From 62a98120792d0769504e743eef1d014969e22b21 Mon Sep 17 00:00:00 2001
From: Vincent Thiberville <vthib@pm.me>
Date: Thu, 9 Nov 2023 23:25:08 +0100
Subject: [PATCH] feat: Add tags and metadatas in MatchedRule details

Add tags and metadatas of matched rules in the scan results, instead of
only the name and namespace. They were saved for this purpose, but were
not exposed by mistake.
---
 boreal/src/compiler/rule.rs | 15 ++++++++-------
 boreal/src/lib.rs           |  4 ++++
 boreal/src/scanner/mod.rs   | 18 ++++++++++++++----
 3 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/boreal/src/compiler/rule.rs b/boreal/src/compiler/rule.rs
index a7050ffb..495404f7 100644
--- a/boreal/src/compiler/rule.rs
+++ b/boreal/src/compiler/rule.rs
@@ -14,20 +14,20 @@ use crate::statistics;
 
 /// A compiled scanning rule.
 #[derive(Debug)]
-pub struct Rule {
+pub(crate) struct Rule {
     /// Name of the rule.
-    pub name: String,
+    pub(crate) name: String,
 
     /// Namespace containing the rule.
     ///
-    /// `None` if in the default namespace.
-    pub namespace: Option<String>,
+    /// [`None`] if in the default namespace.
+    pub(crate) namespace: Option<String>,
 
     /// Tags associated with the rule.
-    pub tags: Vec<String>,
+    pub(crate) tags: Vec<String>,
 
     /// Metadata associated with the rule.
-    pub metadatas: Vec<Metadata>,
+    pub(crate) metadatas: Vec<Metadata>,
 
     /// Number of variables used by the rule.
     pub(crate) nb_variables: usize,
@@ -35,7 +35,8 @@ pub struct Rule {
     /// Condition of the rule.
     pub(crate) condition: Expression,
 
-    pub is_private: bool,
+    /// Is the rule marked as private.
+    pub(crate) is_private: bool,
 }
 
 /// Object used to compile a rule.
diff --git a/boreal/src/lib.rs b/boreal/src/lib.rs
index 532ed450..67b6bfe7 100644
--- a/boreal/src/lib.rs
+++ b/boreal/src/lib.rs
@@ -95,5 +95,9 @@ pub mod scanner;
 pub use scanner::Scanner;
 pub mod statistics;
 
+// Re-exports those symbols since they are exposed in the results of a scan. This avoids
+// having to depend on boreal-parser simply to match on those metadatas.
+pub use boreal_parser::rule::{Metadata, MetadataValue};
+
 #[cfg(test)]
 mod test_helpers;
diff --git a/boreal/src/scanner/mod.rs b/boreal/src/scanner/mod.rs
index 2f0cd97f..6f8c5b83 100644
--- a/boreal/src/scanner/mod.rs
+++ b/boreal/src/scanner/mod.rs
@@ -460,8 +460,10 @@ fn build_matched_rule<'a>(
     }
 
     MatchedRule {
-        namespace: rule.namespace.as_deref(),
         name: &rule.name,
+        namespace: rule.namespace.as_deref(),
+        tags: &rule.tags,
+        metadatas: &rule.metadatas,
         matches: var_evals
             .into_iter()
             .filter(|eval| !eval.var.is_private)
@@ -525,11 +527,17 @@ impl<'scanner> ScanResult<'scanner> {
 /// Description of a rule that matched during a scan.
 #[derive(Debug)]
 pub struct MatchedRule<'scanner> {
+    /// Name of the rule.
+    pub name: &'scanner str,
+
     /// Namespace containing the rule. None if in the default namespace.
     pub namespace: Option<&'scanner str>,
 
-    /// Name of the rule.
-    pub name: &'scanner str,
+    /// Tags associated with the rule.
+    pub tags: &'scanner [String],
+
+    /// Metadata associated with the rule.
+    pub metadatas: &'scanner [boreal_parser::rule::Metadata],
 
     /// List of matched strings, with details on their matches.
     pub matches: Vec<StringMatches<'scanner>>,
@@ -1209,8 +1217,10 @@ mod tests {
             statistics: None,
         });
         test_type_traits_non_clonable(MatchedRule {
-            namespace: None,
             name: "a",
+            namespace: None,
+            tags: &[],
+            metadatas: &[],
             matches: Vec::new(),
         });
         test_type_traits_non_clonable(StringMatches {