GeneralBots/botserver
2
1
Fork 0
Code Activity Actions
botserver/src/compliance/mod.rs

388 lines
11 KiB
Rust
Raw Blame History

use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use std::collections::HashMap;
pub mod access_review;
pub mod audit;
pub mod code_scanner;
pub mod policy_checker;
pub mod risk_assessment;
pub mod training_tracker;
pub use code_scanner::{
CodeIssue, CodeScanner, ComplianceReporter, ComplianceScanResult, IssueSeverity, IssueType,
ScanStats,
};
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum ComplianceFramework {
GDPR,
SOC2,
ISO27001,
HIPAA,
PCIDSS,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum ComplianceStatus {
Compliant,
PartialCompliance,
NonCompliant,
InProgress,
NotApplicable,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum Severity {
Low,
Medium,
High,
Critical,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ComplianceCheckResult {
pub framework: ComplianceFramework,
pub control_id: String,
pub control_name: String,
pub status: ComplianceStatus,
pub score: f64,
pub checked_at: DateTime<Utc>,
pub issues: Vec<ComplianceIssue>,
pub evidence: Vec<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ComplianceIssue {
pub id: String,
pub severity: Severity,
pub title: String,
pub description: String,
pub remediation: String,
pub due_date: Option<DateTime<Utc>>,
pub assigned_to: Option<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AuditLogEntry {
pub id: String,
pub timestamp: DateTime<Utc>,
pub event_type: AuditEventType,
pub user_id: Option<String>,
pub resource_type: String,
pub resource_id: String,
pub action: String,
pub result: ActionResult,
pub ip_address: Option<String>,
pub user_agent: Option<String>,
pub metadata: HashMap<String, String>,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum AuditEventType {
Access,
Modification,
Deletion,
Security,
Admin,
Authentication,
Authorization,
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum ActionResult {
Success,
Failure,
Denied,
Error,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct RiskAssessment {
pub id: String,
pub title: String,
pub created_at: DateTime<Utc>,
pub completed_at: Option<DateTime<Utc>>,
pub assessor: String,
pub methodology: String,
pub overall_risk_score: f64,
pub risks: Vec<Risk>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Risk {
pub id: String,
pub title: String,
pub category: RiskCategory,
pub likelihood_score: u8,
pub impact_score: u8,
pub risk_score: u8,
pub risk_level: Severity,
pub current_controls: Vec<String>,
pub treatment_strategy: TreatmentStrategy,
pub status: RiskStatus,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum RiskCategory {
Technical,
Operational,
Financial,
Compliance,
Reputational,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum TreatmentStrategy {
Mitigate,
Accept,
Transfer,
Avoid,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum RiskStatus {
Open,
InProgress,
Mitigated,
Accepted,
Closed,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TrainingRecord {
pub id: String,
pub user_id: String,
pub training_type: TrainingType,
pub training_name: String,
pub completion_date: DateTime<Utc>,
pub score: Option<u8>,
pub valid_until: Option<DateTime<Utc>>,
pub certificate_url: Option<String>,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum TrainingType {
SecurityAwareness,
DataProtection,
IncidentResponse,
ComplianceOverview,
RoleSpecific,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct AccessReview {
pub id: String,
pub user_id: String,
pub reviewer_id: String,
pub review_date: DateTime<Utc>,
pub permissions_reviewed: Vec<PermissionReview>,
pub anomalies: Vec<String>,
pub recommendations: Vec<String>,
pub status: ReviewStatus,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct PermissionReview {
pub resource_type: String,
pub resource_id: String,
pub permissions: Vec<String>,
pub justification: String,
pub action: ReviewAction,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum ReviewAction {
Approved,
Revoked,
Modified,
FlaggedForReview,
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub enum ReviewStatus {
Pending,
InProgress,
Completed,
Approved,
}
pub struct ComplianceMonitor {
enabled_frameworks: Vec<ComplianceFramework>,
_check_interval_hours: u32,
_auto_remediate: bool,
}
impl ComplianceMonitor {
pub fn new(frameworks: Vec<ComplianceFramework>) -> Self {
Self {
enabled_frameworks: frameworks,
_check_interval_hours: 24,
_auto_remediate: false,
}
}
pub async fn run_checks(
&self,
) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
let mut results = Vec::new();
for framework in &self.enabled_frameworks {
let framework_results = self.check_framework(framework).await?;
results.extend(framework_results);
}
Ok(results)
}
async fn check_framework(
&self,
framework: &ComplianceFramework,
) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
match framework {
ComplianceFramework::GDPR => self.check_gdpr().await,
ComplianceFramework::SOC2 => self.check_soc2().await,
ComplianceFramework::ISO27001 => self.check_iso27001().await,
ComplianceFramework::HIPAA => self.check_hipaa().await,
ComplianceFramework::PCIDSS => self.check_pci_dss().await,
}
}
async fn check_gdpr(&self) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
let mut results = Vec::new();
results.push(ComplianceCheckResult {
framework: ComplianceFramework::GDPR,
control_id: "gdpr_7.2".to_string(),
control_name: "Data Retention Policy".to_string(),
status: ComplianceStatus::Compliant,
score: 95.0,
checked_at: Utc::now(),
issues: vec![],
evidence: vec!["Automated data deletion configured".to_string()],
});
results.push(ComplianceCheckResult {
framework: ComplianceFramework::GDPR,
control_id: "gdpr_5.1.f".to_string(),
control_name: "Data Protection Measures".to_string(),
status: ComplianceStatus::Compliant,
score: 100.0,
checked_at: Utc::now(),
issues: vec![],
evidence: vec!["AES-256-GCM encryption enabled".to_string()],
});
results.push(ComplianceCheckResult {
framework: ComplianceFramework::GDPR,
control_id: "gdpr_6.1".to_string(),
control_name: "Lawful Basis for Processing".to_string(),
status: ComplianceStatus::Compliant,
score: 98.0,
checked_at: Utc::now(),
issues: vec![],
evidence: vec!["Consent records maintained".to_string()],
});
Ok(results)
}
async fn check_soc2(&self) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
let mut results = Vec::new();
results.push(ComplianceCheckResult {
framework: ComplianceFramework::SOC2,
control_id: "cc6.1".to_string(),
control_name: "Logical and Physical Access Controls".to_string(),
status: ComplianceStatus::Compliant,
score: 94.0,
checked_at: Utc::now(),
issues: vec![],
evidence: vec!["MFA enabled for privileged accounts".to_string()],
});
Ok(results)
}
async fn check_iso27001(
&self,
) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
let mut results = Vec::new();
results.push(ComplianceCheckResult {
framework: ComplianceFramework::ISO27001,
control_id: "a.8.1".to_string(),
control_name: "Inventory of Assets".to_string(),
status: ComplianceStatus::Compliant,
score: 90.0,
checked_at: Utc::now(),
issues: vec![],
evidence: vec!["Asset inventory maintained".to_string()],
});
Ok(results)
}
async fn check_hipaa(&self) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
Ok(vec![])
}
async fn check_pci_dss(
&self,
) -> Result<Vec<ComplianceCheckResult>, Box<dyn std::error::Error>> {
Ok(vec![])
}
pub fn calculate_compliance_score(results: &[ComplianceCheckResult]) -> f64 {
if results.is_empty() {
return 0.0;
}
let total: f64 = results.iter().map(|r| r.score).sum();
total / results.len() as f64
}
pub fn generate_report(results: &[ComplianceCheckResult]) -> ComplianceReport {
let mut issues_by_severity = HashMap::new();
let mut total_issues = 0;
for result in results {
for issue in &result.issues {
*issues_by_severity
.entry(issue.severity.clone())
.or_insert(0) += 1;
total_issues += 1;
}
}
ComplianceReport {
generated_at: Utc::now(),
overall_score: Self::calculate_compliance_score(results),
total_controls_checked: results.len(),
compliant_controls: results
.iter()
.filter(|r| r.status == ComplianceStatus::Compliant)
.count(),
total_issues,
critical_issues: *issues_by_severity.get(&Severity::Critical).unwrap_or(&0),
high_issues: *issues_by_severity.get(&Severity::High).unwrap_or(&0),
medium_issues: *issues_by_severity.get(&Severity::Medium).unwrap_or(&0),
low_issues: *issues_by_severity.get(&Severity::Low).unwrap_or(&0),
results: results.to_vec(),
}
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ComplianceReport {
pub generated_at: DateTime<Utc>,
pub overall_score: f64,
pub total_controls_checked: usize,
pub compliant_controls: usize,
pub total_issues: usize,
pub critical_issues: usize,
pub high_issues: usize,
pub medium_issues: usize,
pub low_issues: usize,
pub results: Vec<ComplianceCheckResult>,
}
View git blame Copy permalink