@@ -18,7 +18,7 @@ type SecurityController interface {
1818 ConfigureScanner (ctx context.Context , id string , env map [string ]string ) error
1919 GetScannerStatus (ctx context.Context , id string ) (* scanner.ScannerPlugin , error )
2020
21- StartScan (ctx context.Context , serverName string , dryRun bool , scannerIDs []string ) (* scanner.ScanJob , error )
21+ StartScan (ctx context.Context , serverName string , dryRun bool , scannerIDs []string , sourceDir string ) (* scanner.ScanJob , error )
2222 GetScanStatus (ctx context.Context , serverName string ) (* scanner.ScanJob , error )
2323 GetScanReport (ctx context.Context , serverName string ) (* scanner.AggregatedReport , error )
2424 CancelScan (ctx context.Context , serverName string ) error
@@ -37,9 +37,21 @@ func (s *Server) SetSecurityController(ctrl SecurityController) {
3737 s .securityController = ctrl
3838}
3939
40+ // requireSecurity returns true if the security controller is available, writing a 501 error if not.
41+ func (s * Server ) requireSecurity (w http.ResponseWriter , r * http.Request ) bool {
42+ if s .securityController == nil {
43+ s .writeError (w , r , http .StatusNotImplemented , "security scanner feature is not configured" )
44+ return false
45+ }
46+ return true
47+ }
48+
4049// --- Scanner management handlers ---
4150
4251func (s * Server ) handleListScanners (w http.ResponseWriter , r * http.Request ) {
52+ if ! s .requireSecurity (w , r ) {
53+ return
54+ }
4355 scanners , err := s .securityController .ListScanners (r .Context ())
4456 if err != nil {
4557 s .writeError (w , r , http .StatusInternalServerError , err .Error ())
@@ -49,6 +61,9 @@ func (s *Server) handleListScanners(w http.ResponseWriter, r *http.Request) {
4961}
5062
5163func (s * Server ) handleInstallScanner (w http.ResponseWriter , r * http.Request ) {
64+ if ! s .requireSecurity (w , r ) {
65+ return
66+ }
5267 var req struct {
5368 ID string `json:"id"`
5469 }
@@ -69,6 +84,9 @@ func (s *Server) handleInstallScanner(w http.ResponseWriter, r *http.Request) {
6984}
7085
7186func (s * Server ) handleRemoveScanner (w http.ResponseWriter , r * http.Request ) {
87+ if ! s .requireSecurity (w , r ) {
88+ return
89+ }
7290 id := chi .URLParam (r , "id" )
7391 if id == "" {
7492 s .writeError (w , r , http .StatusBadRequest , "scanner id is required" )
@@ -83,6 +101,9 @@ func (s *Server) handleRemoveScanner(w http.ResponseWriter, r *http.Request) {
83101}
84102
85103func (s * Server ) handleConfigureScanner (w http.ResponseWriter , r * http.Request ) {
104+ if ! s .requireSecurity (w , r ) {
105+ return
106+ }
86107 id := chi .URLParam (r , "id" )
87108 if id == "" {
88109 s .writeError (w , r , http .StatusBadRequest , "scanner id is required" )
@@ -109,6 +130,9 @@ func (s *Server) handleConfigureScanner(w http.ResponseWriter, r *http.Request)
109130}
110131
111132func (s * Server ) handleGetScannerStatus (w http.ResponseWriter , r * http.Request ) {
133+ if ! s .requireSecurity (w , r ) {
134+ return
135+ }
112136 id := chi .URLParam (r , "id" )
113137 if id == "" {
114138 s .writeError (w , r , http .StatusBadRequest , "scanner id is required" )
@@ -126,6 +150,9 @@ func (s *Server) handleGetScannerStatus(w http.ResponseWriter, r *http.Request)
126150// --- Scan operation handlers ---
127151
128152func (s * Server ) handleStartScan (w http.ResponseWriter , r * http.Request ) {
153+ if ! s .requireSecurity (w , r ) {
154+ return
155+ }
129156 name := chi .URLParam (r , "id" )
130157 if name == "" {
131158 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -135,11 +162,12 @@ func (s *Server) handleStartScan(w http.ResponseWriter, r *http.Request) {
135162 var req struct {
136163 DryRun bool `json:"dry_run"`
137164 ScannerIDs []string `json:"scanner_ids"`
165+ SourceDir string `json:"source_dir"`
138166 }
139167 // Body is optional for simple scans
140168 _ = json .NewDecoder (r .Body ).Decode (& req )
141169
142- job , err := s .securityController .StartScan (r .Context (), name , req .DryRun , req .ScannerIDs )
170+ job , err := s .securityController .StartScan (r .Context (), name , req .DryRun , req .ScannerIDs , req . SourceDir )
143171 if err != nil {
144172 s .writeError (w , r , http .StatusInternalServerError , err .Error ())
145173 return
@@ -148,6 +176,9 @@ func (s *Server) handleStartScan(w http.ResponseWriter, r *http.Request) {
148176}
149177
150178func (s * Server ) handleGetScanStatus (w http.ResponseWriter , r * http.Request ) {
179+ if ! s .requireSecurity (w , r ) {
180+ return
181+ }
151182 name := chi .URLParam (r , "id" )
152183 if name == "" {
153184 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -163,6 +194,9 @@ func (s *Server) handleGetScanStatus(w http.ResponseWriter, r *http.Request) {
163194}
164195
165196func (s * Server ) handleGetScanReport (w http.ResponseWriter , r * http.Request ) {
197+ if ! s .requireSecurity (w , r ) {
198+ return
199+ }
166200 name := chi .URLParam (r , "id" )
167201 if name == "" {
168202 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -178,6 +212,9 @@ func (s *Server) handleGetScanReport(w http.ResponseWriter, r *http.Request) {
178212}
179213
180214func (s * Server ) handleCancelScan (w http.ResponseWriter , r * http.Request ) {
215+ if ! s .requireSecurity (w , r ) {
216+ return
217+ }
181218 name := chi .URLParam (r , "id" )
182219 if name == "" {
183220 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -194,6 +231,9 @@ func (s *Server) handleCancelScan(w http.ResponseWriter, r *http.Request) {
194231// --- Approval handlers ---
195232
196233func (s * Server ) handleSecurityApprove (w http.ResponseWriter , r * http.Request ) {
234+ if ! s .requireSecurity (w , r ) {
235+ return
236+ }
197237 name := chi .URLParam (r , "id" )
198238 if name == "" {
199239 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -214,6 +254,9 @@ func (s *Server) handleSecurityApprove(w http.ResponseWriter, r *http.Request) {
214254}
215255
216256func (s * Server ) handleSecurityReject (w http.ResponseWriter , r * http.Request ) {
257+ if ! s .requireSecurity (w , r ) {
258+ return
259+ }
217260 name := chi .URLParam (r , "id" )
218261 if name == "" {
219262 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -228,6 +271,9 @@ func (s *Server) handleSecurityReject(w http.ResponseWriter, r *http.Request) {
228271}
229272
230273func (s * Server ) handleCheckIntegrity (w http.ResponseWriter , r * http.Request ) {
274+ if ! s .requireSecurity (w , r ) {
275+ return
276+ }
231277 name := chi .URLParam (r , "id" )
232278 if name == "" {
233279 s .writeError (w , r , http .StatusBadRequest , "server name is required" )
@@ -245,6 +291,9 @@ func (s *Server) handleCheckIntegrity(w http.ResponseWriter, r *http.Request) {
245291// --- Overview handler ---
246292
247293func (s * Server ) handleSecurityOverview (w http.ResponseWriter , r * http.Request ) {
294+ if ! s .requireSecurity (w , r ) {
295+ return
296+ }
248297 overview , err := s .securityController .GetSecurityOverview (r .Context ())
249298 if err != nil {
250299 s .writeError (w , r , http .StatusInternalServerError , err .Error ())
0 commit comments