Skip to content

policy: Cybersecurity "Data Export" IP Whitelist #14

New issue
New issue
Open
Open
policy: Cybersecurity "Data Export" IP Whitelist#14
Labels
Securitygood first issueGood for newcomerspolicyWriting CSL policies for business use
@akarlaraytu

Description

@akarlaraytu
akarlaraytu
opened on Feb 15, 2026

📝 Context

An internal data processing agent moves files between servers. We need to ensure it NEVER sends sensitive data to an IP address that isn't on our internal whitelist (e.g., starting with 10.0.).

🎯 The Goal

Write a .csl file that validates the destination IP address.

Variables you can use:

  • destination_ip (String): The IP address the agent is trying to send data to (e.g., "192.168.1.5").
  • data_sensitivity (String): "HIGH", "MEDIUM", or "LOW".

Requirements:

  1. MUST BLOCK if data_sensitivity is "HIGH" AND destination_ip does NOT start with "10.0.".
  2. ALLOW if the data sensitivity is "LOW".
  3. ALLOW if the IP starts with "10.0.".

(Hint: You might need to use a STARTS_WITH or string matching function if supported in CSL, or simulate it with logic).

📚 Resources

  • Start here: docs/getting-started.md
  • String operations: docs/syntax-spec.md

✅ Definition of Done

Submit a PR with a new file: examples/community/ip_whitelist_guard.csl

Metadata

Metadata

Assignees

No one assigned

    Labels

    Securitygood first issueGood for newcomerspolicyWriting CSL policies for business use

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions