vanguard-plugin 0.1.1

Plugin system for the Vanguard version manager
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

use std::path::Path;
use thiserror::Error;

use crate::PluginMetadata;

/// Errors that can occur during plugin validation
#[derive(Error, Debug)]
pub enum ValidationError {
    /// Plugin signature verification failed
    #[error("Signature verification failed: {0}")]
    SignatureInvalid(String),

    /// Plugin is not compatible with current platform
    #[error("Platform not supported: {0}")]
    PlatformIncompatible(String),

    /// Plugin exceeds resource limits
    #[error("Resource limit exceeded: {0}")]
    ResourceLimitExceeded(String),

    /// Plugin failed sandbox constraints
    #[error("Sandbox constraint violation: {0}")]
    SandboxViolation(String),

    /// Plugin metadata is invalid
    #[error("Invalid metadata: {0}")]
    InvalidMetadata(String),
}

/// Result of plugin validation
pub type ValidationResult = Result<(), ValidationError>;

/// Plugin validator for security and compatibility checks
#[derive(Debug)]
pub struct PluginValidator {
    /// Maximum memory usage in bytes
    pub max_memory: usize,
    /// Whether to enforce strict signature checks
    pub strict_signatures: bool,
    /// Whether to enforce sandboxing
    pub enforce_sandbox: bool,
}

impl Default for PluginValidator {
    fn default() -> Self {
        Self::new()
    }
}

impl PluginValidator {
    /// Create a new plugin validator with default settings
    pub fn new() -> Self {
        Self {
            max_memory: 100 * 1024 * 1024, // 100MB
            strict_signatures: true,
            enforce_sandbox: true,
        }
    }

    /// Set maximum allowed memory usage
    pub fn with_max_memory(mut self, max_bytes: usize) -> Self {
        self.max_memory = max_bytes;
        self
    }

    /// Set whether to enforce strict signature verification
    pub fn with_strict_signatures(mut self, strict: bool) -> Self {
        self.strict_signatures = strict;
        self
    }

    /// Set whether to enforce sandbox constraints
    pub fn with_sandbox(mut self, enforce: bool) -> Self {
        self.enforce_sandbox = enforce;
        self
    }

    /// Validate a plugin binary and its metadata
    pub async fn validate_plugin(
        &self,
        binary_path: &Path,
        metadata: &PluginMetadata,
    ) -> ValidationResult {
        // Validate metadata first
        self.validate_metadata(metadata)?;

        // Verify plugin signature if enabled
        if self.strict_signatures {
            self.verify_signature(binary_path)?;
        }

        // Check platform compatibility
        self.check_platform_compatibility(metadata)?;

        // Validate resource usage
        self.validate_resources(binary_path)?;

        // Check sandbox constraints
        if self.enforce_sandbox {
            self.check_sandbox_constraints(binary_path)?;
        }

        Ok(())
    }

    /// Validate plugin metadata
    fn validate_metadata(&self, metadata: &PluginMetadata) -> ValidationResult {
        // For now just check required fields are present
        if metadata.name.is_empty() {
            return Err(ValidationError::InvalidMetadata("name is required".into()));
        }
        if metadata.version.is_empty() {
            return Err(ValidationError::InvalidMetadata(
                "version is required".into(),
            ));
        }
        Ok(())
    }

    /// Verify plugin binary signature
    fn verify_signature(&self, _binary_path: &Path) -> ValidationResult {
        // TODO: Implement actual signature verification
        // For now just return Ok
        Ok(())
    }

    /// Check if plugin is compatible with current platform
    fn check_platform_compatibility(&self, _metadata: &PluginMetadata) -> ValidationResult {
        // TODO: Implement actual platform checks
        // For now just return Ok
        Ok(())
    }

    /// Validate plugin resource usage
    fn validate_resources(&self, _binary_path: &Path) -> ValidationResult {
        // TODO: Implement actual resource validation
        // For now just return Ok
        Ok(())
    }

    /// Check plugin sandbox constraints
    fn check_sandbox_constraints(&self, _binary_path: &Path) -> ValidationResult {
        // TODO: Implement actual sandbox checks
        // For now just return Ok
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::path::PathBuf;

    fn create_test_metadata() -> PluginMetadata {
        PluginMetadata {
            name: "test-plugin".to_string(),
            version: "1.0.0".to_string(),
            description: "Test Plugin".to_string(),
            author: "Test Author".to_string(),
            min_vanguard_version: Some("0.1.0".to_string()),
            max_vanguard_version: Some("2.0.0".to_string()),
            dependencies: vec![],
        }
    }

    #[tokio::test]
    async fn test_validator_configuration() {
        let validator = PluginValidator::new()
            .with_max_memory(50 * 1024 * 1024)
            .with_strict_signatures(false)
            .with_sandbox(true);

        assert_eq!(validator.max_memory, 50 * 1024 * 1024);
        assert!(!validator.strict_signatures);
        assert!(validator.enforce_sandbox);
    }

    #[tokio::test]
    async fn test_metadata_validation() {
        let validator = PluginValidator::new();
        let metadata = create_test_metadata();

        assert!(validator.validate_metadata(&metadata).is_ok());

        // Test invalid metadata
        let invalid_metadata = PluginMetadata {
            name: "".to_string(),
            ..metadata.clone()
        };
        assert!(matches!(
            validator.validate_metadata(&invalid_metadata),
            Err(ValidationError::InvalidMetadata(_))
        ));
    }

    #[tokio::test]
    async fn test_full_validation() {
        let validator = PluginValidator::new();
        let metadata = create_test_metadata();
        let binary_path = PathBuf::from("test-binary");

        let result = validator.validate_plugin(&binary_path, &metadata).await;
        assert!(result.is_ok());
    }
}