service_policy_kit

Crates.ioservice_policy_kit
lib.rsservice_policy_kit
version0.7.1
sourcesrc
created_at2021-09-27 18:38:34.140474
updated_at2024-05-19 08:27:20.542858
descriptionA toolkit to verify services against security policies
homepage
repositoryhttps://github.com/SpectralOps/service-policy-kit
max_upload_size
id457097
size198,192
Elad Kaplan (kaplanelad)

documentation

README






Service Policy Kit

service_policy_kit is a Rust based toolkit for verifying HTTP services against policies. You can:

  • Build a complete testing framework on your own, with service_policy_kit taking care of all the expectation logic
  • Run fuzzing tests against your services
  • Integrate in your code to perform custom readiness/self checks
  • Build your own tools (CLIs) that perform service validation and security testing of different kinds

Quick Start

Add to Cargo.toml

service_policy_kit = "0.2.0"

Example

Here's a full-blown policy runner that you can reuse:

use serde_yaml;
use service_policy_kit::data::{Context, SequenceInteractions};
use service_policy_kit::runner::{RunOptions, SequenceRunner};
use std::process::exit;

fn main() {
    let opts = RunOptions::default();
    let runner = SequenceRunner::from_opts(&opts);

    let sequence: SequenceInteractions = serde_yaml::from_str(
        r#"
http_interactions:
- request:
    id: step one
    uri: http://example.com
  response:
    status_code: "200"
"#,
    )
    .unwrap();
    let mut context = Context::new();
    let res = runner.run(&mut context, &sequence.http_interactions);
    exit(if res.ok { 0 } else { 1 })
}

You can run it by cloning this repo, and then:

cargo run --example quick-start

You should get:

$ cargo run --examples quick-start

✔ step one: ok 288ms

Ran 1 interactions with 1 checks in 288ms

Success: 1
Failure: 0
  Error: 0
Skipped: 0

Capabilities

  • :white_check_mark:  Flexible design: Use the runner for any purpose, sequence or individual interactions

  • :white_check_mark:  Contextual flows: interactions can extract, define and pass variables to the next ones

  • :white_check_mark:  Out of the box reporters: saves you some boilerplate work Multiple checks included: content, benchmark, certificates

  • :white_check_mark:  Discovery (WIP): given recorded API interactions, or an API spec, automatically generate interactions.

Concepts

There are a few concepts that make up service_policy_kit: Interaction, Expectation, Check, Violation and Runners.

Interaction

An interaction is a definition of calling an external service, and the expected responses per check type.

Interaction {
   request,
   response,
   examples,
   benchmark,
   cert,
}

Expectation (Policy)

An expectation is a set of expected matchers for all of the parts that are extracted from an interaction response.

Each of the fields take regular expressions and are matched against a live response accordingly.

Response {
   headers,
   status_code,
   body,
   vars,
}

Check

A check is an abstract action over a response. For example, running content expectation, a benchmark, or any other policy against a service.

Violation

Any check can output violation. A successful check has no violations.

Runners

A runner takes a set of interactions and execute these. For example, the included SequenceRunner will always execute interactions in a sequence, extracting variables from one interaction and passing it to the next one via Context.

Thanks

To all Contributors - you make this happen, thanks!

Copyright

Copyright (c) 2021 @jondot. See LICENSE for further details.

Commit count: 12

cargo fmt