crablock-core 0.1.2

Core library for crablock - encryption, package format, and common utilities
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

use chrono::Utc;
use serde::Serialize;
use std::collections::HashMap;
use tracing::{error, info, warn};
use uuid::Uuid;

use crate::crypto::EncryptionAlgorithm;
use crate::manifest::Manifest;

#[derive(Debug, Clone, Serialize)]
#[serde(rename_all = "snake_case")]
pub enum LogLevel {
    Info,
    Warn,
    Error,
    Debug,
}

#[derive(Debug, Clone, Serialize)]
pub struct AuditEvent {
    pub timestamp: String,
    pub event_type: String,
    pub package_id: Option<Uuid>,
    pub details: HashMap<String, serde_json::Value>,
}

impl AuditEvent {
    pub fn new(event_type: impl Into<String>) -> Self {
        Self {
            timestamp: Utc::now().to_rfc3339(),
            event_type: event_type.into(),
            package_id: None,
            details: HashMap::new(),
        }
    }

    pub fn with_package_id(mut self, id: Uuid) -> Self {
        self.package_id = Some(id);
        self
    }

    pub fn with_detail(mut self, key: impl Into<String>, value: impl Serialize) -> Self {
        let key = key.into();
        let value = serde_json::to_value(value).unwrap_or_default();
        self.details.insert(key, value);
        self
    }

    pub fn log(&self) {
        // We always serialize the same event shape.
        // Only the log level changes based on the event type.
        let json = serde_json::to_string(self).unwrap_or_default();
        match self.event_type.as_str() {
            "error" | "decryption_failed" | "verification_failed" | "execution_failed" => {
                error!(target: "crablock_audit", "{}", json);
            }
            "warn" | "cleanup_failed" => {
                warn!(target: "crablock_audit", "{}", json);
            }
            _ => {
                info!(target: "crablock_audit", "{}", json);
            }
        }
    }
}

pub fn log_package_load(manifest: &Manifest, key_source: &str, decrypt_mode: &str) {
    AuditEvent::new("package_loaded")
        .with_package_id(manifest.package_id)
        .with_detail("artifact_name", &manifest.artifact_name)
        .with_detail(
            "encryption_algorithm",
            manifest.encryption_algorithm.as_str(),
        )
        .with_detail("key_source_type", key_source)
        .with_detail("decrypt_mode", decrypt_mode)
        .with_detail("version", &manifest.version)
        .log();
}

pub fn log_verification_result(package_id: Uuid, success: bool, details: &str) {
    let event_type = if success {
        "verification_success"
    } else {
        "verification_failed"
    };
    AuditEvent::new(event_type)
        .with_package_id(package_id)
        .with_detail("success", success)
        .with_detail("details", details)
        .log();
}

pub fn log_execution_start(package_id: Uuid, entrypoint: &str, pid: u32) {
    AuditEvent::new("execution_start")
        .with_package_id(package_id)
        .with_detail("entrypoint", entrypoint)
        .with_detail("pid", pid)
        .log();
}

pub fn log_execution_stop(package_id: Uuid, exit_code: i32) {
    AuditEvent::new("execution_stop")
        .with_package_id(package_id)
        .with_detail("exit_code", exit_code)
        .log();
}

pub fn log_decryption(package_id: Uuid, algorithm: EncryptionAlgorithm, mode: &str) {
    AuditEvent::new("decryption")
        .with_package_id(package_id)
        .with_detail("algorithm", algorithm.as_str())
        .with_detail("mode", mode)
        .log();
}

pub fn log_cleanup(package_id: Uuid, path: &str, success: bool) {
    let event = if success {
        "cleanup_success"
    } else {
        "cleanup_failed"
    };
    AuditEvent::new(event)
        .with_package_id(package_id)
        .with_detail("path", path)
        .with_detail("success", success)
        .log();
}

pub fn init_logging(json_format: bool) {
    use tracing_subscriber::{fmt, layer::SubscriberExt, util::SubscriberInitExt, EnvFilter};

    // Default to `info` so the CLI is useful even when RUST_LOG is not set.
    let env_filter = EnvFilter::try_from_default_env().unwrap_or_else(|_| EnvFilter::new("info"));

    if json_format {
        tracing_subscriber::registry()
            .with(env_filter)
            .with(fmt::layer().json())
            .init();
    } else {
        tracing_subscriber::registry()
            .with(env_filter)
            .with(fmt::layer())
            .init();
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_audit_event_creation() {
        let event = AuditEvent::new("test_event")
            .with_package_id(Uuid::new_v4())
            .with_detail("key", "value");

        assert_eq!(event.event_type, "test_event");
        assert!(event.package_id.is_some());
        assert!(event.details.contains_key("key"));
    }
}