Erlang

Author: script3r

Cargo.lock

@@ -11,6 +11,7 @@ members = [
     "crates/detector-swift",
     "crates/detector-objc",
     "crates/detector-kotlin",
+    "crates/detector-erlang",
     "crates/cli",
 ]
 resolver = "2"

Cargo.toml

@@ -1,6 +1,6 @@
 ## CipherScope
 
-Fast, low-false-positive static scanner that finds third-party cryptographic libraries and call sites across 10 programming languages: Go, Java, C, C++, Rust, Python, PHP, Swift, Objective-C, and Kotlin.
+Fast, low-false-positive static scanner that finds third-party cryptographic libraries and call sites across 11 programming languages: Go, Java, C, C++, Rust, Python, PHP, Swift, Objective-C, Kotlin, and Erlang.
 
 ### Install & Run
 
@@ -70,6 +70,7 @@ The scanner automatically detects and processes files with these extensions:
 - **Swift**: `.swift`
 - **Objective-C**: `.m`, `.mm`, `.M`
 - **Kotlin**: `.kt`, `.kts`
+- **Erlang**: `.erl`, `.hrl`, `.beam`
 
 #### Performance Optimizations
 
@@ -92,6 +93,7 @@ The scanner uses a modular detector architecture with dedicated crates for each
 - **detector-swift**: Swift language support
 - **detector-objc**: Objective-C language support
 - **detector-kotlin**: Kotlin language support
+- **detector-erlang**: Erlang language support
 
 Each detector implements the `Detector` trait and can be extended independently. To add support for a new language, create a new detector crate under `crates/` or extend the `patterns.toml` to cover additional libraries. See `crates/scanner-core/src/lib.rs` for the trait definition and pattern-driven detector implementation.
 

README.md

@@ -147,18 +147,25 @@ fn main() -> Result<()> {
             &[Language::Kotlin],
             reg.clone(),
         )),
+        Box::new(PatternDetector::new(
+            "detector-erlang",
+            &[Language::Erlang],
+            reg.clone(),
+        )),
     ];
 
-    let mut cfg = Config::default();
-    cfg.min_confidence = args.min_confidence;
+    let mut cfg = Config {
+        min_confidence: args.min_confidence,
+        include_globs: args.include_glob.clone(),
+        exclude_globs: args.exclude_glob.clone(),
+        allow_libs: args.allow.clone(),
+        deny_libs: args.deny.clone(),
+        deterministic: args.deterministic,
+        ..Default::default()
+    };
     if let Some(mb) = args.max_file_size {
         cfg.max_file_size = mb * 1024 * 1024;
     }
-    cfg.include_globs = args.include_glob.clone();
-    cfg.exclude_globs = args.exclude_glob.clone();
-    cfg.allow_libs = args.allow.clone();
-    cfg.deny_libs = args.deny.clone();
-    cfg.deterministic = args.deterministic;
 
     // Set up progress reporting if requested
     if args.progress {

crates/cli/src/main.rs

@@ -48,7 +48,7 @@ fn scan_fixtures() {
     ];
     let scanner = Scanner::new(&reg, dets, Config::default());
     let fixtures = workspace.join("fixtures");
-    let findings = scanner.run(&[fixtures.clone()]).unwrap();
+    let findings = scanner.run(std::slice::from_ref(&fixtures)).unwrap();
 
     // Debug: print all findings
     println!("Found {} findings:", findings.len());

crates/cli/tests/integration.rs

@@ -0,0 +1,11 @@
+[package]
+name = "detector-erlang"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+authors.workspace = true
+description = "Erlang cryptographic library detector for CipherScope"
+
+[dependencies]
+scanner-core = { path = "../scanner-core" }
+anyhow = "1"

crates/detector-erlang/Cargo.toml

@@ -0,0 +1,31 @@
+use scanner_core::{Detector, Language, ScanUnit, Emitter, Prefilter};
+use anyhow::Result;
+use std::collections::BTreeSet;
+
+pub struct ErlangDetector;
+
+impl Detector for ErlangDetector {
+    fn id(&self) -> &'static str {
+        "detector-erlang"
+    }
+
+    fn languages(&self) -> &'static [Language] {
+        &[Language::Erlang]
+    }
+
+    fn prefilter(&self) -> Prefilter {
+        Prefilter {
+            extensions: BTreeSet::from([".erl".to_string(), ".hrl".to_string(), ".beam".to_string()]),
+            substrings: BTreeSet::new(),
+        }
+    }
+
+    fn scan(&self, _unit: &ScanUnit, _em: &mut Emitter) -> Result<()> {
+        // This detector is not used since we use PatternDetector instead
+        Ok(())
+    }
+
+    fn as_any(&self) -> &dyn std::any::Any {
+        self
+    }
+}

crates/detector-erlang/src/lib.rs

@@ -51,7 +51,7 @@ fn bench_scan(c: &mut Criterion) {
         .throughput(Throughput::Bytes(10_000_000))
         .bench_function("fixtures", |b| {
             b.iter(|| {
-                let _ = scanner.run(&[root.clone()]).unwrap();
+                let _ = scanner.run(std::slice::from_ref(&root)).unwrap();
             });
         });
 }

crates/scanner-core/benches/throughput.rs

@@ -14,6 +14,8 @@ use std::sync::Mutex;
 
 // ---------------- Types ----------------
 
+type ProgressCallback = Arc<dyn Fn(usize, usize, usize) + Send + Sync>;
+
 #[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize)]
 pub enum Language {
     Go,
@@ -26,6 +28,7 @@ pub enum Language {
     Swift,
     ObjC,
     Kotlin,
+    Erlang,
 }
 
 impl<'de> Deserialize<'de> for Language {
@@ -47,6 +50,7 @@ impl<'de> Deserialize<'de> for Language {
             "swift" => Ok(Language::Swift),
             "objc" | "objective-c" | "objectivec" => Ok(Language::ObjC),
             "kotlin" | "kt" => Ok(Language::Kotlin),
+            "erlang" | "erl" => Ok(Language::Erlang),
             other => Err(D::Error::invalid_value(
                 Unexpected::Str(other),
                 &"valid language",
@@ -129,7 +133,7 @@ impl Emitter {
         self.rx.try_iter().collect()
     }
 
-    pub fn into_iter(self) -> Receiver<Finding> {
+    pub fn into_receiver(self) -> Receiver<Finding> {
         self.rx
     }
 }
@@ -186,7 +190,7 @@ pub struct Config {
     #[serde(default)]
     pub deterministic: bool,
     #[serde(skip)]
-    pub progress_callback: Option<Arc<dyn Fn(usize, usize, usize) + Send + Sync>>,
+    pub progress_callback: Option<ProgressCallback>,
 }
 
 fn default_max_file_size() -> usize {
@@ -277,6 +281,10 @@ fn default_include_globs() -> Vec<String> {
         // Kotlin
         "**/*.kt".to_string(),
         "**/*.kts".to_string(),
+        // Erlang
+        "**/*.erl".to_string(),
+        "**/*.hrl".to_string(),
+        "**/*.beam".to_string(),
     ]
 }
 
@@ -305,7 +313,7 @@ impl PatternRegistry {
         let libs = pf
             .library
             .into_iter()
-            .map(|lib| compile_library(lib))
+            .map(compile_library)
             .collect::<Result<Vec<_>>>()?;
 
         // Build language cache only if we have many libraries
@@ -409,7 +417,8 @@ mod strip {
             | Language::Rust
             | Language::Swift
             | Language::ObjC
-            | Language::Kotlin => strip_c_like(language, input),
+            | Language::Kotlin
+            | Language::Erlang => strip_c_like(language, input),
             Language::Python | Language::Php => strip_hash_like(language, input),
         }
     }
@@ -746,10 +755,7 @@ impl<'a> Scanner<'a> {
                     }
                 }
             }
-            match builder.build() {
-                Ok(matcher) => Some(matcher),
-                Err(_) => None,
-            }
+            builder.build().ok()
         } else {
             None
         };
@@ -762,28 +768,26 @@ impl<'a> Scanner<'a> {
                 .git_exclude(true)
                 .ignore(true);
 
-            for result in builder.build() {
-                if let Ok(entry) = result {
-                    let md = match entry.metadata() {
-                        Ok(m) => m,
-                        Err(_) => continue,
-                    };
-                    if md.is_file() {
-                        if md.len() as usize > self.config.max_file_size {
-                            continue;
-                        }
+            for entry in builder.build().flatten() {
+                let md = match entry.metadata() {
+                    Ok(m) => m,
+                    Err(_) => continue,
+                };
+                if md.is_file() {
+                    if md.len() as usize > self.config.max_file_size {
+                        continue;
+                    }
 
-                        let path = entry.into_path();
+                    let path = entry.into_path();
 
-                        // Apply include glob filtering
-                        if let Some(ref matcher) = include_matcher {
-                            if !matcher.is_match(&path) {
-                                continue;
-                            }
+                    // Apply include glob filtering
+                    if let Some(ref matcher) = include_matcher {
+                        if !matcher.is_match(&path) {
+                            continue;
                         }
-
-                        paths.push(path);
                     }
+
+                    paths.push(path);
                 }
             }
         }
@@ -811,6 +815,7 @@ impl<'a> Scanner<'a> {
             "swift" => Some(Language::Swift),
             "m" | "mm" | "M" => Some(Language::ObjC),
             "kt" | "kts" => Some(Language::Kotlin),
+            "erl" | "hrl" | "beam" => Some(Language::Erlang),
             _ => None,
         }
     }
@@ -842,7 +847,7 @@ impl<'a> Scanner<'a> {
                 let mut processed = 0;
                 let findings_count = 0;
 
-                while let Ok(_) = progress_rx.recv() {
+                while progress_rx.recv().is_ok() {
                     processed += 1;
                     callback(processed, total_files, findings_count);
                 }
@@ -874,7 +879,7 @@ impl<'a> Scanner<'a> {
                             if !det.languages().contains(&lang) {
                                 continue;
                             }
-                            if !prefilter_hit(det, &stripped) {
+                            if !prefilter_hit(det.as_ref(), &stripped) {
                                 continue;
                             }
                             let _ = det.scan_optimized(&unit, &stripped_s, &index, &mut em);
@@ -936,7 +941,7 @@ impl<'a> Scanner<'a> {
     }
 }
 
-fn prefilter_hit(det: &Box<dyn Detector>, stripped: &[u8]) -> bool {
+fn prefilter_hit(det: &dyn Detector, stripped: &[u8]) -> bool {
     let pf = det.prefilter();
     if pf.substrings.is_empty() {
         return true;
@@ -1051,7 +1056,7 @@ impl PatternDetector {
                 }
             }
             let should_report =
-                (matched_import && api_hits > 0) || (lib.import.is_empty() && api_hits > 0);
+                (lib.import.is_empty() || matched_import) && api_hits > 0;
             if should_report {
                 let finding = Finding {
                     language: unit.lang,
@@ -1089,14 +1094,12 @@ impl Detector for PatternDetector {
                 substrings.insert(s.clone());
             }
         }
-        let pf = Prefilter {
-            extensions: BTreeSet::new(),
-            substrings,
-        };
-
         // Note: We can't actually cache here due to &self, but this is still faster
         // than recomputing every time since we're using the cached language lookup
-        pf
+        Prefilter {
+            extensions: BTreeSet::new(),
+            substrings,
+        }
     }
     fn scan(&self, unit: &ScanUnit, em: &mut Emitter) -> Result<()> {
         let libs = self.registry.for_language(unit.lang);

crates/scanner-core/src/lib.rs

@@ -0,0 +1,24 @@
+-module(main).
+-export([main/0]).
+
+-include_lib("public_key/include/public_key.hrl").
+
+main() ->
+    % Test Erlang/OTP crypto module
+    Key = crypto:generate_key(des3, 24),
+    Hash = crypto:hash(sha256, "hello world"),
+    Cipher = crypto:block_encrypt(aes_256_cbc, Key, "plaintext"),
+    
+    % Test public_key module
+    {ok, Pem} = public_key:pem_decode(<<"-----BEGIN PRIVATE KEY-----">>),
+    Signature = public_key:sign("data", sha256, Pem),
+    
+    % Test enacl (libsodium) if available
+    {PublicKey, SecretKey} = enacl:box_keypair(),
+    Nonce = enacl:randombytes(12),
+    Ciphertext = enacl:box("message", Nonce, PublicKey, SecretKey),
+    
+    % Test bcrypt
+    Hash2 = bcrypt:hashpw("password", bcrypt:gen_salt()),
+    
+    io:format("Crypto operations completed~n").