned(),
             app_name: reporter.app_name().to_owned(),
             date: reporter.current_date(),
@@ -1333,6 +1336,7 @@ impl IntoVuln for PermissionVuln<'_> {
             severity: Severity::Low,
             app_key: reporter.app_key().to_string(),
             app_name: reporter.app_name().to_string(),
+            marketplace_security_requirement: "Requirement 2.4",
             date: reporter.current_date(),
         }
     }
diff --git a/crates/forge_analyzer/src/reporter.rs b/crates/forge_analyzer/src/reporter.rs
@@ -19,6 +19,7 @@ pub struct Vulnerability {
     pub(crate) severity: Severity,
     pub(crate) app_key: String,
     pub(crate) app_name: String,
+    pub(crate) marketplace_security_requirement: &'static str,
     pub(crate) date: Date,
 }
 
diff --git a/crates/fsrt/src/main.rs b/crates/fsrt/src/main.rs
@@ -366,7 +366,6 @@ pub(crate) fn scan_directory<'a>(
 ) -> Result<Report> {
     let paths = project.get_paths();
     let manifest = project.get_manifest();
-    let id = manifest.app.id;
     let requested_permissions = manifest.permissions;
     let permissions_declared = requested_permissions
         .scopes

Original file line number	Diff line number	Diff line change
`@@ -453,6 +453,7 @@ impl IntoVuln for AuthZVuln {`
`453`	`453`	`severity: Severity::High,`
`454`	`454`	`app_key: reporter.app_key().to_owned(),`
`455`	`455`	`app_name: reporter.app_name().to_owned(),`
	`456`	`+ marketplace_security_requirement: "Requirement 1.2",`
`456`	`457`	`date: reporter.current_date(),`
`457`	`458`	`}`
`458`	`459`	`}`
`@@ -733,6 +734,7 @@ impl IntoVuln for AuthNVuln {`
`733`	`734`	`severity: Severity::High,`
`734`	`735`	`app_key: reporter.app_key().to_owned(),`
`735`	`736`	`app_name: reporter.app_name().to_owned(),`
	`737`	`+ marketplace_security_requirement: "Requirement 1.1",`
`736`	`738`	`date: reporter.current_date(),`
`737`	`739`	`}`
`738`	`740`	`}`
`@@ -904,6 +906,7 @@ impl IntoVuln for SecretVuln {`
`904`	`906`	`recommendation: "Use secrets as enviornment variables instead of hardcoding them.",`
`905`	`907`	`proof: format!("Hardcoded secret found in found via {}", self.stack),`
`906`	`908`	`severity: Severity::High,`
	`909`	`+ marketplace_security_requirement: "Requirement 2.5",`
`907`	`910`	`app_key: reporter.app_key().to_owned(),`
`908`	`911`	`app_name: reporter.app_name().to_owned(),`
`909`	`912`	`date: reporter.current_date(),`
`@@ -1333,6 +1336,7 @@ impl IntoVuln for PermissionVuln<'_> {`
`1333`	`1336`	`severity: Severity::Low,`
`1334`	`1337`	`app_key: reporter.app_key().to_string(),`
`1335`	`1338`	`app_name: reporter.app_name().to_string(),`
	`1339`	`+ marketplace_security_requirement: "Requirement 2.4",`
`1336`	`1340`	`date: reporter.current_date(),`
`1337`	`1341`	`}`
`1338`	`1342`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ pub struct Vulnerability {`
`19`	`19`	`pub(crate) severity: Severity,`
`20`	`20`	`pub(crate) app_key: String,`
`21`	`21`	`pub(crate) app_name: String,`
	`22`	`+ pub(crate) marketplace_security_requirement: &'static str,`
`22`	`23`	`pub(crate) date: Date,`
`23`	`24`	`}`
`24`	`25`