Skip to content
/ nullsec-dlangaudit Public

Security audit engine with CTFE, contracts, templates - D language

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bad-antics/nullsec-dlangaudit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
audit.d
audit.d
 
 
dub.json
dub.json
 
 

Repository files navigation

nullsec-dlangaudit 🔍

Security Audit Engine - D language security scanner with compile-time function execution, Design by Contract, and template metaprogramming.

D Security License

🎯 Features

Feature Description
CTFE Patterns Security patterns compiled at compile-time
Design by Contract in/out/invariant validation
Template Engine Generic reporter with format templates
Ranges & UFCS Lazy evaluation and fluent API
Parallel Scanning std.parallelism for multi-core
@safe/@trusted Memory safety attributes
Mixin Templates Extensible rule system
Plugin Architecture Custom audit modules

�� Quick Start

# Build
dub build

# Scan directory
./dlangaudit /path/to/scan

# With options
./dlangaudit . --format=json --min-severity=High

🔬 D Language Features

Compile-Time Function Execution (CTFE)

// Patterns compiled at compile-time
enum CTPattern[] securityPatterns = [
    CTPattern("hardcoded_password", `(?i)password\s*=\s*["'][^"']+["']`, Severity.Critical, "secrets"),
    CTPattern("aws_access_key", `AKIA[0-9A-Z]{16}`, Severity.Critical, "cloud"),
];

// Compile-time regex
template PatternMatcher(CTPattern pattern) {
    enum PatternMatcher = ctRegex!(pattern.pattern);
}

Design by Contract

struct Finding {
    this(string file, size_t line, ...)
    in {
        assert(file.length > 0, "File path cannot be empty");
        assert(line > 0, "Line number must be positive");
    }
    out {
        assert(this.timestamp != SysTime.init, "Timestamp must be set");
    }
    do {
        // Constructor body
    }
}

Class Invariants

class AuditEngine {
    invariant {
        assert(findings !is null || findings.length == 0);
    }
}

@safe/@trusted Attributes

@safe auto getFindings() {
    return findings.sort!((a, b) => a.severity > b.severity);
}

@trusted void scanFile(string filePath) {
    // File I/O requires @trusted
}

Ranges and UFCS

auto criticalFindings = findings
    .filter!(f => f.severity == Severity.Critical)
    .map!(f => f.format())
    .array;

Template-Based Reporter

struct Reporter(OutputFormat) {
    static string generate(Finding[] findings) {
        return OutputFormat.format(findings);
    }
}

// Usage
writeln(Reporter!ConsoleFormat.generate(findings));
writeln(Reporter!SarifFormat.generate(findings));

📊 Output Formats

Format Flag Description
Console --format=console Colored terminal output
JSON --format=json Machine-readable JSON
SARIF --format=sarif CI/CD integration

🔐 Security Patterns

  • Secrets: Hardcoded passwords, API keys, AWS credentials
  • Injection: SQL injection, command injection, eval usage
  • Crypto: Weak hashing (MD5/SHA1), insecure random
  • Traversal: Path traversal patterns
  • Config: Debug flags, insecure settings

🛠️ Build

# Debug build
dub build

# Release with optimizations
dub build --build=release

# Run tests
dub test

📜 License

MIT License - @bad-antics

GitHub Discord

About

Security audit engine with CTFE, contracts, templates - D language

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 - D Security Audit Engine Latest
Jan 23, 2026

Packages

No packages published

Languages