stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
89543de7f1f45d44ab6c79afd7382d83d26b1204
git.stella-ops.org/src/AirGap/StellaOps.AirGap.Policy/StellaOps.AirGap.Policy/AirGapEgressBlockedException.cs
master 89543de7f1
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
feat: Implement vulnerability token signing and verification utilities 
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys.
- Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries.
- Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads.
- Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options.
- Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads.
- Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features.
- Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
2025-11-03 10:02:29 +02:00

101 lines
3.1 KiB
C#
Raw Blame History

using System;
using System.Text;
namespace StellaOps.AirGap.Policy;
/// <summary>
/// Exception raised when an egress operation is blocked while sealed mode is active.
/// </summary>
public sealed class AirGapEgressBlockedException : InvalidOperationException
{
/// <summary>
/// Error code surfaced to callers when egress is blocked.
/// </summary>
public const string ErrorCode = "AIRGAP_EGRESS_BLOCKED";
/// <summary>
/// Initializes a new instance of the <see cref="AirGapEgressBlockedException"/> class.
/// </summary>
/// <param name="request">Request details.</param>
/// <param name="reason">Reason returned by the policy.</param>
/// <param name="remediation">Remediation guidance.</param>
/// <param name="documentationUrl">Optional documentation URL.</param>
/// <param name="supportContact">Optional support contact.</param>
public AirGapEgressBlockedException(
EgressRequest request,
string reason,
string remediation,
string? documentationUrl,
string? supportContact)
: base(BuildMessage(request, reason, remediation, documentationUrl, supportContact))
{
Request = request;
Reason = reason;
Remediation = remediation;
DocumentationUrl = documentationUrl;
SupportContact = supportContact;
}
/// <summary>
/// Gets the blocked request.
/// </summary>
public EgressRequest Request { get; }
/// <summary>
/// Gets the reason supplied by the policy.
/// </summary>
public string Reason { get; }
/// <summary>
/// Gets the remediation guidance.
/// </summary>
public string Remediation { get; }
/// <summary>
/// Gets an optional documentation URL.
/// </summary>
public string? DocumentationUrl { get; }
/// <summary>
/// Gets an optional support contact (for example, an on-call alias).
/// </summary>
public string? SupportContact { get; }
private static string BuildMessage(EgressRequest request, string reason, string remediation, string? documentationUrl, string? supportContact)
{
var builder = new StringBuilder();
builder.Append(ErrorCode)
.Append(": component '")
.Append(request.Component)
.Append("' attempted to reach '")
.Append(request.Destination)
.Append("' (intent: ")
.Append(request.Intent);
if (!string.IsNullOrEmpty(request.Operation))
{
builder.Append(", operation: ")
.Append(request.Operation);
}
builder.Append("). Reason: ")
.Append(reason)
.Append(". Remediation: ")
.Append(remediation);
if (!string.IsNullOrWhiteSpace(documentationUrl))
{
builder.Append(" Documentation: ")
.Append(documentationUrl);
}
if (!string.IsNullOrWhiteSpace(supportContact))
{
builder.Append(" Contact: ")
.Append(supportContact);
}
return builder.ToString();
}
}
Reference in New Issue View Git Blame Copy Permalink