Skip to main content

Crate palisade_errors

Crate palisade_errors 

Source
Expand description

§Palisade Errors

Security-conscious error handling with operational security principles.

§Design Philosophy

  1. Internal errors contain full context for forensic analysis
  2. External errors reveal nothing that aids an adversary
  3. Error codes enable tracking without information disclosure
  4. Sensitive data is explicitly marked and zeroized
  5. Sanitization is mandatory and provides useful signals without leaking details
  6. Timing attacks are mitigated through optional normalization

§Security Principles

  • Never expose file paths, usernames, PIDs, or configuration values externally
  • Never reveal internal architecture, component names, or validation logic
  • Never show stack traces, memory addresses, or timing information
  • Sanitized output still provides operation category and retry hints
  • ALL context data is zeroized on drop - NO LEAKS, NO EXCEPTIONS
  • Zero-allocation hot paths where possible
  • Timing side-channels can be mitigated with normalization

§Threat Model

We assume attackers:

  • Read our source code
  • Trigger errors intentionally to fingerprint the system
  • Collect error messages to map internal architecture
  • Use timing and error patterns for side-channel attacks
  • Perform post-compromise memory scraping and core dump analysis

Therefore:

  • External errors provide only error codes and operation categories
  • Internal logs use structured data with explicit, short lifetimes
  • ALL error context is zeroized on drop
  • No string concatenation of sensitive data
  • No leaked allocations that bypass zeroization
  • Sensitive/Internal fields kept separate to prevent conflation
  • Timing normalization available for sensitive operations

§Quick Start

use palisade_errors::{AgentError, definitions, Result};

fn validate_config(threshold: f64) -> Result<()> {
    if threshold < 0.0 || threshold > 100.0 {
        return Err(AgentError::config(
            definitions::CFG_INVALID_VALUE,
            "validate_threshold",
            "Threshold must be between 0 and 100"
        ));
    }
    Ok(())
}

// External display (safe for untrusted viewers):
// "Configuration operation failed [permanent] (E-CFG-103)"

// Internal log (full context for forensics):
// [E-CFG-103] operation='validate_threshold' details='Threshold must be between 0 and 100'

§Working with Sensitive Data

use palisade_errors::{AgentError, definitions, Result};
use std::fs::File;

fn load_config(path: String) -> Result<File> {
    File::open(&path).map_err(|e|
        AgentError::from_io_path(
            definitions::IO_READ_FAILED,
            "load_config",
            path,  // Kept separate as sensitive data
            e
        )
    )
}

§Timing Attack Mitigation

use palisade_errors::{AgentError, definitions, Result};
use std::time::Duration;

fn authenticate(username: &str, password: &str) -> Result<()> {
    // Perform authentication...
}

// Normalize timing to prevent timing side-channels
let result = authenticate("user", "pass");
if let Err(e) = result {
    // Delay error response to constant time
    return Err(e.with_timing_normalization(Duration::from_millis(100)));
}

§Features

  • trusted_debug: Enable detailed debug formatting for trusted environments (debug builds only)
  • external_signaling: Reserved for future external signaling capabilities

Re-exports§

pub use codes::*;
pub use context::*;
pub use convenience::*;
pub use definitions::*;
pub use logging::*;
pub use models::*;
pub use obfuscation::*;
pub use ring_buffer::*;

Modules§

codes
Error code namespace - enables error tracking without information disclosure.
context
Context enrichment utilities for DualContextError.
convenience
Convenience macros for creating errors with format strings.
definitions
Pre-defined error codes for the deception agent.
logging
Structured log entry for internal forensics.
models
Dual-context error handling for honeypot systems with type-enforced trust boundaries.
obfuscation
Error code obfuscation (always on).
ring_buffer
Ring buffer for bounded forensic logging with DoS protection.

Macros§

config_err
Create a configuration error with compile-time literal enforcement.
config_err_sensitive
Create a configuration error with sensitive internal context.
correlation_err
Create a correlation error.
create_lie_error
define_error_code
Define error codes with minimal boilerplate.
define_error_codes
Define multiple error codes within the same namespace.
deployment_err
Create a deployment error.
io_err
Create an I/O error.
logging_err
Create a logging error.
platform_err
Create a platform error.
response_err
Create a response error.
sanitized
Sanitize untrusted input for inclusion in error messages.
telemetry_err
Create a telemetry error.

Structs§

AgentError
Main error type with security-conscious design.

Type Aliases§

Result
Type alias for Results using our error type.