feat: v2.0.0 - Vollständiger AUR Security Scanner

- Multi-Source IOC Fetcher (HedgeDoc, CISA, Arch Security, Gist) - AUR-spezifische IOC-Prüfung (keine False-Positives für offizielle Repos) - Erweiterte Threat-Typen (Ransomware, Infostealer, etc.) - Trust-Scoring mit 12 Heuristiken - ALPM-Hook für Pre-Install-Checks - Cache mit 5-Minuten-TTL - CVE und Advisory-URL Support
2026-06-15 19:28:36 +02:00
parent 7c32ae0782
commit 7a6765aecf
3 changed files with 54 additions and 3 deletions
@@ -1,6 +1,6 @@
 [package]
 name = "aegisaur"
-version = "0.1.0"
+version = "2.0.0"
 edition = "2021"
 authors = ["Quasi & Thuumate 👻"]
 description = "Trust-Scoring + IOC-Scanner für Arch Linux AUR-Pakete"
@@ -90,10 +90,23 @@ impl PackageScanner {
    ) -> Result<ScanResult> {
        info!("Scanne Paket: {}", package);

-        let iocs = self.ioc_fetcher.get_cached_iocs().await?;
-        let ioc_matches = self.ioc_fetcher.check_package(package, &iocs);
+        // Prüfe ob Paket in offiziellem Repo oder AUR
+        let is_aur = self.is_aur_package(package).await;
        
-        let aur_info = self.fetch_aur_info(package).await?;
+        let iocs = self.ioc_fetcher.get_cached_iocs().await?;
+        let ioc_matches = if is_aur {
+            // Nur für AUR-Pakete IOCs prüfen
+            self.ioc_fetcher.check_package(package, &iocs)
+        } else {
+            // Für offizielle Repo-Pakete: keine IOC-Warnungen
+            vec![]
+        };
+
+        let aur_info = if is_aur {
+            self.fetch_aur_info(package).await?
+        } else {
+            None
+        };

        let pkgbuild_analysis = if let Some(ref info) = aur_info {
            if let Some(url) = &info.url_path {
@@ -278,6 +291,44 @@ impl PackageScanner {
        Ok(())
    }

+    /// Prüft ob ein Paket aus dem AUR stammt (nicht offizielles Repo)
+    async fn is_aur_package(&self, package: &str) -> bool {
+        // Versuche offizielles Repo-Info zu holen
+        let official = Command::new("pacman")
+            .args(["-Si", package])
+            .output()
+            .await;
+        
+        match official {
+            Ok(output) => {
+                if output.status.success() {
+                    // Paket in offiziellem Repo gefunden
+                    let stdout = String::from_utf8_lossy(&output.stdout);
+                    if stdout.contains("Repository      : aur") || stdout.contains("Repository      : AUR") {
+                        return true;
+                    }
+                    // Alle anderen Repos (core, extra, community, multilib, etc.)
+                    return false;
+                }
+            }
+            Err(_) => {}
+        }
+        
+        // Fallback: Prüfe ob es ein "foreign" Paket ist (AUR)
+        let foreign = Command::new("pacman")
+            .args(["-Qm"])
+            .output()
+            .await;
+        
+        match foreign {
+            Ok(output) => {
+                let stdout = String::from_utf8_lossy(&output.stdout);
+                stdout.lines().any(|line| line.starts_with(package))
+            }
+            Err(_) => false,
+        }
+    }
+
    async fn fetch_aur_info(
        &self, package: &str
    ) -> Result<Option<AurPackageInfo>> {