skill-veil-core 0.2.0

Core library for skill-veil behavioral analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

use serde::{Deserialize, Serialize};
use strum_macros::Display;

#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize, Display)]
#[serde(rename_all = "snake_case")]
#[strum(serialize_all = "snake_case")]
pub enum DeclaredPermission {
    BrowserFull,
    FileWrite,
    ShellExec,
    NetworkAccess,
    SecretsAccess,
    OAuthScopes,
}

/// Canonical mapping from rule IDs to declared permissions.
///
/// Single source of truth used by `derive_declared_permissions` in
/// `verdict.rs` and `is_permission_model_rule` in `verdict_calibration.rs`.
pub const DECLARED_PERMISSION_RULES: &[(&str, DeclaredPermission)] = &[
    (
        "DECLARED_PERMISSION_BROWSER_FULL",
        DeclaredPermission::BrowserFull,
    ),
    (
        "DECLARED_PERMISSION_FILE_WRITE",
        DeclaredPermission::FileWrite,
    ),
    (
        "DECLARED_PERMISSION_SHELL_EXEC",
        DeclaredPermission::ShellExec,
    ),
    (
        "DECLARED_PERMISSION_NETWORK_ACCESS",
        DeclaredPermission::NetworkAccess,
    ),
    (
        "DECLARED_PERMISSION_SECRETS_ACCESS",
        DeclaredPermission::SecretsAccess,
    ),
    (
        "DECLARED_PERMISSION_OAUTH_SCOPES",
        DeclaredPermission::OAuthScopes,
    ),
];

/// Look up the declared permission for a given rule ID.
pub fn declared_permission_for_rule(rule_id: &str) -> Option<DeclaredPermission> {
    DECLARED_PERMISSION_RULES
        .iter()
        .find(|(id, _)| *id == rule_id)
        .map(|(_, perm)| *perm)
}

/// Check whether a rule ID corresponds to a declared permission rule.
pub fn is_declared_permission_rule(rule_id: &str) -> bool {
    DECLARED_PERMISSION_RULES
        .iter()
        .any(|(id, _)| *id == rule_id)
}