parlov-elicit 0.5.0

Elicitation engine: strategy selection and probe plan generation for parlov.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

//! Shared test helpers for strategy unit tests.
//!
//! All helpers construct `ScanContext` values covering the common variants
//! across existence strategy tests. File-specific targets and probe IDs are
//! expressed as struct-update-syntax from these bases.

use http::{HeaderMap, HeaderValue};

use crate::context::{KnownDuplicate, ScanContext, StateField};
use crate::types::RiskLevel;

/// Base context: `RiskLevel::Safe`, no auth, no optional fields.
pub(crate) fn minimal_ctx() -> ScanContext {
    ScanContext {
        target: "https://api.example.com/users/{id}".to_owned(),
        baseline_id: "1001".to_owned(),
        probe_id: "9999".to_owned(),
        headers: HeaderMap::new(),
        max_risk: RiskLevel::Safe,
        known_duplicate: None,
        state_field: None,
        alt_credential: None,
        body_template: None,
    }
}

/// `minimal_ctx` elevated to `RiskLevel::MethodDestructive`.
pub(crate) fn ctx_method_destructive() -> ScanContext {
    ScanContext {
        max_risk: RiskLevel::MethodDestructive,
        ..minimal_ctx()
    }
}

/// `minimal_ctx` elevated to `RiskLevel::OperationDestructive`.
pub(crate) fn ctx_operation_destructive() -> ScanContext {
    ScanContext {
        max_risk: RiskLevel::OperationDestructive,
        ..minimal_ctx()
    }
}

/// `minimal_ctx` with `Authorization: Bearer token123` header added.
pub(crate) fn ctx_with_auth() -> ScanContext {
    let mut headers = HeaderMap::new();
    headers.insert(
        http::header::AUTHORIZATION,
        HeaderValue::from_static("Bearer token123"),
    );
    ScanContext {
        headers,
        ..minimal_ctx()
    }
}

/// `minimal_ctx` with a known-duplicate `email` field.
pub(crate) fn ctx_with_duplicate() -> ScanContext {
    ScanContext {
        known_duplicate: Some(KnownDuplicate {
            field: "email".to_owned(),
            value: "alice@example.com".to_owned(),
        }),
        ..minimal_ctx()
    }
}

/// `ctx_method_destructive` with an invalid `status` state field.
pub(crate) fn ctx_with_state_field() -> ScanContext {
    ScanContext {
        state_field: Some(StateField {
            field: "status".to_owned(),
            value: "invalid_state".to_owned(),
        }),
        ..ctx_method_destructive()
    }
}

/// Full scope-manipulation context: auth header + under-scoped `alt_credential`.
pub(crate) fn ctx_with_alt_credential() -> ScanContext {
    let mut headers = HeaderMap::new();
    headers.insert(
        http::header::AUTHORIZATION,
        HeaderValue::from_static("Bearer token123"),
    );
    let mut alt = HeaderMap::new();
    alt.insert(
        http::header::AUTHORIZATION,
        HeaderValue::from_static("Bearer under-scoped-token"),
    );
    ScanContext {
        headers,
        alt_credential: Some(alt),
        ..minimal_ctx()
    }
}