Struct ScannerConfig 

pub struct ScannerConfig {
    pub unicode_detection: bool,
    pub injection_detection: bool,
    pub path_traversal_detection: bool,
    pub xss_detection: Option<bool>,
    pub crypto_detection: bool,
    pub enhanced_mode: Option<bool>,
    pub custom_patterns: Option<PathBuf>,
    pub max_scan_depth: usize,
    pub enable_event_buffer: bool,
    pub max_content_size: usize,
    pub max_input_size: Option<usize>,
}

Scanner configuration for threat detection settings

Security Implications

The scanner is your first line of defense against malicious input:

• Disabling any detection reduces security coverage
• Custom patterns can detect organization-specific threats
• Scan depth limits prevent algorithmic complexity attacks
• Enhanced mode provides better detection at a performance cost

Example: Secure Production Configuration

[scanner]
unicode_detection = true      # Detect unicode attacks
injection_detection = true    # Detect SQL/command injection
path_traversal_detection = true  # Detect directory traversal
xss_detection = true         # Detect XSS attempts
enhanced_mode = true         # Maximum security (if available)
max_scan_depth = 20          # Deep scanning for nested payloads
custom_patterns = "/etc/kindly-guard/patterns.toml"

Fields

unicode_detection: bool

Enable unicode threat detection

Default: true (secure by default) Security: Detects BiDi overrides, zero-width chars, homoglyphs. Essential for preventing unicode-based attacks and spoofing. Warning: Disabling exposes you to text direction manipulation

injection_detection: bool

Enable injection detection

Default: true (secure by default) Security: Detects SQL, NoSQL, command, and LDAP injection attempts. Critical for preventing code execution and data breaches. Coverage: SQL, shell commands, LDAP queries, NoSQL operations

path_traversal_detection: bool

Enable path traversal detection

Default: true (secure by default) Security: Detects attempts to access files outside intended directories. Prevents unauthorized file access and directory listing. Patterns: ../, .., absolute paths, URL encoding variants

xss_detection: Option<bool>

Enable XSS detection

Default: Some(true) (secure by default) Security: Detects cross-site scripting attempts in various contexts. Essential for web-facing applications and APIs. Coverage: Script tags, event handlers, data URIs, SVG attacks

crypto_detection: bool

Enable cryptographic security detection

Default: true (secure by default) Security: Detects weak cryptographic patterns and insecure implementations. Critical for preventing cryptographic vulnerabilities and data exposure. Coverage: Deprecated algorithms (MD5, SHA1, DES), weak keys, insecure RNG, bad KDF 2025 Standards: Enforces current NIST recommendations for key sizes and algorithms

enhanced_mode: Option<bool>

Enable enhanced mode for scanners (uses advanced algorithms when available)

Default: Some(false) (standard mode) Security: Enhanced mode provides deeper analysis and pattern correlation. Better detection accuracy at the cost of some performance. Trade-off: 10-20% performance impact for 50%+ better detection

custom_patterns: Option<PathBuf>

Custom threat patterns file

Default: None Security: Add organization-specific threat patterns. Useful for detecting internal security policies violations. Format: TOML file with regex patterns and metadata Example: /etc/kindly-guard/custom-patterns.toml

max_scan_depth: usize

Maximum scan depth for nested structures

Default: 10 Security: Prevents algorithmic complexity attacks through deep nesting. Lower values are more secure but may miss deeply nested threats. Range: 1-100 (recommend 5-20 for most use cases) Warning: Values > 50 may cause performance issues

enable_event_buffer: bool

Enable high-performance event buffer

Default: false (standard mode) Security: Enables advanced correlation and pattern matching. Provides “purple shield” mode with enhanced threat detection. Requirements: Additional memory (10-50MB depending on load)

max_content_size: usize

Maximum content size to scan (in bytes)

Default: 5MB (5,242,880 bytes) Security: Prevents DoS attacks through large payload scanning. Content larger than this will be rejected with a DosPotential threat. Range: 1KB-100MB (recommend 1-10MB for most use cases) Trade-off: Larger values allow bigger legitimate payloads but increase DoS risk

max_input_size: Option<usize>

Maximum input size to scan (alias for max_content_size)

Default: Uses max_content_size value Security: Some tests expect this field name. This is an alias for backwards compatibility.

Trait Implementations

impl Clone for ScannerConfig

fn clone(&self) -> ScannerConfig

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ScannerConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for ScannerConfig

fn default() -> ScannerConfig

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for ScannerConfig

fn deserialize<__D>( __deserializer: __D, ) -> Result<ScannerConfig, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Serialize for ScannerConfig

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.