fix: try/except in _scan_component, serialize_finding to prevent data injection, DRY LLM template, SUPPORTED_ECOSYSTEMS constant

guarddog_nexus/schemas.py

@@ -100,3 +100,20 @@ class StatsResponse(BaseModel):
     total_findings: int
     top_rules: list[dict]
     latest_scan_at: datetime | None = None
+
+
+# Finding data known fields (prevents **f.data from overwriting id/scan_id)
+_FINDING_DATA_FIELDS = ("rule", "severity", "message", "location", "code")
+
+
+def serialize_finding(finding) -> dict:
+    """Extract known fields from a Finding, preventing data field injection."""
+    result = {
+        "id": finding.id,
+        "scan_id": finding.scan_id,
+        "report": finding.report,
+        "created_at": finding.created_at.isoformat() if finding.created_at else None,
+    }
+    for field in _FINDING_DATA_FIELDS:
+        result[field] = finding.data.get(field, "")
+    return result