path_security/
constants.rs1pub const MAX_PATH_LENGTH: usize = 4096;
5pub const MAX_FILENAME_LENGTH: usize = 255;
6pub const MAX_PROJECT_NAME_LENGTH: usize = 64;
7
8pub const MAX_SYMLINK_CHAIN_LENGTH: usize = 100;
10
11pub const UTF16_NULL_BYTE_THRESHOLD: f32 = 0.25; pub const SUSPICIOUS_ENCODED_PATTERNS: &[&str] = &[
16 "%2e", "%2E", "%2f", "%2F", "%5c", "%5C", "%00", "%0a", "%0A", "%0d", "%0D", ];
23
24pub const OVERLONG_UTF8_PATTERNS: &[&str] = &[
25 "%c0%ae", "%c0%af", "%c1%9c", "%c0%2e", "%e0%80%ae", ];
31
32pub const TRAVERSAL_PATTERNS: &[&str] = &[
33 "..",
34 "...", "....", ". .", ". . ", ".\t.", ".|.", ];
41
42pub const NESTED_TRAVERSAL_PATTERNS: &[&str] = &[
43 "....//", "....\\/", "..../", "....\\\\", ".|./", ".|\\/", ];
50
51pub const DANGEROUS_SEPARATORS: &[char] = &[';', '\t', '\n', '\r'];
52
53pub const WINDOWS_RESERVED_NAMES: &[&str] = &[
54 "CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4",
55 "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2",
56 "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"
57];
58
59pub const DANGEROUS_PROTOCOLS: &[&str] = &[
60 "file://", "file:/",
61 "http://", "https://",
62 "ftp://", "ftps://", "sftp://",
63 "gopher://", "data:", "javascript:",
64 "vbscript:", "jar:", "php://",
65];
66
67pub const SYSTEM_PATHS: &[&str] = &[
68 "/proc/", "/sys/", "/dev/",
69 "C:\\Windows\\System32", "C:\\Windows\\Temp",
70 "/tmp/", "/var/tmp/",
71 "/etc/", "/boot/",
72];
73
74pub const SUSPICIOUS_PATTERNS: &[&str] = &[
75 "~", "$", "\0", "\\", ];