feat(cedarling): initial implementation for cedarling

[sokorototo]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

It doesn't close any issue, as this is new territory.

Implementation Details

Initial implementation for cedarling

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this GitHub pull request cover a wide range of files and functionality within the "jans-lock/cedarling" project. The key changes include:

1. Updates to the .gitignore file to exclude build artifacts, metadata, and IDE-specific files.
2. Addition of a new Rust crate called "cedarling" that is designed to work with WebAssembly (WASM) and various web-related APIs.
3. Modifications to the project's configuration file to specify the URL for fetching a policy schema file and configure the policy store.
4. Updates to the project's dependencies, including the addition of the "cedar-policy" crate and various other Rust libraries.
5. Changes to the project's code, including the implementation of utility functions for fetching the policy schema, making HTTP requests, and handling authorization decisions using the Cedar Policy framework.
6. Addition of new test cases, including one that fetches data from an external URL.

From an application security perspective, the key areas to focus on are:

• Ensuring the security of external dependencies and libraries used in the project.
• Properly validating and sanitizing user input, especially when making HTTP requests or handling authorization decisions.
• Securing the communication and storage of sensitive data, such as the policy schema and authorization-related information.
• Implementing robust error handling and logging mechanisms to detect and respond to potential security issues.

Overall, the changes appear to be focused on enhancing the functionality and reliability of the "cedarling" project, but it's important to carefully review the implementation and security implications of these changes to maintain the overall security posture of the application.

Files Changed:

1. jans-lock/cedarling/.gitignore: Updates to the .gitignore file to exclude build artifacts, metadata, and IDE-specific files.
2. jans-lock/cedarling/Cargo.toml: Addition of a new Rust crate called "cedarling" and updates to the project's dependencies.
3. jans-lock/cedarling/config.toml: Modifications to the project's configuration file to specify the URL for fetching a policy schema file and configure the policy store.
4. jans-lock/cedarling/Cargo.lock: Updates to the project's dependency versions and the addition of new dependencies.
5. jans-lock/cedarling/rustfmt.toml: Changes to the Rust code formatting configuration, including increasing the maximum line width.
6. jans-lock/cedarling/src/cedar.rs: Implementation of utility functions for managing the lifecycle of entities, policies, and the authorizer used in the Cedar policy engine.
7. jans-lock/cedarling/src/types.rs: Addition of new data structures, including "Tokens" and "Request", used in the project.
8. jans-lock/cedarling/src/lib.rs: Changes related to the initialization of the Cedar Policy framework, event source setup, and authorization logic.
9. jans-lock/cedarling/tests/fetch-schema.rs: Addition of a new test case for the utils::fetch_schema() function.
10. jans-lock/cedarling/src/utils.rs: Implementation of utility functions for making HTTP requests and fetching the policy schema.
11. jans-lock/cedarling/tests/get-str.rs: Addition of a new test case for the utils::get() function.

Powered by DryRun Security

[nynymike]

In the future we want smaller PR's.

[sokorototo]

In the future we want smaller PR's.

Yeah, will do

[kdhttps]

@sokorototo thanks for a initial code. It's looking good. It will good to add some test cases and README.md with setup, run test cases, and usage of library instructions.

[kdhttps]

can we add unit test for get_str func?

[sokorototo]

Will do!

[kdhttps]

it will be good to add a unit test for fetch_schema.

[kdhttps]

Can we check the let schema with some values? Adding some assert() statements here will be good.

[sokorototo]

Oh it was a temporary test, just to make sure utils::fetch_schema was working. I will validate the data next!

[kdhttps]

is it possible to add an integration test for lib.rs functions?

[sokorototo]

Yes, I can setup some unit tests for these.

[sokorototo]

@kdhttps do you mind merging this currently, and then creating a new issue for the unit tests? Otherwise the commit might get larger

[kdhttps]

@kdhttps do you mind merging this currently, and then creating a new issue for the unit tests? Otherwise the commit might get larger

agreed

[SafinWasi]

Looks good to me. Once we have a basic POC, can you add a README on how to compile and run this locally?

[sokorototo]

agreed

You can create a new issue, I am sure to follow up!