Add PII ruleset and ruleset includes support

luca-software-developer · luca-software-developer · commit 83f001d06402 · 2026-02-16T20:07:19.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "log-security-analyzer"
-version = "1.0.0"
+version = "1.1.0"
 edition = "2021"
 
 [dependencies]
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 # Log Security Analyzer
 
-![Version: 1.0.0](https://img.shields.io/badge/version-1.0.0-blue)
+![Version: 1.1.0](https://img.shields.io/badge/version-1.1.0-blue)
 ![License: MIT](https://img.shields.io/badge/License-MIT-blue)
 
 A Rust CLI tool to scan log files and detect exposed secrets (tokens, API keys,
@@ -12,6 +12,7 @@ credentials) using configurable regex rules in TOML format.
 
 - Line-by-line scanning of arbitrary log files
 - Detection rules defined in TOML files, easily extensible
+- Ruleset includes via `includes` field for composable rulesets
 - Advanced regex support (lookahead/lookbehind) via `fancy-regex`
 - Severity levels: `critical`, `high`, `medium`, `low`
 - Formatted table output with color-coded severity
@@ -32,6 +33,13 @@ The default ruleset (`rulesets/default.toml`) detects:
 | MySQL Connection String      | high     |
 | JWT Token                    | high     |
 
+The PII ruleset (`rulesets/pii.toml`) includes the default rules and adds:
+
+| Secret              | Severity |
+|---------------------|----------|
+| Italian Fiscal Code | high     |
+| IBAN                | high     |
+
 ## Requirements
 
 - Rust 1.70+
@@ -79,6 +87,21 @@ severity = "high"
 
 Valid values for `severity`: `critical`, `high`, `medium`, `low`.
 
+You can include rules from other rulesets using the `includes` field:
+
+```toml
+includes = ["default.toml"]
+
+[[rules]]
+id = "my-rule"
+description = "Additional rule"
+regex = '''pattern_regex'''
+tags = ["tag1"]
+severity = "high"
+```
+
+Paths are resolved relative to the including file.
+
 ## Project Structure
 
 ```
@@ -90,6 +113,7 @@ src/
   severity.rs  # Severity level enum
 rulesets/
   default.toml # Default ruleset
+  pii.toml     # PII ruleset (includes default)
 logs/
   app.log      # Sample log file
 ```
diff --git a/rulesets/pii.toml b/rulesets/pii.toml
@@ -0,0 +1,17 @@
+title = "PII Detection Rules"
+description = "Rules for detecting personally identifiable information in logs"
+includes = ["default.toml"]
+
+[[rules]]
+id = "italian-fiscal-code"
+description = "Italian Fiscal Code"
+regex = '''(?i)\b[A-Z]{6}[0-9]{2}[A-EHLMPRST][0-9]{2}[A-Z][0-9]{3}[A-Z]\b'''
+tags = ["pii", "fiscal-code", "italy", "log", "runtime"]
+severity = "high"
+
+[[rules]]
+id = "iban"
+description = "IBAN"
+regex = '''(?i)\b[A-Z]{2}[0-9]{2}[A-Z0-9]{11,30}\b'''
+tags = ["pii", "iban", "finance", "log", "runtime"]
+severity = "high"
diff --git a/src/rules.rs b/src/rules.rs
@@ -3,8 +3,9 @@
 use crate::severity::Severity;
 use fancy_regex::Regex;
 use log::warn;
+use std::collections::HashSet;
 use std::io;
-use std::path::Path;
+use std::path::{Path, PathBuf};
 
 /// Represents a secret detection rule.
 pub struct Rule {
@@ -15,12 +16,36 @@ pub struct Rule {
 
 /// Loads rules from a TOML file.
 pub fn load_rules<P: AsRef<Path>>(path: P) -> io::Result<Vec<Rule>> {
+    let mut visited = HashSet::new();
+    load_rules_inner(path.as_ref(), &mut visited)
+}
+
+/// Recursively loads rules, tracking visited files to detect circular includes.
+fn load_rules_inner(path: &Path, visited: &mut HashSet<PathBuf>) -> io::Result<Vec<Rule>> {
+    let canonical = path.canonicalize()?;
+    if !visited.insert(canonical) {
+        return Err(io::Error::new(
+            io::ErrorKind::InvalidData,
+            format!("Circular include detected: {}", path.display()),
+        ));
+    }
+
+    let base_dir = path.parent().unwrap_or(Path::new("."));
     let content = std::fs::read_to_string(path)?;
     let toml_value: toml::Value =
         toml::from_str(&content).map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?;
 
     let mut rules = Vec::new();
 
+    if let Some(includes) = toml_value.get("includes").and_then(|v| v.as_array()) {
+        for include in includes {
+            if let Some(include_path) = include.as_str() {
+                let full_path = base_dir.join(include_path);
+                rules.extend(load_rules_inner(&full_path, visited)?);
+            }
+        }
+    }
+
     if let Some(rules_array) = toml_value.get("rules").and_then(|v| v.as_array()) {
         for rule in rules_array {
             let description = match rule.get("description").and_then(|v| v.as_str()) {
@@ -80,4 +105,64 @@ mod tests {
         assert_eq!(rules[0].severity, Severity::High);
         assert!(rules[0].regex.is_match("tok_123").unwrap());
     }
+
+    #[test]
+    fn test_load_rules_with_includes() {
+        let base_toml = r#"
+        [[rules]]
+        description = "Base Rule"
+        regex = "base_[0-9]+"
+        severity = "low"
+        "#;
+
+        let child_toml = r#"
+        includes = ["base_rules.toml"]
+
+        [[rules]]
+        description = "Child Rule"
+        regex = "child_[0-9]+"
+        severity = "high"
+        "#;
+
+        let tmp_dir = std::env::temp_dir().join("lsa_test_includes");
+        std::fs::create_dir_all(&tmp_dir).unwrap();
+
+        std::fs::write(tmp_dir.join("base_rules.toml"), base_toml).unwrap();
+        std::fs::write(tmp_dir.join("child_rules.toml"), child_toml).unwrap();
+
+        let rules = load_rules(tmp_dir.join("child_rules.toml")).unwrap();
+        assert_eq!(rules.len(), 2);
+        assert_eq!(rules[0].description, "Base Rule");
+        assert_eq!(rules[1].description, "Child Rule");
+    }
+
+    #[test]
+    fn test_load_rules_circular_include() {
+        let a_toml = r#"
+        includes = ["b.toml"]
+
+        [[rules]]
+        description = "Rule A"
+        regex = "a_[0-9]+"
+        severity = "low"
+        "#;
+
+        let b_toml = r#"
+        includes = ["a.toml"]
+
+        [[rules]]
+        description = "Rule B"
+        regex = "b_[0-9]+"
+        severity = "low"
+        "#;
+
+        let tmp_dir = std::env::temp_dir().join("lsa_test_circular");
+        std::fs::create_dir_all(&tmp_dir).unwrap();
+
+        std::fs::write(tmp_dir.join("a.toml"), a_toml).unwrap();
+        std::fs::write(tmp_dir.join("b.toml"), b_toml).unwrap();
+
+        let result = load_rules(tmp_dir.join("a.toml"));
+        assert!(result.is_err());
+    }
 }
