1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
//! Security module for input validation, command execution safety, and error sanitization
//!
//! This module provides comprehensive security mechanisms to prevent:
//! - Command injection attacks
//! - Path traversal vulnerabilities
//! - Information disclosure via error messages
//! - Malicious input exploitation
//! - Template injection attacks
//!
//! ## Week 3 Security Hardening: Template Security
//!
//! - Sandboxed Tera environments with function whitelisting
//! - Template variable validation (alphanumeric + underscore)
//! - Context-aware output escaping (HTML, SQL, Shell)
//! - Template size limits (1MB maximum)
//! - Path traversal prevention in includes
//!
//! ## Week 4 Security Hardening
//!
//! Target: 82% → 85% security health improvement
//!
//! Fixed issues:
//! 1. Panic in library code → Result-based error handling
//! 2. Unwrap() usage → Proper error propagation
//! 3. Command injection → Safe command execution
//! 4. Input validation → Comprehensive validation functions
//! 5. Error message leakage → Sanitized error messages
//!
//! ## Week 10 Security Logging & Intrusion Detection (v26_5_19.0)
//!
//! New capabilities:
//! 1. Comprehensive security event logging with structured data
//! 2. Immutable audit trail with Merkle tree tamper-proofing
//! 3. Intrusion detection with pattern matching for common attacks
//! 4. Security metrics collection and aggregation
//! 5. Real-time alerting for critical security events
//!
//! ### Usage Example
//!
//! ```rust,no_run
//! use crate::security::logging::SecurityLogger;
//! use crate::security::events::{SecurityEvent, SecuritySeverity, EventCategory};
//!
//! # fn main() -> Result<(), Box<dyn std::error::Error>> {
//! let mut logger = SecurityLogger::new()?;
//!
//! // Log security events
//! let event = SecurityEvent::new(
//! SecuritySeverity::High,
//! EventCategory::Authentication,
//! "Failed login attempt"
//! );
//! logger.log(event)?;
//!
//! // Analyze input for attacks
//! if let Some(attack_event) = logger.analyze_input("SELECT * FROM users")? {
//! println!("Attack detected: {:?}", attack_event.attack_pattern);
//! }
//!
//! // Get security metrics
//! if let Some(metrics) = logger.get_metrics_for_last_hour() {
//! println!("Total attacks: {}", metrics.total_attacks);
//! }
//! # Ok(())
//! # }
//! ```
// Week 10: Security logging and intrusion detection
pub use ;
pub use ;
pub use ;
pub use ;
// Week 10 exports
pub use ;
pub use ;
pub use ;
pub use ;
pub use ;
pub use ;