⚠️ VeridianOS Kernel Documentation - This is low-level kernel code. All functions are unsafe unless explicitly marked otherwise. no_std

PackageSecurityScanner

veridian_kernel::pkg::testing

Struct PackageSecurityScanner 

Source 
pub struct PackageSecurityScanner { /* private fields */ }
Expand description

Pre-install package security scanner.

Scans package file paths and requested capabilities against a set of suspicious patterns before the package is installed. This is distinct from repository::SecurityScanner which operates at the repository level.

Implementations§

Source§

impl PackageSecurityScanner

Source

pub fn new() -> Self

Create a new scanner pre-loaded with default suspicious patterns.

Source

pub fn add_pattern(&mut self, pattern: ScanPattern)

Register an additional scan pattern.

Source

pub fn pattern_count(&self) -> usize

Return the number of registered patterns.

Source

pub fn scan_paths(&self, file_paths: &[&str]) -> Vec<SecurityFinding>

Scan a list of file paths against suspicious-path patterns.

Checks each file path against all ScanPatternType::SuspiciousPath and ScanPatternType::UnsafePattern patterns.

Source

pub fn scan_capabilities(&self, requested_caps: &[&str]) -> Vec<SecurityFinding>

Scan requested capabilities against excessive-capability patterns.

Checks each requested capability against all ScanPatternType::ExcessiveCapability patterns.

Source

pub fn scan_hashes(&self, file_hashes: &[(&str, &str)]) -> Vec<SecurityFinding>

Scan file hashes against known-bad hash patterns.

file_hashes is a list of (file_path, hex_hash) pairs.

Source

pub fn has_findings_at_severity( findings: &[SecurityFinding], min_severity: ScanSeverity, ) -> bool

Check if any finding is at or above the given severity threshold.

Trait Implementations§

Source§

impl Default for PackageSecurityScanner

Available on crate feature alloc only.
Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

§

impl Freeze for PackageSecurityScanner

§

impl RefUnwindSafe for PackageSecurityScanner

§

impl Send for PackageSecurityScanner

§

impl Sync for PackageSecurityScanner

§

impl Unpin for PackageSecurityScanner

§

impl UnwindSafe for PackageSecurityScanner

Blanket Implementations§

§

impl<T> Any for T
where T: 'static + ?Sized,

§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
§

impl<T> Borrow<T> for T
where T: ?Sized,

§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
§

impl<T> BorrowMut<T> for T
where T: ?Sized,

§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
§

impl<T> From<T> for T

§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, U> Into<U> for T
where U: From<T>,

§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of [From]<T> for U chooses to do.

§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.