sentinel_modsec/lib.rs
1//! # sentinel-modsec
2//!
3//! Pure Rust implementation of ModSecurity with full OWASP CRS compatibility.
4//!
5//! This crate provides a complete ModSecurity rule engine without any C/C++ dependencies,
6//! making it easier to deploy, audit, and maintain.
7//!
8//! ## Features
9//!
10//! - Full SecRule language support
11//! - OWASP CRS compatibility (800+ rules)
12//! - Pure Rust libinjection for @detectSQLi/@detectXSS
13//! - Thread-safe, async-ready transaction processing
14//! - Zero external C/C++ dependencies
15//!
16//! ## Quick Start
17//!
18//! ```ignore
19//! use sentinel_modsec::{ModSecurity, Rules, Transaction};
20//!
21//! // Create engine and load rules
22//! let modsec = ModSecurity::new();
23//! let mut rules = Rules::new();
24//! rules.add_plain("SecRuleEngine On")?;
25//! rules.add_file("/etc/modsecurity/crs/rules/*.conf")?;
26//!
27//! // Process a request
28//! let mut tx = modsec.transaction(&rules);
29//! tx.process_uri("/api/users?id=1", "GET", "HTTP/1.1")?;
30//! tx.add_request_header("Host", "example.com")?;
31//! tx.process_request_headers()?;
32//!
33//! // Check for intervention
34//! if let Some(intervention) = tx.intervention() {
35//! println!("Blocked: status={}", intervention.status());
36//! }
37//! ```
38
39#![warn(missing_docs)]
40#![warn(clippy::all)]
41#![deny(unsafe_code)]
42
43pub mod error;
44pub mod parser;
45pub mod variables;
46pub mod operators;
47pub mod transformations;
48pub mod actions;
49pub mod engine;
50pub mod libinjection;
51
52// Re-export main types at crate root
53pub use engine::{ModSecurity, Transaction, Intervention};
54pub use engine::ruleset::{Rules, CompiledRuleset};
55pub use error::{Error, Result};
56
57/// Protocol version for compatibility tracking
58pub const PROTOCOL_VERSION: u32 = 1;
59
60/// Crate version
61pub const VERSION: &str = env!("CARGO_PKG_VERSION");