1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
//! wafrift-encoding — Payload encoding strategies and header obfuscation.
//!
//! See [`cookie_smuggle`] for RFC 6265-vs-6265bis Cookie-header
//! parser-differential probes (prefix bypass, duplicate-name pairs,
//! quoted-semicolon values, empty-name pairs, control-byte injection,
//! whitespace around `=`).
//!
//! Transforms attack payloads using various encoding strategies
//! (URL, Unicode, HTML entity, SQL comments, etc.) and applies
//! header-level obfuscation techniques for WAF bypass.
//!
//! # Examples
//!
//! Single-pass encoding with one strategy:
//!
//! ```
//! use wafrift_encoding::{Strategy, encode};
//!
//! let payload = "' OR 1=1--";
//! let url_encoded = encode(payload, Strategy::UrlEncode).unwrap();
//! assert!(url_encoded.contains("%27")); // single quote
//! assert!(url_encoded.contains("%20")); // space
//! assert!(url_encoded.contains("%3D")); // equals
//!
//! // Same payload, double-encoded — bypasses single-decode WAFs.
//! let double = encode(payload, Strategy::DoubleUrlEncode).unwrap();
//! assert!(double.contains("%2527"));
//! ```
//!
//! Layered encoding for stronger evasion (HTML-entity-encode the
//! Unicode-escaped form):
//!
//! ```
//! use wafrift_encoding::{Strategy, encode_layered};
//!
//! let result = encode_layered(
//! "<script>",
//! &[Strategy::UnicodeEncode, Strategy::HtmlEntityEncode],
//! ).unwrap();
//! assert!(result.contains('&')); // HTML entity encoded
//! ```
// Re-export the encoding submodule's public API at crate root for ergonomics.
pub use ;
// Re-export error types.
pub use EncodeError;
// Re-export tamper module for convenient access.
pub use ;
/// Largest UTF-8 char-boundary byte index `<= idx` in `s` (and `<= s.len()`).
///
/// §7 canonical home for the "snap a byte offset down to a char boundary"
/// primitive used across the header/cookie/range smuggle builders. These
/// builders cap header values with `String::truncate(N)` and split values at
/// computed byte offsets; their inputs (operator `--credential`, payload
/// seeds) pass through sanitisers that strip only CR/LF/NUL, so multibyte
/// UTF-8 survives and a raw byte index can land mid-codepoint — where
/// `String::truncate` / `&s[..idx]` PANIC. Routing every such site through
/// this one helper keeps them boundary-safe and prevents the three copies
/// (was: `header::char_boundary_near`, `cookie_smuggle`'s local copy, and the
/// open-coded walks) from drifting.
pub