Skip to main content

Crate permission_auditor

Crate permission_auditor 

Source
Expand description

§permission-auditor

Audit a list of Chrome / Manifest V3 extension permissions against a curated risk database and produce a per-extension AuditReport:

  • a risk level (Low / Medium / High / Critical) for each permission, plus a short plain-English description of what it grants,
  • recognition for host-access patterns (<all_urls>, scheme wildcards, scoped match-patterns) and broad-vs-scoped classification,
  • an overall verdict for the whole extension, with the count of each severity and the single highest permission driving it.

This is a more comprehensive companion to ext-permission-risk: it covers the full MV3 permission surface, adds a Critical tier for the truly dangerous combinations (arbitrary host access + code injection), and returns a structured report rather than a single lookup.

Pure Rust, zero dependencies, #![forbid(unsafe_code)], fully tested.

This is the audit engine behind the zovo.one Chrome-extension privacy & security scanner.

§Quick example

use permission_auditor::{audit, RiskLevel};

let report = audit(&[
    "activeTab",
    "storage",
    "tabs",
    "<all_urls>",
    "scripting",
    "cookies",
]);

// activeTab and storage are Low; tabs is Medium; <all_urls> is Critical;
// scripting + cookies are High. The broad-host + code combo escalates to
// Critical — this is the canonical surveillance capability set.
assert_eq!(report.overall, RiskLevel::Critical);
assert!(report.critical_count >= 1);
assert!(report.high_count >= 2);
assert_eq!(report.findings.len(), 6);
assert!(report.findings.iter().any(|f| f.token == "<all_urls>"));

Structs§

AuditReport
A complete audit of one extension’s permission list.
Finding
A single audited permission: the token, the resolved risk level, a description, and where the classification came from.
PermissionEntry
A single database row: the manifest token exactly as it appears in a manifest, its risk tier, and a plain-English description.

Enums§

FindingKind
Whether a finding came from the curated named-token database or was synthesised for a host match-pattern / unknown token.
HostScope
The scope of a host-access match pattern.
RiskLevel
The four-tier risk classification used by the audit.

Constants§

RISK_DATABASE
The full curated MV3 permission risk database.

Functions§

audit
Audit a list of manifest permission tokens and return a structured AuditReport.
audit_with_manifest_version
Like audit but also takes the manifest version, which is surfaced on the report. A missing/unknown version is treated permissively (no downgrades), since MV2 extensions are still in the wild and we’d rather over-report than miss a webRequest-blocking grant.
classify_host_pattern
Classify a token into one of the host-pattern scopes.
find_permission
Look up a single permission token in the database.
is_host_access_pattern
Heuristic: does token look like a Manifest V3 host match-pattern (scheme://host/path) or a special broad-access token, rather than a named permission token?