wafrift_encoding/lib.rs
1//! wafrift-encoding — Payload encoding strategies and header obfuscation.
2//!
3//! Transforms attack payloads using various encoding strategies
4//! (URL, Unicode, HTML entity, SQL comments, etc.) and applies
5//! header-level obfuscation techniques for WAF bypass.
6//!
7//! # Examples
8//!
9//! Single-pass encoding with one strategy:
10//!
11//! ```
12//! use wafrift_encoding::{Strategy, encode};
13//!
14//! let payload = "' OR 1=1--";
15//! let url_encoded = encode(payload, Strategy::UrlEncode).unwrap();
16//! assert!(url_encoded.contains("%27")); // single quote
17//! assert!(url_encoded.contains("%20")); // space
18//! assert!(url_encoded.contains("%3D")); // equals
19//!
20//! // Same payload, double-encoded — bypasses single-decode WAFs.
21//! let double = encode(payload, Strategy::DoubleUrlEncode).unwrap();
22//! assert!(double.contains("%2527"));
23//! ```
24//!
25//! Layered encoding for stronger evasion (HTML-entity-encode the
26//! Unicode-escaped form):
27//!
28//! ```
29//! use wafrift_encoding::{Strategy, encode_layered};
30//!
31//! let result = encode_layered(
32//! "<script>",
33//! &[Strategy::UnicodeEncode, Strategy::HtmlEntityEncode],
34//! ).unwrap();
35//! assert!(result.contains('&')); // HTML entity encoded
36//! ```
37
38#![forbid(unsafe_code)]
39
40pub mod auth_bypass;
41pub mod encoding;
42pub mod error;
43pub mod header;
44pub mod tamper;
45pub mod url_mutate;
46
47// Re-export the encoding submodule's public API at crate root for ergonomics.
48pub use encoding::{
49 Strategy, aggressiveness, all_strategies, encode, encode_layered, layered_combinations,
50};
51
52// Re-export error types.
53pub use error::EncodeError;
54
55// Re-export tamper module for convenient access.
56pub use tamper::{
57 TamperConfig, TamperError, TamperRegistry, TamperStrategy, all_tamper_names, default_registry,
58 tamper,
59};
60
61pub mod contextual;