Passive Security Scanning

Rule-based checks that flag potential security issues in source code without sending any traffic.

Analyze code for potential security issues using predefined rules without active exploitation. Uses regular expressions and string matching to identify common security risks.

Usage

Run passive scan:

noir scan <BASE_PATH> -P

Use custom rules:

noir scan <BASE_PATH> --passive-scan --passive-scan-path /path/to/your/rules.yml

Filtering by Severity

Filter by severity level using --passive-scan-severity:

  • critical: Critical only
  • high: High and critical (default)
  • medium: Medium, high, and critical
  • low: All levels

Examples:

# Critical only
noir scan <BASE_PATH> -P --passive-scan-severity critical

# Medium and above
noir scan <BASE_PATH> -P --passive-scan-severity medium

# All issues
noir scan <BASE_PATH> -P --passive-scan-severity low

Output Format

Example output:

★ Passive Results:
[critical][hahwul-test][secret] use x-api-key
  ├── extract:   env.request.headers["x-api-key"].as(String)
  └── file: ./spec/functional_test/fixtures/crystal_kemal/src/testapp.cr:4

Output components:

  • [critical][hahwul-test][secret]: Severity, rule name, issue type
  • extract: Matched code line
  • file: File path and line number