qubit-sanitize 0.2.0

Reusable field and structured object sanitization utilities for Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

/*******************************************************************************
 *
 *    Copyright (c) 2026 Haixing Hu.
 *
 *    SPDX-License-Identifier: Apache-2.0
 *
 *    Licensed under the Apache License, Version 2.0.
 *
 ******************************************************************************/
use super::SensitivityLevel;

/// Predefined groups of sensitive field names.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
pub enum SensitiveFieldPreset {
    /// Passwords, client secrets, private keys, and secret-like names.
    Credentials,
    /// API keys, access tokens, refresh tokens, and JWT-like names.
    AuthTokens,
    /// HTTP authentication and cookie fields.
    Http,
    /// Session identifiers and session tokens.
    Session,
}

/// Field names for [`SensitiveFieldPreset::Credentials`].
pub const CREDENTIALS_FIELDS: [(&str, SensitivityLevel); 5] = [
    ("password", SensitivityLevel::Secret),
    ("passwd", SensitivityLevel::Secret),
    ("secret", SensitivityLevel::Secret),
    ("client_secret", SensitivityLevel::Secret),
    ("private_key", SensitivityLevel::Secret),
];

/// Field names for [`SensitiveFieldPreset::AuthTokens`].
pub const AUTH_TOKEN_FIELDS: [(&str, SensitivityLevel); 9] = [
    ("api_key", SensitivityLevel::High),
    ("x_api_key", SensitivityLevel::High),
    ("token", SensitivityLevel::High),
    ("access_token", SensitivityLevel::High),
    ("refresh_token", SensitivityLevel::High),
    ("id_token", SensitivityLevel::High),
    ("jwt", SensitivityLevel::High),
    ("jwt_token", SensitivityLevel::High),
    ("auth_token", SensitivityLevel::High),
];

/// Field names for [`SensitiveFieldPreset::Http`].
pub const HTTP_FIELDS: [(&str, SensitivityLevel); 4] = [
    ("authorization", SensitivityLevel::High),
    ("proxy_authorization", SensitivityLevel::High),
    ("cookie", SensitivityLevel::High),
    ("set_cookie", SensitivityLevel::High),
];

/// Field names for [`SensitiveFieldPreset::Session`].
pub const SESSION_FIELDS: [(&str, SensitivityLevel); 3] = [
    ("session", SensitivityLevel::Medium),
    ("session_id", SensitivityLevel::Medium),
    ("session_token", SensitivityLevel::High),
];

impl SensitiveFieldPreset {
    /// Returns the canonical field names and levels for this preset.
    pub const fn fields(self) -> &'static [(&'static str, SensitivityLevel)] {
        match self {
            Self::Credentials => &CREDENTIALS_FIELDS,
            Self::AuthTokens => &AUTH_TOKEN_FIELDS,
            Self::Http => &HTTP_FIELDS,
            Self::Session => &SESSION_FIELDS,
        }
    }
}