And welcome to the user guide for Paralegal, a static analysis tool for finding privacy issues in Rust applications. Below you’ll find the Step-by-Step guide, which is recommended for anyone just starting out with Paralegal. It will guide you through installation steps and develop a first policy with you. Below that we also have a high-level introduction what Paralegal is all about, followed by a more comprehensive reference on the tools, concepts and workflows for using Paralegal.
Please report any issues with the tool or this guide on GitHub: https://github.com/brownsys/paralegal/issues.
Paralegal is a static analyzer for Rust code that enforces custom policies on a program by reasoning about the dependencies that are permissible or required to exist in a program.
Each policy is grounded by markers, which are user-defined high-level concepts, such as disclosure, user data or externalization. Developers are responsible for understanding which functions and types embody the concepts described by the markers and attach them accordingly using annotations. They serve a dual purpose: providing a degree of separation between source code and policy, and focusing the analysis on the most important parts of the code.
Policies are user-defined predicates over marked values. For instance a policy writer may specify that any node marked input that reaches a node marked store may do so only transitively via a node marked encrypt. In this manner markers abstract away some of the low level detail of the application code and allow the policy writer to reason about the high-level concepts described by the markers instead.
Navigating the Paralegal Repository