Skip to main content

Crate use_security

Crate use_security 

Source
Expand description

§use-security

Feature-gated facade crate for RustUse security primitives.

§Experimental

use-security is experimental while the use-security workspace remains below 0.3.0. Expect small API adjustments during the first release wave.

§Example

[dependencies]
use-security = { version = "0.0.1", default-features = false, features = ["cve", "cwe", "cvss"] }
use use_security::{CveId, CweId, CvssScore, severity_from_score};

let cve: CveId = "CVE-2024-12345".parse()?;
let cwe: CweId = "CWE-79".parse()?;
let score = CvssScore::new(9.8)?;

assert_eq!(cve.as_str(), "CVE-2024-12345");
assert_eq!(cwe.to_string(), "CWE-79");
assert_eq!(severity_from_score(score).as_str(), "critical");

§Feature Flags

  • cve: re-export use-cve
  • cwe: re-export use-cwe
  • cvss: re-export use-cvss
  • owasp: re-export use-owasp
  • risk: re-export use-security-risk
  • threat: re-export use-threat
  • finding: re-export use-security-finding
  • authn: re-export use-authn
  • authz: re-export use-authz
  • secret: re-export use-secret
  • crypto: re-export use-crypto
  • security-header: re-export use-security-header
  • sbom: re-export use-sbom
  • full: enable all child crates

§Scope

  • Facade imports and namespace aliases for focused use-security child crates.
  • Small primitive metadata APIs for security-related identifiers, labels, and validation helpers.

§Non-goals

  • Implementation logic beyond re-exports.
  • Security scanning, authentication, authorization, encryption, SBOM generation, or policy enforcement.

§License

Licensed under either of the following, at your option:

  • Apache License, Version 2.0
  • MIT license

Re-exports§

pub use use_authn as authn;
pub use use_authz as authz;
pub use use_crypto as crypto;
pub use use_cve as cve;
pub use use_cvss as cvss;
pub use use_cwe as cwe;
pub use use_owasp as owasp;
pub use use_security_risk as risk;
pub use use_threat as threat;
pub use use_security_finding as finding;
pub use use_secret as secret;
pub use use_security_header as security_header;
pub use use_sbom as sbom;

Structs§

AccessAction
AccessResource
AccessSubject
ClaimName
CveId
A validated CVE identifier such as CVE-2024-12345.
CveReference
A lightweight CVE reference URL or label.
CveSequence
A CVE sequence component with at least four digits.
CveSource
A lightweight source label for CVE metadata.
CveYear
A four-digit CVE year.
CvssMetricName
CvssMetricValue
CvssScore
A validated CVSS base score.
CvssVector
CweId
A validated CWE identifier such as CWE-79.
CweNumber
Numeric CWE identifier component.
FindingEvidence
FindingLocation
FindingReference
FindingSource
MaskedSecret
A wrapper that never exposes its value through Debug or Display.
OwaspRiskId
Lightweight OWASP risk identifier.
PermissionName
RiskOwner
RoleName
SbomComponent
SBOM component metadata.
SbomComponentName
SbomComponentVersion
SbomDigest
SbomLicenseExpression
SbomPackageUrl
A package URL metadata value.
ScopeName
SecretName
SecretReference
SecurityFinding
Security finding metadata.
SecurityFindingId
SecurityHeaderName
A validated HTTP security header name.
SecurityRisk
Security risk metadata.
SecurityRiskId
ThreatId
ThreatScenario
A compact threat scenario metadata record.
ThreatSurface

Enums§

AccessDecision
Access decision labels.
AuthenticationFactor
Authentication factor labels.
AuthenticationMethod
Authentication method labels.
AuthenticationScheme
HTTP or application authentication scheme labels.
AuthnParseError
Error returned when an authentication label cannot be parsed.
AuthorizationModel
Authorization model labels.
AuthzNameError
Error returned when authorization names are invalid.
AuthzParseError
Error returned when an authorization label cannot be parsed.
ContentSecurityPolicyDirective
Content Security Policy directive labels.
CorsPolicyKind
CORS policy labels.
CredentialKind
Credential kind labels.
CryptoAlgorithm
Broad cryptographic algorithm category labels.
CryptoEncoding
Cryptographic encoding labels.
CryptoParseError
Error returned when a crypto label cannot be parsed.
CryptoStrength
Cryptographic strength labels.
CveIdError
Error returned when a CVE identifier is invalid.
CveRecordKind
CVE record kind metadata.
CveStatus
CVE publication status metadata.
CveTextError
Error returned when CVE text metadata is empty.
CvssAttackComplexity
CVSS attack-complexity labels.
CvssAttackVector
CVSS attack-vector labels.
CvssImpactLevel
CVSS impact-level labels.
CvssParseError
Error returned when a CVSS label cannot be parsed.
CvssPrivilegesRequired
CVSS privileges-required labels.
CvssScope
CVSS scope labels.
CvssScoreError
Error returned when a CVSS score is invalid.
CvssSeverity
CVSS severity labels.
CvssTextError
Error returned when CVSS text metadata is invalid.
CvssUserInteraction
CVSS user-interaction labels.
CvssVersion
CVSS version labels.
CweIdError
Error returned when a CWE identifier is invalid.
CweImpactKind
CWE impact category labels.
CweLikelihood
CWE likelihood labels.
CweParseError
Error returned when a CWE label cannot be parsed.
CweTaxonomySource
CWE taxonomy source labels.
CweWeaknessKind
CWE weakness category labels.
EncryptionAlgorithm
Encryption algorithm labels.
FindingConfidence
Finding confidence labels.
FindingKind
Finding source category labels.
FindingReferenceKind
Lightweight finding reference categories.
FindingSeverity
Finding severity labels.
FindingStatus
Finding lifecycle status labels.
FrameOptionsKind
X-Frame-Options labels.
HashAlgorithm
Hash algorithm labels.
KeyAlgorithm
Key algorithm labels.
KeyKind
Key kind labels.
KeyUsage
Key usage labels.
MfaStatus
MFA status labels.
OwaspControlArea
Application security control-area labels.
OwaspParseError
Error returned when an OWASP label cannot be parsed.
OwaspProjectKind
OWASP project labels.
OwaspTextError
Error returned when OWASP text metadata is invalid.
OwaspTop10Category
OWASP Top 10 style category labels.
OwaspTop10Version
OWASP Top 10 version labels.
PasswordPolicyLevel
Password policy strength labels.
PermissionsPolicyDirective
Permissions policy directive labels.
PolicyEffect
Policy effect labels.
ReferrerPolicyKind
Referrer policy labels.
RemediationStatus
Remediation status labels.
RiskCategory
Risk category labels.
RiskImpact
Risk impact labels.
RiskLikelihood
Risk likelihood labels.
RiskPriority
Sortable risk priority labels.
RiskSeverity
Risk severity labels.
RiskStatus
Risk status labels.
RiskTreatment
Risk treatment labels.
SbomFormat
SBOM format labels.
SbomParseError
Error returned when an SBOM label cannot be parsed.
SbomRelationshipKind
SBOM relationship labels.
SbomTextError
Error returned when SBOM text metadata is invalid.
SecretKind
Secret kind labels.
SecretParseError
Error returned when a secret label cannot be parsed.
SecretProvider
Secret provider labels.
SecretRedaction
Secret redaction strategy labels.
SecretRotationStatus
Secret rotation status labels.
SecretScope
Secret scope labels.
SecretSensitivity
Secret sensitivity labels.
SecretTextError
Error returned when secret text metadata is invalid.
SecurityFindingError
Error returned when finding metadata is invalid.
SecurityHeaderKind
Security header categories.
SecurityHeaderNameError
Error returned when a security header name is invalid.
SecurityHeaderParseError
Error returned when a security header label cannot be parsed.
SecurityRiskError
Error returned when security risk metadata is invalid.
SessionKind
Session kind labels.
SignatureAlgorithm
Signature algorithm labels.
SupplyChainRiskKind
Supply-chain risk labels.
ThreatActorKind
Threat actor labels.
ThreatCapability
Threat capability labels.
ThreatCategory
Threat category labels.
ThreatError
Error returned when threat metadata is invalid.
ThreatIntent
Threat intent labels.
ThreatModelKind
Threat model kind labels.
TokenBindingKind
Token binding kind labels.
TransportSecurityDirective
Strict-Transport-Security directive labels.

Constants§

CWE_22_PATH_TRAVERSAL
CWE_78_OS_COMMAND_INJECTION
CWE_79_XSS
CWE_89_SQL_INJECTION
CWE_94_CODE_INJECTION
CWE_200_SENSITIVE_INFORMATION_EXPOSURE
CWE_287_IMPROPER_AUTHENTICATION
CWE_352_CSRF
CWE_862_MISSING_AUTHORIZATION
CWE_918_SSRF

Functions§

is_deprecated_like
Returns true when a hash algorithm label is deprecated-like.
mask_all
Masks every character in a value.
mask_keep_last
Masks all but the last count characters in a value.
mask_keep_prefix_suffix
Masks the middle while keeping a prefix and suffix.
priority_from_likelihood_impact
Returns a sortable priority from likelihood and impact.
severity_from_score
Returns the CVSS severity bucket for a validated score.