ref(envelope): Introduce an item type for security reports #617
Conversation
jan-auer
force-pushed
the
ref/envelope-security-item
branch
from
2247ca8
to
36b9957
Compare
|
I'm not particularly proud about the changes in @untitaker what do you think of this approach? Would you prefer something different? |
|
I think this is fine, I am not sure I understand the concern.
We have dedicated interfaces for each of the security types so this type of inference seems almost trivial? But honestly I don't care if we materialize the event type upfront |
|
Moved the event type into |
Introduces a separate item type for security events: `ItemType::Security`. This type allows for easy detection of security events without parsing the body. Other than that, it behaves exactly the same as `ItemType::Event`. To create this item in event ingestion, the `apply_to_event` family of functions also sets the event type. The main processing function then uses this event type to create the appropriate item. Raw security reports as submitted by the browser go into `ItemType::RawSecurity`. In ingestion, this item is parsed, transformed into a security event and then put into `ItemType::Security`.
Introduces a separate item type for security events:
ItemType::Security. This type allows for easy detection of security events without parsing the body. Other than that, it behaves exactly the same asItemType::Event.To create this item in event ingestion, the
apply_to_eventfamily of functions also sets the event type. The main processing function then uses this event type to create the appropriate item.Raw security reports as submitted by the browser go into
ItemType::RawSecurity. In ingestion, this item is parsed, transformed into a security event and then put intoItemType::Security.Changelog (Internal): Security events (CSP, Expect-CT, Expect-Staple, and HPKP) are now placed into a dedicated
securityitem in envelopes, rather than the generic event item. This allows for quick detection of the event type for rate limiting.