compliance/examples/rules/security_rule_https.yaml

id: https-only-rule
name: HTTPS强制使用规则
description: 验证API是否只使用HTTPS协议，确保通信安全
category: Security
version: 1.0.0
severity: error
is_enabled: true
tags:
  - security
  - https
  - encryption
target_type: APIRequest
lifecycle: RequestPreparation
scope: Security
check_type: transport_security
expected_value: https
code: |
  def validate(context):
      request = context.get('api_request')
      if not request:
          return {'is_valid': False, 'message': '缺少API请求对象'}
          
      url = str(request.url)
      
      if not url.startswith('https://'):
          return {
              'is_valid': False, 
              'message': 'API请求必须使用HTTPS协议',
              'details': {
                  'current_url': url,
                  'expected_protocol': 'https'
              }
          }
      
      return {
          'is_valid': True,
          'message': 'API请求使用了HTTPS协议',
          'details': {
              'url': url
          }
      }