feat(security): migrate content scanning and bounce detection to Rust security bridge; add scanContent IPC command and Rust content scanner with tests; update TS RustSecurityBridge and callers, and adjust CI package references

2026-02-10 21:19:13 +00:00
parent b82468ab1e
commit 15a45089aa
21 changed files with 844 additions and 1530 deletions
--- a/dist_ts/security/classes.contentscanner.d.ts
+++ b/dist_ts/security/classes.contentscanner.d.ts
@@ -54,9 +54,6 @@ export declare class ContentScanner {
    private static instance;
    private scanCache;
    private options;
-    private static readonly MALICIOUS_PATTERNS;
-    private static readonly EXECUTABLE_EXTENSIONS;
-    private static readonly MACRO_DOCUMENT_EXTENSIONS;
    /**
     * Default options for the content scanner
     */
@@ -73,7 +70,9 @@ export declare class ContentScanner {
     */
    static getInstance(options?: IContentScannerOptions): ContentScanner;
    /**
-     * Scan an email for malicious content
+     * Scan an email for malicious content.
+     * Delegates text/subject/html/filename pattern scanning to Rust.
+     * Binary attachment scanning (PE headers, VBA macros) stays in TS.
     * @param email The email to scan
     * @returns Scan result
     */
@@ -85,41 +84,19 @@ export declare class ContentScanner {
     */
    private generateCacheKey;
    /**
-     * Scan email subject for threats
-     * @param subject The subject to scan
-     * @param result The scan result to update
-     */
-    private scanSubject;
-    /**
-     * Scan plain text content for threats
-     * @param text The text content to scan
-     * @param result The scan result to update
-     */
-    private scanTextContent;
-    /**
-     * Scan HTML content for threats
-     * @param html The HTML content to scan
-     * @param result The scan result to update
-     */
-    private scanHtmlContent;
-    /**
-     * Scan an attachment for threats
+     * Scan attachment binary content for PE headers and VBA macros.
+     * This stays in TS because it accesses raw Buffer data (too large for IPC).
     * @param attachment The attachment to scan
     * @param result The scan result to update
     */
-    private scanAttachment;
+    private scanAttachmentBinary;
    /**
-     * Extract links from HTML content
-     * @param html HTML content
-     * @returns Array of extracted links
+     * Apply custom rules (runtime-configured patterns) to the email.
+     * These stay in TS because they are configured at runtime.
+     * @param email The email to check
+     * @param result The scan result to update
     */
-    private extractLinksFromHtml;
-    /**
-     * Extract plain text from HTML
-     * @param html HTML content
-     * @returns Extracted text
-     */
-    private extractTextFromHtml;
+    private applyCustomRules;
    /**
     * Extract text from a binary buffer for scanning
     * @param buffer Binary content
@@ -128,17 +105,10 @@ export declare class ContentScanner {
    private extractTextFromBuffer;
    /**
     * Check if an Office document likely contains macros
-     * This is a simplified check - real implementation would use specialized libraries
     * @param attachment The attachment to check
     * @returns Whether the file likely contains macros
     */
    private likelyContainsMacros;
-    /**
-     * Map a pattern category to a threat type
-     * @param category The pattern category
-     * @returns The corresponding threat type
-     */
-    private mapCategoryToThreatType;
    /**
     * Log a high threat finding to the security logger
     * @param email The email containing the threat