parlov-elicit 0.1.2

Elicitation engine: strategy selection and probe plan generation for parlov.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

//! `Strategy` trait: the interface every elicitation strategy must implement.

use http::Method;

use crate::context::ScanContext;
use crate::types::{ProbeSpec, RiskLevel};

/// An elicitation strategy: maps a `ScanContext` to a set of `ProbeSpec` values.
///
/// Implementations are pure — no I/O, no async. The strategy inspects the
/// context, decides whether it applies, and generates the probe plan. The
/// scheduler owns execution.
pub trait Strategy: Send + Sync {
    /// Stable machine-readable identifier for this strategy, e.g.
    /// `"existence-get-200-404"`.
    fn id(&self) -> &'static str;

    /// Human-readable display name, e.g. `"GET 200/404 existence"`.
    fn name(&self) -> &'static str;

    /// Risk classification. The scheduler skips this strategy when
    /// `ctx.max_risk < self.risk()`.
    fn risk(&self) -> RiskLevel;

    /// HTTP methods this strategy exercises, used for capability filtering.
    fn methods(&self) -> &[Method];

    /// Returns `true` when this strategy can produce useful probes for `ctx`.
    ///
    /// Called before `generate`; the scheduler never calls `generate` when
    /// `is_applicable` returns `false`.
    fn is_applicable(&self, ctx: &ScanContext) -> bool;

    /// Produce probe specifications for `ctx`.
    ///
    /// Only called when `is_applicable` returns `true`. May return an empty
    /// `Vec` if context constraints prevent generation at runtime.
    fn generate(&self, ctx: &ScanContext) -> Vec<ProbeSpec>;
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::context::ScanContext;
    use crate::types::{ProbePair, ProbeSpec, RiskLevel, StrategyMetadata};
    use http::{HeaderMap, Method};
    use parlov_core::ProbeDefinition;

    struct TestStrategy;

    impl Strategy for TestStrategy {
        fn id(&self) -> &'static str {
            "test"
        }

        fn name(&self) -> &'static str {
            "Test Strategy"
        }

        fn risk(&self) -> RiskLevel {
            RiskLevel::Safe
        }

        fn methods(&self) -> &[Method] {
            &[Method::GET]
        }

        fn is_applicable(&self, _ctx: &ScanContext) -> bool {
            true
        }

        fn generate(&self, ctx: &ScanContext) -> Vec<ProbeSpec> {
            let def = ProbeDefinition {
                url: ctx.target.clone(),
                method: Method::GET,
                headers: HeaderMap::new(),
                body: None,
            };
            let meta = StrategyMetadata {
                strategy_id: self.id(),
                strategy_name: self.name(),
                risk: self.risk(),
            };
            vec![ProbeSpec::Pair(ProbePair {
                baseline: def.clone(),
                probe: def,
                metadata: meta,
            })]
        }
    }

    // --- Object safety ---

    #[test]
    fn strategy_is_object_safe() {
        let _: Box<dyn Strategy> = Box::new(TestStrategy);
    }

    // --- Minimal implementation round-trip ---

    #[test]
    fn test_strategy_is_applicable_returns_true() {
        let ctx = ScanContext {
            target: "https://example.com/{id}".to_owned(),
            baseline_id: "1".to_owned(),
            probe_id: "999".to_owned(),
            headers: HeaderMap::new(),
            max_risk: RiskLevel::Safe,
            known_duplicate: None,
            state_field: None,
            alt_credential: None,
            body_template: None,
        };
        assert!(TestStrategy.is_applicable(&ctx));
    }

    #[test]
    fn test_strategy_generate_returns_pair() {
        let ctx = ScanContext {
            target: "https://example.com/{id}".to_owned(),
            baseline_id: "1".to_owned(),
            probe_id: "999".to_owned(),
            headers: HeaderMap::new(),
            max_risk: RiskLevel::Safe,
            known_duplicate: None,
            state_field: None,
            alt_credential: None,
            body_template: None,
        };
        let specs = TestStrategy.generate(&ctx);
        assert_eq!(specs.len(), 1);
        assert!(matches!(specs[0], ProbeSpec::Pair(_)));
    }

}