parlov-elicit 0.1.1

Elicitation engine: strategy selection and probe plan generation for parlov.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

//! Core elicitation types: risk classification, probe specifications, and strategy metadata.

use parlov_core::ProbeDefinition;
use serde::{Deserialize, Serialize};

/// Risk classification for a probing strategy.
///
/// Controls whether a strategy is eligible for execution given the operator's
/// `max_risk` ceiling in `ScanContext`. Variants are ordered from safest to most
/// destructive so that `<=` comparisons work correctly for ceiling enforcement.
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
pub enum RiskLevel {
    /// Read-only probing. No state mutation; safe on any target.
    Safe,
    /// Uses non-idempotent HTTP methods (e.g. POST, PATCH, PUT) that may have
    /// side-effects, but the strategy avoids permanent data loss.
    MethodDestructive,
    /// May trigger irreversible server-side state changes (e.g. DELETE, account
    /// closure, resource exhaustion).
    OperationDestructive,
}

/// Metadata describing a strategy: identity and risk rating.
///
/// Carried on every `ProbeSpec` so the scheduler and output layer can attribute
/// each probe pair back to the strategy that generated it without holding a
/// reference to the strategy object.
#[derive(Debug, Clone)]
pub struct StrategyMetadata {
    /// Stable machine-readable identifier, e.g. `"existence-get-200-404"`.
    pub strategy_id: &'static str,
    /// Human-readable display name, e.g. `"GET 200/404 existence"`.
    pub strategy_name: &'static str,
    /// Risk classification for the strategy.
    pub risk: RiskLevel,
}

/// A baseline + probe pair for standard differential analysis.
///
/// The scheduler executes `baseline` and `probe` the required number of times,
/// collecting `ResponseSurface` values into a `ProbeSet` for analysis.
#[derive(Debug, Clone)]
pub struct ProbePair {
    /// The control request targeting a known-existing resource.
    pub baseline: ProbeDefinition,
    /// The probe request targeting the unknown or suspect resource.
    pub probe: ProbeDefinition,
    /// Strategy that generated this pair.
    pub metadata: StrategyMetadata,
}

/// A burst probe: N requests to baseline URL, then N to probe URL.
///
/// Used for timing oracles where multiple samples are required for statistical
/// significance. `burst_count` sets the minimum sample size per side; the
/// adaptive timing analyzer may request additional rounds.
#[derive(Debug, Clone)]
pub struct BurstSpec {
    /// The control request targeting a known-existing resource.
    pub baseline: ProbeDefinition,
    /// The probe request targeting the unknown or suspect resource.
    pub probe: ProbeDefinition,
    /// Minimum number of samples to collect per side before analysis.
    pub burst_count: usize,
    /// Strategy that generated this burst.
    pub metadata: StrategyMetadata,
}

/// The unit of work handed to the probe scheduler.
///
/// Each variant encodes a different execution and collection strategy. The
/// scheduler dispatches on the variant; the analysis layer receives a `ProbeSet`
/// regardless of which variant produced it.
#[derive(Debug, Clone)]
pub enum ProbeSpec {
    /// Standard adaptive loop: one baseline request, one probe request.
    Pair(ProbePair),
    /// Send `burst_count` requests to the baseline URL, then `burst_count` to
    /// the probe URL, for statistical timing analysis.
    Burst(BurstSpec),
    /// One baseline + one probe; compare full response header sets rather than
    /// bodies or status codes.
    HeaderDiff(ProbePair),
}

#[cfg(test)]
mod tests {
    use super::*;
    use http::{HeaderMap, Method};

    fn make_probe_def(url: &str, method: Method) -> ProbeDefinition {
        ProbeDefinition {
            url: url.to_owned(),
            method,
            headers: HeaderMap::new(),
            body: None,
        }
    }

    fn make_metadata() -> StrategyMetadata {
        StrategyMetadata {
            strategy_id: "test-strategy",
            strategy_name: "Test Strategy",
            risk: RiskLevel::Safe,
        }
    }

    // --- RiskLevel ordering ---

    #[test]
    fn risk_level_safe_less_than_method_destructive() {
        assert!(RiskLevel::Safe < RiskLevel::MethodDestructive);
    }

    #[test]
    fn risk_level_method_destructive_less_than_operation_destructive() {
        assert!(RiskLevel::MethodDestructive < RiskLevel::OperationDestructive);
    }

    #[test]
    fn risk_level_safe_less_than_operation_destructive() {
        assert!(RiskLevel::Safe < RiskLevel::OperationDestructive);
    }

    // --- RiskLevel serialization round-trip ---

    #[test]
    fn risk_level_method_destructive_roundtrip() {
        let original = RiskLevel::MethodDestructive;
        let json = serde_json::to_string(&original).expect("serialize failed");
        let deserialized: RiskLevel = serde_json::from_str(&json).expect("deserialize failed");
        assert_eq!(deserialized, original);
    }

    // --- Type construction ---

    #[test]
    fn strategy_metadata_fields_accessible() {
        let m = make_metadata();
        assert_eq!(m.strategy_id, "test-strategy");
        assert_eq!(m.strategy_name, "Test Strategy");
        assert_eq!(m.risk, RiskLevel::Safe);
    }

    #[test]
    fn probe_pair_fields_accessible() {
        let pair = ProbePair {
            baseline: make_probe_def("https://example.com/1", Method::GET),
            probe: make_probe_def("https://example.com/999", Method::GET),
            metadata: make_metadata(),
        };
        assert_eq!(pair.baseline.url, "https://example.com/1");
        assert_eq!(pair.probe.url, "https://example.com/999");
        assert_eq!(pair.metadata.risk, RiskLevel::Safe);
    }

    #[test]
    fn burst_spec_fields_accessible() {
        let burst = BurstSpec {
            baseline: make_probe_def("https://example.com/1", Method::GET),
            probe: make_probe_def("https://example.com/999", Method::GET),
            burst_count: 30,
            metadata: make_metadata(),
        };
        assert_eq!(burst.burst_count, 30);
    }

    #[test]
    fn probe_spec_pair_variant_accessible() {
        let spec = ProbeSpec::Pair(ProbePair {
            baseline: make_probe_def("https://example.com/1", Method::GET),
            probe: make_probe_def("https://example.com/999", Method::GET),
            metadata: make_metadata(),
        });
        assert!(matches!(spec, ProbeSpec::Pair(_)));
    }

    #[test]
    fn probe_spec_burst_variant_accessible() {
        let spec = ProbeSpec::Burst(BurstSpec {
            baseline: make_probe_def("https://example.com/1", Method::GET),
            probe: make_probe_def("https://example.com/999", Method::GET),
            burst_count: 30,
            metadata: make_metadata(),
        });
        assert!(matches!(spec, ProbeSpec::Burst(_)));
    }

    #[test]
    fn probe_spec_header_diff_variant_accessible() {
        let spec = ProbeSpec::HeaderDiff(ProbePair {
            baseline: make_probe_def("https://example.com/1", Method::GET),
            probe: make_probe_def("https://example.com/999", Method::GET),
            metadata: make_metadata(),
        });
        assert!(matches!(spec, ProbeSpec::HeaderDiff(_)));
    }

}