Skip to main content

Shield

nexus_shield

Struct Shield 

Source 
pub struct Shield {
    pub config: ShieldConfig,
    pub audit: Arc<AuditChain>,
    pub rate_governor: Arc<RateGovernor>,
    pub fingerprinter: Arc<Fingerprinter>,
    pub email_limiter: Arc<EmailRateLimiter>,
    pub endpoint: Option<Arc<EndpointEngine>>,
}
Expand description

Core security engine that orchestrates all NexusShield components.

Fields§

§config: ShieldConfig§audit: Arc<AuditChain>§rate_governor: Arc<RateGovernor>§fingerprinter: Arc<Fingerprinter>§email_limiter: Arc<EmailRateLimiter>§endpoint: Option<Arc<EndpointEngine>>

Implementations§

Source§

impl Shield

Source

pub fn new(config: ShieldConfig) -> Self

Source

pub fn validate_sql(&self, sql: &str) -> Result<(), ShieldError>

Validate a SQL query through the AST-based firewall.

Source

pub fn validate_url(&self, url: &str) -> Result<(), ShieldError>

Validate a URL through the SSRF guard.

Source

pub fn validate_ip(&self, ip: &str) -> Result<(), ShieldError>

Validate an IP address through the SSRF guard.

Source

pub fn validate_connection_string( &self, conn_str: &str, ) -> Result<String, ShieldError>

Validate and sanitize a database connection string.

Source

pub fn validate_file_path(&self, path: &str) -> Result<(), ShieldError>

Validate a file path (SQLite database path).

Source

pub fn quarantine_csv(&self, content: &str) -> Result<(), ShieldError>

Run imported CSV data through quarantine validation.

Source

pub fn quarantine_json(&self, json: &str) -> Result<(), ShieldError>

Validate a JSON response from an external source.

Source

pub fn validate_email_address(&self, addr: &str) -> Result<(), ShieldError>

Validate an email address for format, domain safety, and injection.

Source

pub fn validate_email_header( &self, field_name: &str, value: &str, ) -> Result<(), ShieldError>

Validate a header field (subject, name, ticket_id) for injection.

Source

pub fn validate_email_content( &self, field_name: &str, value: &str, ) -> Result<(), ShieldError>

Validate content that will be interpolated into an HTML email template.

Source

pub fn check_email_rate(&self, recipient: &str) -> Result<(), ShieldError>

Check per-recipient email rate limit (anti-bombing).

Source

pub fn validate_outbound_email( &self, to: &[&str], subject: &str, body_fields: &[(&str, &str)], ) -> Result<(), ShieldError>

Full outbound email validation: addresses, headers, content, and rate limits.

Source

pub fn escape_email_content(value: &str) -> String

HTML-escape user content for safe template interpolation.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more