fraiseql-confiture 0.3.7__cp311-cp311-macosx_11_0_arm64.whl

confiture/core/linting/libraries/hipaa.py

@@ -0,0 +1,144 @@
+"""HIPAA compliance rule library."""
+
+from __future__ import annotations
+
+from ..composer import RuleLibrary
+from ..versioning import LintSeverity, Rule, RuleVersion
+
+
+class HIPAALibrary(RuleLibrary):
+    """HIPAA compliance rule library (15 rules)."""
+
+    def __init__(self):
+        rules = [
+            Rule(
+                rule_id="hipaa_001",
+                name="encrypt_phi",
+                description="All PII/PHI columns must be encrypted at rest",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_002",
+                name="audit_log_retention",
+                description="Maintain audit logs for minimum 6 years",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_003",
+                name="access_control_logs",
+                description="Log all database access and modifications",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_004",
+                name="no_plaintext_phi",
+                description="PHI must never be stored in plaintext",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_005",
+                name="encryption_key_rotation",
+                description="Encryption keys must be rotated regularly",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_006",
+                name="breach_notification",
+                description="Implement breach notification protocol",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_007",
+                name="user_authentication",
+                description="Multi-factor authentication required for access",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_008",
+                name="session_timeout",
+                description="Sessions must timeout after inactivity period",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_009",
+                name="data_segregation",
+                description="Patient data must be properly segregated",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_010",
+                name="backup_encryption",
+                description="All backups must be encrypted",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_011",
+                name="disaster_recovery",
+                description="Disaster recovery plan must be documented",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_012",
+                name="integrity_verification",
+                description="Implement data integrity verification",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_013",
+                name="transmission_encryption",
+                description="All data transmission must be encrypted",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_014",
+                name="authorization_control",
+                description="Implement role-based access control",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="hipaa_015",
+                name="audit_controls",
+                description="Implement comprehensive audit controls",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+        ]
+
+        # Verify rule count matches docstring
+        assert len(rules) == 15, f"Expected 15 rules in HIPAALibrary, got {len(rules)}"
+
+        super().__init__(
+            name="HIPAA",
+            version=RuleVersion(major=1, minor=0, patch=0),
+            rules=rules,
+            tags=["healthcare", "compliance", "phi", "hipaa"],
+        )

confiture/core/linting/libraries/pci_dss.py

@@ -0,0 +1,104 @@
+"""PCI-DSS compliance rule library."""
+
+from __future__ import annotations
+
+from ..composer import RuleLibrary
+from ..versioning import LintSeverity, Rule, RuleVersion
+
+
+class PCI_DSSLibrary(RuleLibrary):
+    """PCI-DSS compliance rule library (10 rules)."""
+
+    def __init__(self):
+        rules = [
+            Rule(
+                rule_id="pci_dss_001",
+                name="cardholder_data_encryption",
+                description="Cardholder data must be encrypted at rest and in transit",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_002",
+                name="no_default_credentials",
+                description="No default credentials allowed in database",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_003",
+                name="no_plaintext_cardholder_data",
+                description="Cardholder data must never be stored in plaintext",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_004",
+                name="access_control",
+                description="Implement strong access control (need-to-know basis)",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_005",
+                name="vulnerability_scanning",
+                description="Regular vulnerability scanning required",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_006",
+                name="firewall_configuration",
+                description="Maintain firewall configuration standards",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_007",
+                name="audit_trail",
+                description="Maintain audit trail of all access to cardholder data",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_008",
+                name="secure_deletion",
+                description="Implement secure deletion for sensitive data",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_009",
+                name="key_management",
+                description="Implement encryption key management procedures",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="pci_dss_010",
+                name="security_testing",
+                description="Regular security testing and assessment required",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+        ]
+
+        # Verify rule count matches docstring
+        assert len(rules) == 10, f"Expected 10 rules in PCI_DSSLibrary, got {len(rules)}"
+
+        super().__init__(
+            name="PCI-DSS",
+            version=RuleVersion(major=1, minor=0, patch=0),
+            rules=rules,
+            tags=["payment", "compliance", "pci-dss", "security"],
+        )

confiture/core/linting/libraries/sox.py

@@ -0,0 +1,120 @@
+"""SOX (Sarbanes-Oxley) compliance rule library."""
+
+from __future__ import annotations
+
+from ..composer import RuleLibrary
+from ..versioning import LintSeverity, Rule, RuleVersion
+
+
+class SOXLibrary(RuleLibrary):
+    """SOX compliance rule library (12 rules)."""
+
+    def __init__(self):
+        rules = [
+            Rule(
+                rule_id="sox_001",
+                name="financial_data_integrity",
+                description="Financial data integrity must be maintained",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_002",
+                name="audit_trail_required",
+                description="Complete audit trail of all changes required",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_003",
+                name="change_authorization",
+                description="All database changes must be authorized",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_004",
+                name="segregation_of_duties",
+                description="Segregation of duties must be enforced",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_005",
+                name="access_logging",
+                description="All database access must be logged",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.CRITICAL,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_006",
+                name="retention_policy",
+                description="Data retention policy must be documented",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_007",
+                name="backup_integrity",
+                description="Backups must maintain data integrity",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_008",
+                name="disaster_recovery_testing",
+                description="Disaster recovery must be tested regularly",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_009",
+                name="change_tracking",
+                description="Track who made what changes and when",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_010",
+                name="reconciliation",
+                description="Regular reconciliation of accounts required",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_011",
+                name="control_testing",
+                description="Controls must be tested regularly",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.WARNING,
+                enabled_by_default=True,
+            ),
+            Rule(
+                rule_id="sox_012",
+                name="documentation_requirement",
+                description="All migrations must be thoroughly documented",
+                version=RuleVersion(1, 0, 0),
+                severity=LintSeverity.ERROR,
+                enabled_by_default=True,
+            ),
+        ]
+
+        # Verify rule count matches docstring
+        assert len(rules) == 12, f"Expected 12 rules in SOXLibrary, got {len(rules)}"
+
+        super().__init__(
+            name="SOX",
+            version=RuleVersion(major=1, minor=0, patch=0),
+            rules=rules,
+            tags=["finance", "compliance", "sox", "auditing"],
+        )