The Scrutiny Framework provides an extensible plugin based architecture for building security auditing tools for Fuchsia. The primary goal is to have a common base for these tools to prevent code duplication.
The core of the framework revolves around the DataModel
and is split into three categories:
DataControllers
consume to analyze the system.DataCollectors
.DataModel
. This is where the complex analysis of the DataModel
occurs completely independent of how the underlying data is collected. This provides flexability and compatability even if the underlying system changes.Source: src/model
for the implementation of these three categories.
Plugins take a set of DataCollectors
and DataControllers
and register them with the PluginManager
. This is the primary interface you will work with when adding new features to the framework. Currently plugins must be built into the core binary.
A Scrutiny plugin has three core functions:
DataController
.DataCollectors
required so that the DataModel
is populated with all the information the DataControllers
need to service queries.The abstract interface defined in src/engine/plugin.rs
allows the developer to focus on developing the plugin and can benefit from a shared architecture for integrating their plugin into both a REST service and a DataCollector worker pool.
The REST service provides a way for DataVisualizers
to access DataControllers
over the network through REST JSON. This provides the greatest flexability as DataVisualizers
can be written in any language or framework as long as they can communicate over the network to the Scrutiny service.
The REST service is populated automatically by the PluginManager
. If a Plugin
is registered and loaded and provides a PluginHook
for a DataController
mapped to the namespace “/foo/bar” the REST service will then call that DataController
when the URL “http://localhost:8080/foo/bar” is accessed. It handles passing through the query string which is the HTTP body of the request.
This allows the developer to just work on the plugin and take advantage of the shared infrastructure for hooking into DataVisualizers
.