281e676ad1
Remove high-risk defaults and tighten data handling across auth, storage, IPC, provider calls, and capabilities so sensitive data is better protected by default. Also update README/wiki security guidance and add targeted tests for the new hardening behaviors. Made-with: Cursor
181 lines
5.4 KiB
Rust
181 lines
5.4 KiB
Rust
use crate::db::models::AuditEntry;
|
|
use sha2::{Digest, Sha256};
|
|
|
|
fn compute_entry_hash(entry: &AuditEntry, prev_hash: &str) -> String {
|
|
let payload = format!(
|
|
"{}|{}|{}|{}|{}|{}|{}|{}",
|
|
prev_hash,
|
|
entry.id,
|
|
entry.timestamp,
|
|
entry.action,
|
|
entry.entity_type,
|
|
entry.entity_id,
|
|
entry.user_id,
|
|
entry.details
|
|
);
|
|
format!("{:x}", Sha256::digest(payload.as_bytes()))
|
|
}
|
|
|
|
/// Write an audit event to the audit_log table.
|
|
pub fn write_audit_event(
|
|
conn: &rusqlite::Connection,
|
|
action: &str,
|
|
entity_type: &str,
|
|
entity_id: &str,
|
|
details: &str,
|
|
) -> anyhow::Result<()> {
|
|
let entry = AuditEntry::new(
|
|
action.to_string(),
|
|
entity_type.to_string(),
|
|
entity_id.to_string(),
|
|
details.to_string(),
|
|
);
|
|
let prev_hash: String = conn
|
|
.prepare(
|
|
"SELECT entry_hash FROM audit_log WHERE entry_hash <> '' ORDER BY timestamp DESC, id DESC LIMIT 1",
|
|
)?
|
|
.query_row([], |row| row.get(0))
|
|
.unwrap_or_default();
|
|
let entry_hash = compute_entry_hash(&entry, &prev_hash);
|
|
conn.execute(
|
|
"INSERT INTO audit_log (id, timestamp, action, entity_type, entity_id, user_id, details, prev_hash, entry_hash) \
|
|
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9)",
|
|
rusqlite::params![
|
|
entry.id,
|
|
entry.timestamp,
|
|
entry.action,
|
|
entry.entity_type,
|
|
entry.entity_id,
|
|
entry.user_id,
|
|
entry.details,
|
|
prev_hash,
|
|
entry_hash,
|
|
],
|
|
)?;
|
|
Ok(())
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
|
|
fn setup_test_db() -> rusqlite::Connection {
|
|
let conn = rusqlite::Connection::open_in_memory().unwrap();
|
|
conn.execute_batch(
|
|
"CREATE TABLE audit_log (
|
|
id TEXT PRIMARY KEY,
|
|
timestamp TEXT NOT NULL,
|
|
action TEXT NOT NULL,
|
|
entity_type TEXT NOT NULL DEFAULT '',
|
|
entity_id TEXT NOT NULL DEFAULT '',
|
|
user_id TEXT NOT NULL DEFAULT 'local',
|
|
details TEXT NOT NULL DEFAULT '{}',
|
|
prev_hash TEXT NOT NULL DEFAULT '',
|
|
entry_hash TEXT NOT NULL DEFAULT ''
|
|
);",
|
|
)
|
|
.unwrap();
|
|
conn
|
|
}
|
|
|
|
#[test]
|
|
fn test_write_audit_event_inserts_row() {
|
|
let conn = setup_test_db();
|
|
write_audit_event(
|
|
&conn,
|
|
"test_action",
|
|
"issue",
|
|
"issue-123",
|
|
r#"{"key":"val"}"#,
|
|
)
|
|
.expect("should insert");
|
|
|
|
let count: i64 = conn
|
|
.prepare("SELECT COUNT(*) FROM audit_log")
|
|
.unwrap()
|
|
.query_row([], |row| row.get(0))
|
|
.unwrap();
|
|
assert_eq!(count, 1);
|
|
}
|
|
|
|
#[test]
|
|
fn test_write_audit_event_correct_fields() {
|
|
let conn = setup_test_db();
|
|
write_audit_event(&conn, "create_issue", "issue", "abc-999", "details here")
|
|
.expect("should insert");
|
|
|
|
let (action, entity_type, entity_id, user_id): (String, String, String, String) = conn
|
|
.prepare("SELECT action, entity_type, entity_id, user_id FROM audit_log LIMIT 1")
|
|
.unwrap()
|
|
.query_row([], |row| {
|
|
Ok((row.get(0)?, row.get(1)?, row.get(2)?, row.get(3)?))
|
|
})
|
|
.unwrap();
|
|
|
|
assert_eq!(action, "create_issue");
|
|
assert_eq!(entity_type, "issue");
|
|
assert_eq!(entity_id, "abc-999");
|
|
assert_eq!(user_id, "local");
|
|
}
|
|
|
|
#[test]
|
|
fn test_write_multiple_events() {
|
|
let conn = setup_test_db();
|
|
for i in 0..5 {
|
|
write_audit_event(
|
|
&conn,
|
|
&format!("action_{i}"),
|
|
"test",
|
|
&format!("id_{i}"),
|
|
"{}",
|
|
)
|
|
.unwrap();
|
|
}
|
|
|
|
let count: i64 = conn
|
|
.prepare("SELECT COUNT(*) FROM audit_log")
|
|
.unwrap()
|
|
.query_row([], |row| row.get(0))
|
|
.unwrap();
|
|
assert_eq!(count, 5);
|
|
}
|
|
|
|
#[test]
|
|
fn test_write_audit_event_generates_unique_ids() {
|
|
let conn = setup_test_db();
|
|
write_audit_event(&conn, "a", "t", "1", "{}").unwrap();
|
|
write_audit_event(&conn, "b", "t", "2", "{}").unwrap();
|
|
|
|
let mut stmt = conn.prepare("SELECT id FROM audit_log").unwrap();
|
|
let ids: Vec<String> = stmt
|
|
.query_map([], |row| row.get(0))
|
|
.unwrap()
|
|
.filter_map(|r| r.ok())
|
|
.collect();
|
|
assert_eq!(ids.len(), 2);
|
|
assert_ne!(ids[0], ids[1]);
|
|
}
|
|
|
|
#[test]
|
|
fn test_write_audit_event_hash_chain_links_entries() {
|
|
let conn = setup_test_db();
|
|
write_audit_event(&conn, "first", "issue", "1", "{}").unwrap();
|
|
write_audit_event(&conn, "second", "issue", "2", "{}").unwrap();
|
|
|
|
let mut stmt = conn
|
|
.prepare("SELECT prev_hash, entry_hash FROM audit_log ORDER BY timestamp ASC, id ASC")
|
|
.unwrap();
|
|
let rows: Vec<(String, String)> = stmt
|
|
.query_map([], |row| Ok((row.get(0)?, row.get(1)?)))
|
|
.unwrap()
|
|
.collect::<Result<Vec<_>, _>>()
|
|
.unwrap();
|
|
|
|
assert_eq!(rows.len(), 2);
|
|
assert_eq!(rows[0].0, "");
|
|
assert!(!rows[0].1.is_empty());
|
|
assert_eq!(rows[1].0, rows[0].1);
|
|
assert!(!rows[1].1.is_empty());
|
|
}
|
|
}
|