scanbridge 0.3.0

A unified, pluggable API for malware scanning with circuit breakers, policy enforcement, and audit logging
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

//! Policy actions that can be taken based on scan results.

use serde::{Deserialize, Serialize};

/// An action to take based on policy evaluation.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(tag = "type", rename_all = "snake_case")]
pub enum PolicyAction {
    /// Allow the file through.
    Allow,

    /// Allow the file but with a warning.
    AllowWithWarning {
        /// Warning message to display/log.
        message: String,
    },

    /// Quarantine the file.
    Quarantine {
        /// Reason for quarantine.
        reason: String,
    },

    /// Block the file entirely.
    Block {
        /// Reason for blocking.
        reason: String,
    },

    /// Require manual review before proceeding.
    RequireManualReview,
}

impl PolicyAction {
    /// Creates an Allow action.
    pub fn allow() -> Self {
        Self::Allow
    }

    /// Creates an AllowWithWarning action.
    pub fn allow_with_warning(message: impl Into<String>) -> Self {
        Self::AllowWithWarning {
            message: message.into(),
        }
    }

    /// Creates a Quarantine action.
    pub fn quarantine(reason: impl Into<String>) -> Self {
        Self::Quarantine {
            reason: reason.into(),
        }
    }

    /// Creates a Block action.
    pub fn block(reason: impl Into<String>) -> Self {
        Self::Block {
            reason: reason.into(),
        }
    }

    /// Creates a RequireManualReview action.
    pub fn require_review() -> Self {
        Self::RequireManualReview
    }

    /// Returns true if this action allows the file through.
    pub fn is_allowed(&self) -> bool {
        matches!(self, Self::Allow | Self::AllowWithWarning { .. })
    }

    /// Returns true if this action blocks the file.
    pub fn is_blocked(&self) -> bool {
        matches!(self, Self::Block { .. })
    }

    /// Returns true if this action quarantines the file.
    pub fn is_quarantine(&self) -> bool {
        matches!(self, Self::Quarantine { .. })
    }

    /// Returns true if this action requires manual review.
    pub fn requires_review(&self) -> bool {
        matches!(self, Self::RequireManualReview)
    }

    /// Returns the severity level of the action (higher = more severe).
    pub fn severity(&self) -> u8 {
        match self {
            Self::Allow => 0,
            Self::AllowWithWarning { .. } => 1,
            Self::RequireManualReview => 2,
            Self::Quarantine { .. } => 3,
            Self::Block { .. } => 4,
        }
    }
}

impl Default for PolicyAction {
    fn default() -> Self {
        Self::Allow
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_policy_action_helpers() {
        assert!(PolicyAction::allow().is_allowed());
        assert!(PolicyAction::allow_with_warning("test").is_allowed());
        assert!(PolicyAction::block("malware").is_blocked());
        assert!(PolicyAction::quarantine("suspicious").is_quarantine());
        assert!(PolicyAction::require_review().requires_review());
    }

    #[test]
    fn test_policy_action_severity() {
        assert!(PolicyAction::Block { reason: "".into() }.severity() 
            > PolicyAction::Quarantine { reason: "".into() }.severity());
        assert!(PolicyAction::Quarantine { reason: "".into() }.severity() 
            > PolicyAction::Allow.severity());
    }
}