core-policy 0.10.3

Pure RBAC/ABAC policy engine core (zero crypto/network dependencies)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137

//! Error types for mesh-policy-core

use alloc::string::String;
use core::fmt;

/// Result type alias for policy operations
pub type Result<T> = core::result::Result<T, PolicyError>;

/// Errors that can occur in policy operations
#[derive(Debug)]
pub enum PolicyError {
    /// Policy not found
    PolicyNotFound(String),

    /// Invalid policy rule
    InvalidRule(String),

    /// Permission denied
    PermissionDenied {
        /// Peer ID that was denied
        peer_id: String,
        /// Reason for denial
        reason: String,
    },

    /// Invalid peer ID
    InvalidPeerId(String),

    /// Serialization error
    SerializationError(String),

    /// TOML parsing error
    TomlError(toml::de::Error),

    /// IO error
    // IoError removed for no_std

    // ===== DoS Prevention Errors (T20 mitigation) =====

    /// Policy exceeds maximum allowed rules (DoS prevention - T20)
    TooManyRules {
        /// Maximum allowed rules
        max: usize,
        /// Attempted number of rules
        attempted: usize,
    },

    /// Resource pattern exceeds maximum length (DoS prevention - T20)
    PatternTooLong {
        /// Maximum allowed length
        max: usize,
        /// Actual pattern length
        length: usize,
    },

    /// Policy name exceeds maximum length (DoS prevention - T20)
    NameTooLong {
        /// Maximum allowed length
        max: usize,
        /// Actual name length
        length: usize,
    },

    // ===== ABAC Expression Errors =====
    /// Context expression is too deeply nested (stack overflow prevention)
    ExpressionTooDeep {
        /// Maximum allowed depth
        max: usize,
    },

    /// Context expression string is too long (DoS prevention)
    ExpressionTooLong {
        /// Maximum allowed length
        max: usize,
        /// Actual expression length
        length: usize,
    },

    /// Invalid expression syntax
    InvalidExpression(String),

    /// System time error (clock went backwards or unavailable)
    // TimeError removed for no_std

    /// Internal error
    InternalError(String),
}

impl fmt::Display for PolicyError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Self::PolicyNotFound(msg) => write!(f, "Policy not found: {}", msg),
            Self::InvalidRule(msg) => write!(f, "Invalid policy rule: {}", msg),
            Self::PermissionDenied { peer_id, reason } => {
                write!(f, "Permission denied for peer {}: {}", peer_id, reason)
            }
            Self::InvalidPeerId(msg) => write!(f, "Invalid peer ID: {}", msg),
            Self::SerializationError(msg) => write!(f, "Serialization error: {}", msg),
            Self::TomlError(e) => write!(f, "TOML parsing error: {}", e),
            Self::TooManyRules { max, attempted } => write!(
                f,
                "Policy exceeds maximum {} rules (attempted: {})",
                max, attempted
            ),
            Self::PatternTooLong { max, length } => write!(
                f,
                "Resource pattern exceeds maximum {} characters (length: {})",
                max, length
            ),
            Self::NameTooLong { max, length } => write!(
                f,
                "Policy name exceeds maximum {} characters (length: {})",
                max, length
            ),
            Self::ExpressionTooDeep { max } => write!(
                f,
                "Context expression exceeds maximum depth of {} (prevents stack overflow)",
                max
            ),
            Self::ExpressionTooLong { max, length } => write!(
                f,
                "Context expression exceeds maximum {} characters (length: {})",
                max, length
            ),
            Self::InvalidExpression(msg) => write!(f, "Invalid context expression: {}", msg),
            Self::InternalError(msg) => write!(f, "Internal error: {}", msg),
        }
    }
}

impl From<toml::de::Error> for PolicyError {
    fn from(err: toml::de::Error) -> Self {
        Self::TomlError(err)
    }
}

impl core::error::Error for PolicyError {}