llm_security/
constants.rs

1//! Constants for LLM security operations
2
3/// Default maximum code size in bytes (1MB)
4pub const DEFAULT_MAX_CODE_SIZE_BYTES: usize = 1_000_000;
5
6/// Default maximum LLM calls per hour
7pub const DEFAULT_MAX_LLM_CALLS_PER_HOUR: u32 = 100;
8
9/// Default confidence threshold for malicious detection
10pub const DEFAULT_MALICIOUS_THRESHOLD: u32 = 30;
11
12/// Default high-risk threshold for prompt injection
13pub const DEFAULT_HIGH_RISK_THRESHOLD: u32 = 50;
14
15/// Default maximum output size for validation
16pub const DEFAULT_MAX_OUTPUT_SIZE: usize = 100_000;
17
18/// Risk score for regex pattern matches
19pub const REGEX_PATTERN_RISK_SCORE: u32 = 20;
20
21/// Risk score for dangerous keyword matches
22pub const KEYWORD_RISK_SCORE: u32 = 15;
23
24/// Risk score for homoglyph detection
25pub const HOMOGLYPH_RISK_SCORE: u32 = 35;
26
27/// Risk score for RTL override detection
28pub const RTL_OVERRIDE_RISK_SCORE: u32 = 30;
29
30/// Risk score for markdown manipulation detection
31pub const MARKDOWN_MANIPULATION_RISK_SCORE: u32 = 25;
32
33/// Risk score for hidden unicode detection
34pub const HIDDEN_UNICODE_RISK_SCORE: u32 = 30;
35
36/// Risk score for semantic cloaking detection
37pub const SEMANTIC_CLOAKING_RISK_SCORE: u32 = 30;
38
39/// Risk score for chain-of-thought manipulation
40pub const CHAIN_OF_THOUGHT_RISK_SCORE: u32 = 25;
41
42/// Risk score for few-shot poisoning
43pub const FEW_SHOT_POISONING_RISK_SCORE: u32 = 25;
44
45/// Risk score for special character ratio
46pub const SPECIAL_CHAR_RISK_SCORE: u32 = 10;
47
48/// Risk score for regex DoS patterns
49pub const REGEX_DOS_RISK_SCORE: u32 = 100;
50
51/// Risk score for steganography detection
52pub const STEGANOGRAPHY_RISK_SCORE: u32 = 90;
53
54/// Risk score for multiple encoding layers
55pub const MULTIPLE_ENCODING_RISK_SCORE: u32 = 80;
56
57/// Risk score for context injection
58pub const CONTEXT_INJECTION_RISK_SCORE: u32 = 85;
59
60/// Maximum special character ratio before flagging
61pub const MAX_SPECIAL_CHAR_RATIO: f32 = 0.3;
62
63/// Maximum alternating case ratio for steganography detection
64pub const MAX_ALTERNATING_CASE_RATIO: f32 = 0.1;
65
66/// Maximum spacing ratio for steganography detection
67pub const MAX_SPACING_RATIO: f32 = 0.33;
68
69/// Maximum UTF-16 null byte ratio for mixed encoding detection
70pub const MAX_UTF16_NULL_RATIO: f32 = 0.25;