use crate::types::{ComplianceIssue, Cookie, Regulation, Severity};
#[must_use]
pub fn check_compliance(cookie: &Cookie, regulation: Regulation) -> Vec<ComplianceIssue> {
let mut issues = Vec::new();
match regulation {
Regulation::GDPR | Regulation::UKGDPR => {
issues.extend(check_gdpr_compliance(cookie));
}
Regulation::CCPA | Regulation::CPRA => {
issues.extend(check_ccpa_compliance(cookie));
}
_ => {
if !cookie.secure {
issues.push(ComplianceIssue::new(
Severity::Medium,
regulation,
"Missing Secure Flag",
format!("Cookie '{}' should use Secure flag", cookie.name),
"Cookies should be transmitted securely",
));
}
}
}
issues
}
fn check_gdpr_compliance(cookie: &Cookie) -> Vec<ComplianceIssue> {
let mut issues = Vec::new();
if !cookie.secure || !cookie.http_only {
issues.push(
ComplianceIssue::new(
Severity::High,
Regulation::GDPR,
"GDPR Compliance Issue",
format!(
"Cookie '{}' may not meet GDPR security requirements",
cookie.name
),
"Article 5(1)(f) - Security of processing",
)
.with_article("Art. 5(1)(f)")
.with_penalty("Up to €20M or 4% of annual global revenue"),
);
}
issues
}
fn check_ccpa_compliance(cookie: &Cookie) -> Vec<ComplianceIssue> {
let mut issues = Vec::new();
if cookie.is_third_party {
issues.push(ComplianceIssue::new(
Severity::Medium,
Regulation::CCPA,
"Third-Party Cookie",
format!(
"Third-party cookie '{}' may require opt-out mechanism",
cookie.name
),
"CCPA Section 1798.120 - Right to opt-out of sale",
));
}
issues
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_gdpr_compliance() {
let cookie = Cookie::new("test".to_string(), "value".to_string());
let issues = check_compliance(&cookie, Regulation::GDPR);
assert!(!issues.is_empty());
}
}