wafrift-types 0.3.1

Core types for WAF Rift — Request, Technique, EvasionResult, Config, Error.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

use serde::{Deserialize, Serialize};
use std::time::Instant;
use uuid::Uuid;

#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct OobConfig {
    pub provider: OobProvider,
    pub poll_interval_secs: u64,
    pub timeout_secs: u64,
}

#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub enum OobProvider {
    Interactsh { server: String },
    BurpCollaborator { url: String },
    CustomDns { pattern: String },
}

#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct OobCanary {
    pub id: Uuid,
    pub expected_dns: String,
    pub expected_http_path: String,
    #[serde(skip)]
    pub created_at: Option<Instant>,
}

// `#[non_exhaustive]` future-proofs the enum: downstream pattern matches
// MUST include a `_ =>` arm, so adding a new interaction protocol later
// (HTTP/3, DoH, STUN, etc.) is no longer a breaking change.
//
// SMTP / LDAP / FTP were silently dropped at interactsh_provider.rs's
// `_ =&gt; continue` arm before — meaning Oracle UTL_SMTP-based blind
// SQLi, every LDAP injection, every ftp:// SSRF callback reported
// `OobConfirmation::Timeout` despite the payload actually working.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
#[non_exhaustive]
pub enum OobInteraction {
    DnsQuery {
        query: String,
        source_ip: String,
    },
    HttpRequest {
        path: String,
        headers: Vec<(String, String)>,
        body: Option<String>,
    },
    SmtpMessage {
        // Full interactsh `raw_request` of the SMTP exchange — HELO,
        // MAIL FROM, RCPT TO, DATA. Single string because the wire
        // format is line-delimited and consumers usually grep it.
        raw: String,
        source_ip: String,
    },
    LdapQuery {
        // Distinguished name extracted from the LDAP bind/search the
        // payload caused. Useful for confirming that an LDAP-injection
        // payload reached the directory server.
        dn: String,
        source_ip: String,
    },
    FtpCommand {
        // The FTP command line (USER / PASS / RETR / STOR) that the
        // payload caused the target to issue.
        command: String,
        source_ip: String,
    },
}

#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
pub enum OobConfirmation {
    Confirmed,
    Timeout,
    Error,
}