use http::HeaderMap;
use parlov_core::Error;
use parlov_elicit::{KnownDuplicate, RiskLevel, ScanContext, StateField};
use crate::util::parse_headers;
use crate::vector_filter::{max_risk_from_filters, VectorFilter};
pub(crate) fn parse_risk(s: &str) -> Result<RiskLevel, Error> {
match s {
"safe" => Ok(RiskLevel::Safe),
"method-destructive" => Ok(RiskLevel::MethodDestructive),
"operation-destructive" => Ok(RiskLevel::OperationDestructive),
other => Err(Error::Http(format!(
"invalid risk level '{other}'; expected safe | method-destructive | operation-destructive"
))),
}
}
pub(crate) fn parse_known_duplicate(s: &str) -> Result<KnownDuplicate, Error> {
let (field, value) = s.split_once('=').ok_or_else(|| {
Error::Http(format!("known-duplicate must be 'field=value', got '{s}'"))
})?;
Ok(KnownDuplicate { field: field.to_owned(), value: value.to_owned() })
}
pub(crate) fn parse_state_field(s: &str) -> Result<StateField, Error> {
let (field, value) = s.split_once('=').ok_or_else(|| {
Error::Http(format!("state-field must be 'field=value', got '{s}'"))
})?;
Ok(StateField { field: field.to_owned(), value: value.to_owned() })
}
pub(crate) fn parse_alt_credential(s: &str) -> Result<HeaderMap, Error> {
parse_headers(&[s.to_owned()])
}
pub(crate) fn build_scan_context(
args: &crate::cli::ScanArgs,
vector_filters: &[VectorFilter],
) -> Result<ScanContext, Error> {
let probe_id = args
.probe_id
.clone()
.unwrap_or_else(|| uuid::Uuid::new_v4().to_string());
let max_risk = if vector_filters.is_empty() {
parse_risk(&args.risk)?
} else {
max_risk_from_filters(vector_filters)
};
let headers = parse_headers(&args.headers)?;
let known_duplicate = args
.known_duplicate
.as_deref()
.map(parse_known_duplicate)
.transpose()?;
let state_field = args.state_field.as_deref().map(parse_state_field).transpose()?;
let alt_credential = args
.alt_credential
.as_deref()
.map(parse_alt_credential)
.transpose()?;
Ok(ScanContext {
target: args.target.clone(),
baseline_id: args.baseline_id.clone(),
probe_id,
headers,
max_risk,
known_duplicate,
state_field,
alt_credential,
body_template: args.body.clone(),
})
}
#[cfg(test)]
mod tests {
use super::*;
use crate::cli::ScanArgs;
fn minimal_args(target: &str, baseline_id: &str) -> ScanArgs {
ScanArgs {
target: target.to_owned(),
baseline_id: baseline_id.to_owned(),
probe_id: Some("9999".to_owned()),
risk: "safe".to_owned(),
headers: vec![],
alt_credential: None,
known_duplicate: None,
state_field: None,
vectors: vec![],
body: None,
}
}
#[test]
fn parse_risk_safe() {
assert_eq!(parse_risk("safe").unwrap(), RiskLevel::Safe);
}
#[test]
fn parse_risk_method_destructive() {
assert_eq!(parse_risk("method-destructive").unwrap(), RiskLevel::MethodDestructive);
}
#[test]
fn parse_risk_operation_destructive() {
assert_eq!(parse_risk("operation-destructive").unwrap(), RiskLevel::OperationDestructive);
}
#[test]
fn parse_risk_invalid_returns_err() {
assert!(parse_risk("invalid").is_err());
}
#[test]
fn parse_known_duplicate_splits_field_and_value() {
let kd = parse_known_duplicate("email=alice@example.com").unwrap();
assert_eq!(kd.field, "email");
assert_eq!(kd.value, "alice@example.com");
}
#[test]
fn parse_known_duplicate_splits_on_first_equals_only() {
let kd = parse_known_duplicate("foo=bar=baz").unwrap();
assert_eq!(kd.field, "foo");
assert_eq!(kd.value, "bar=baz");
}
#[test]
fn parse_known_duplicate_no_divider_returns_err() {
assert!(parse_known_duplicate("nodivider").is_err());
}
#[test]
fn parse_state_field_splits_correctly() {
let sf = parse_state_field("status=invalid").unwrap();
assert_eq!(sf.field, "status");
assert_eq!(sf.value, "invalid");
}
#[test]
fn build_scan_context_target_matches_and_risk_defaults_to_safe() {
let args = minimal_args("https://api.example.com/users/{id}", "1001");
let ctx = build_scan_context(&args, &[]).unwrap();
assert_eq!(ctx.target, "https://api.example.com/users/{id}");
assert_eq!(ctx.max_risk, RiskLevel::Safe);
}
}