parlov_core/

lib.rs

//! Shared types, error types, and oracle class definitions used across all parlov crates.
//!
//! This crate is the dependency root of the workspace — it carries no deps on other workspace
//! crates and is designed to compile fast. Everything in here is pure data: no I/O, no async,
//! no heavy dependencies.

#![deny(clippy::all)]
#![warn(clippy::pedantic)]
#![deny(missing_docs)]

mod serde_helpers;

use bytes::Bytes;
use http::{HeaderMap, Method, StatusCode};
use serde::{Deserialize, Serialize};
use serde_helpers::{
    bytes_serde, header_map_serde, method_serde, opt_bytes_serde, status_code_serde,
};

/// A single HTTP interaction: full response surface and wall-clock timing.
///
/// Captures everything needed for differential analysis — status, headers, body, and timing —
/// in one flat structure.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ResponseSurface {
    /// HTTP status code returned by the server.
    #[serde(with = "status_code_serde")]
    pub status: StatusCode,
    /// Full response header map.
    #[serde(with = "header_map_serde")]
    pub headers: HeaderMap,
    /// Raw response body bytes, serialized as a base64-encoded byte sequence.
    #[serde(with = "bytes_serde")]
    pub body: Bytes,
    /// Wall-clock response time in nanoseconds, measured from first byte sent to last byte
    /// received.
    pub timing_ns: u64,
}

/// A single HTTP request to execute against a target.
///
/// The authorization context is expressed entirely through the `headers` field — set an
/// `Authorization` header for bearer tokens, API keys, or Basic auth. No special-case auth
/// fields.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProbeDefinition {
    /// Fully-qualified target URL including scheme, host, path, and any query parameters.
    pub url: String,
    /// HTTP method for the request.
    #[serde(with = "method_serde")]
    pub method: Method,
    /// Request headers, including any authorization context.
    #[serde(with = "header_map_serde")]
    pub headers: HeaderMap,
    /// Request body. `None` for GET, HEAD, DELETE; `Some` for POST, PATCH, PUT.
    #[serde(with = "opt_bytes_serde")]
    pub body: Option<Bytes>,
}

/// Paired response surfaces for differential analysis.
///
/// `baseline` holds responses for the control input (e.g. a known-existing resource ID).
/// `probe` holds responses for the variable input (e.g. a randomly generated nonexistent ID).
/// Multiple samples per side support statistical analysis for timing oracles.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ProbeSet {
    /// Responses for the known-valid / control input.
    pub baseline: Vec<ResponseSurface>,
    /// Responses for the unknown / suspect input.
    pub probe: Vec<ResponseSurface>,
}

/// The oracle class being probed.
///
/// Each variant corresponds to a distinct detection strategy and analysis pipeline.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[non_exhaustive]
pub enum OracleClass {
    /// Status-code or body differential between an existing and nonexistent resource.
    Existence,
}

/// Confidence level of an oracle detection result.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum OracleVerdict {
    /// Signal is unambiguous: differential is consistent, statistically significant, and matches
    /// a known oracle pattern.
    Confirmed,
    /// Signal is present and consistent with an oracle, but evidence is not conclusive (e.g.
    /// borderline p-value, single sample).
    Likely,
    /// Signal is present but too weak or inconsistent to classify.
    Inconclusive,
    /// No differential signal detected; the endpoint does not exhibit this oracle.
    NotPresent,
}

/// Severity of a confirmed or likely oracle.
///
/// `None` on an `OracleResult` when the verdict is `NotPresent` or `Inconclusive`.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
pub enum Severity {
    /// Directly actionable: resource existence, valid credentials, or session state is leaked
    /// to unauthenticated or low-privilege callers.
    High,
    /// Leaks internal state but requires additional steps to exploit.
    Medium,
    /// Informational: leaks metadata that may assist further enumeration.
    Low,
}

/// The result of running an oracle analyzer against a `ProbeSet`.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct OracleResult {
    /// Which oracle class produced this result.
    pub class: OracleClass,
    /// Confidence verdict.
    pub verdict: OracleVerdict,
    /// Human-readable descriptions of each signal contributing to the verdict, e.g.
    /// `"403 (baseline) vs 404 (probe)"`.
    pub evidence: Vec<String>,
    /// Severity when the verdict is `Confirmed` or `Likely`; `None` when `NotPresent`.
    pub severity: Option<Severity>,
}

/// Errors produced by parlov crates.
#[derive(Debug, thiserror::Error)]
#[non_exhaustive]
pub enum Error {
    /// HTTP-level error from the probe engine.
    #[error("http error: {0}")]
    Http(String),
    /// Analysis failed due to insufficient or malformed probe data.
    #[error("analysis error: {0}")]
    Analysis(String),
    /// Serialization or deserialization failure.
    #[error("serialization error: {0}")]
    Serialization(#[from] serde_json::Error),
}