harbor-core 0.1.0

Core library for the Harbor tool.
Documentation
  • Coverage
  • 38.18%
    21 out of 55 items documented0 out of 29 items with examples
  • Size
  • Source code size: 98.06 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 5.74 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 1m 44s Average build duration of successful builds.
  • all releases: 1m 44s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • stefanalfbo/harbor
    0 0 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • stefanalfbo

harbor-core

CI codecov License: MIT

Harbor is an offline security analyzer for HAR files.

The harbor-core crate is the library that parses HAR captures, runs security checks against recorded HTTP responses, and produces de-duplicated findings with an overall score and grade.

What It Provides

harbor-core includes:

  • HAR parsing based on the har crate
  • Security analysis of recorded response headers and cookies
  • Worst-case de-duplication across multiple HAR entries
  • An HTTP Observatory-style score and grade

Current Checks

The library currently analyzes:

  • Content-Security-Policy (CSP)
  • HTTP Strict Transport Security (HSTS)
  • Permissions-Policy
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • CORS
  • Cookie security flags and SameSite settings

Installation

[dependencies]

harbor-core = "0.1"

Example

use harbor_core::har_scanner::HarScanner;

fn main() -> Result<(), Box<dyn std::error::Error>> {
	let report = HarScanner::scan_file("capture.har")?;

	println!("score: {} ({})", report.score.score, report.score.grade);

	for result in report.results {
		println!(
			"[{:#?}] {}: {} ({})",
			result.severity,
			result.name,
			result.comment,
			result.score_impact
		);
	}

	Ok(())
}

Scoring Model

Harbor uses an HTTP Observatory-style scoring approach:

  • Start from a baseline score of 100
  • Apply penalties first
  • Apply bonuses only if the post-penalty score is at least 90
  • Clamp the final score to the range 0..145

The resulting ScanReport includes both the per-check findings and the aggregated score.

Intended Use

harbor-core is useful if you want to:

  • Build your own CLI or UI on top of Harbor analysis
  • Integrate HAR security checks into automation or CI
  • Inspect a full browser session offline instead of probing live endpoints
  • Reuse Harbor scoring and finding logic in another Rust project

Related Crate

If you want the ready-to-use terminal interface, install harbor-cli.

Repository: https://github.com/stefanalfbo/harbor