Skip to main content

SecurityRuleId

pi::extension_preflight

Enum SecurityRuleId 

Source 
pub enum SecurityRuleId {

Show 26 variants    EvalUsage,
    NewFunctionUsage,
    ProcessBinding,
    ProcessDlopen,
    ProtoPollution,
    RequireCacheManip,
    HardcodedSecret,
    DynamicImport,
    DefinePropertyAbuse,
    NetworkExfiltration,
    SensitivePathWrite,
    ProcessEnvAccess,
    TimerAbuse,
    ProxyReflect,
    WithStatement,
    DebuggerStatement,
    ConsoleInfoLeak,
    ChildProcessSpawn,
    ConstructorEscape,
    NativeModuleRequire,
    GlobalMutation,
    SymlinkCreation,
    PermissionChange,
    SocketListener,
    WebAssemblyUsage,
    ArgumentsCallerAccess,

}
Expand description

Stable rule identifiers. Each variant is a versioned detection rule whose semantics are frozen once shipped. Add new variants; never rename or redefine existing ones.

Variants§

§

EvalUsage

Dynamic code execution via eval().

§

NewFunctionUsage

Dynamic code execution via new Function(...).

§

ProcessBinding

Native module loading via process.binding().

§

ProcessDlopen

Native addon loading via process.dlopen().

§

ProtoPollution

Prototype pollution via __proto__ assignment.

§

RequireCacheManip

require.cache manipulation for module hijacking.

§

HardcodedSecret

Hardcoded secret or API key pattern.

§

DynamicImport

Dynamic import() expression (runtime code loading).

§

DefinePropertyAbuse

Object.defineProperty on global or prototype objects.

§

NetworkExfiltration

Network exfiltration pattern (fetch/XMLHttpRequest to constructed URL).

§

SensitivePathWrite

Writes to sensitive filesystem paths.

§

ProcessEnvAccess

process.env access for reading environment variables.

§

TimerAbuse

Timer abuse (very short-interval setInterval).

§

ProxyReflect

Proxy / Reflect interception patterns.

§

WithStatement

with statement usage (scope chain manipulation).

§

DebuggerStatement

debugger statement left in source.

§

ConsoleInfoLeak

console usage that may leak information.

§

ChildProcessSpawn

Command execution via child_process.exec/spawn/execFile/fork.

§

ConstructorEscape

Sandbox escape via constructor.constructor('return this')().

§

NativeModuleRequire

Native addon require via .node/.so/.dylib file extension.

§

GlobalMutation

globalThis/global property mutation (sandbox escape vector).

§

SymlinkCreation

Symlink/hard-link creation for path traversal.

§

PermissionChange

fs.chmod/fs.chown permission elevation.

§

SocketListener

net.createServer/dgram.createSocket unauthorized listeners.

§

WebAssemblyUsage

WebAssembly.instantiate/compile sandbox bypass.

§

ArgumentsCallerAccess

arguments.callee.caller stack introspection.

Implementations§

Source§

impl SecurityRuleId

Source

pub const fn name(self) -> &'static str

Short human-readable name for this rule.

Source

pub const fn default_tier(self) -> RiskTier

Default risk tier for this rule.

Trait Implementations§

Source§

impl Clone for SecurityRuleId

Source§

fn clone(&self) -> SecurityRuleId

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SecurityRuleId

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for SecurityRuleId

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Display for SecurityRuleId

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Hash for SecurityRuleId

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for SecurityRuleId

Source§

fn eq(&self, other: &SecurityRuleId) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for SecurityRuleId

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl Copy for SecurityRuleId

Source§

impl Eq for SecurityRuleId

Source§

impl StructuralPartialEq for SecurityRuleId

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Checks if this value is equivalent to the given key. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, _span: NoopSpan) -> Self

Instruments this future with a span (no-op when disabled).
Source§

fn in_current_span(self) -> Self

Instruments this future with the current span (no-op when disabled).
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> ModelDump for T
where T: Serialize,

Source§

fn model_dump(&self, options: DumpOptions) -> Result<Value, Error>

Serialize a model to a JSON value. Read more
Source§

fn model_dump_json(&self) -> Result<String, Error>

Serialize a model to a JSON string with default options.
Source§

fn model_dump_json_pretty(&self) -> Result<String, Error>

Serialize a model to a pretty-printed JSON string.
Source§

fn model_dump_json_with_options( &self, options: DumpOptions, ) -> Result<String, Error>

Serialize a model to a JSON string with full options support. Read more
Source§

impl<T> ModelValidate for T
where T: DeserializeOwned,

Source§

fn model_validate( input: impl Into<ValidateInput>, options: ValidateOptions, ) -> Result<T, ValidationError>

Create and validate a model from input. Read more
Source§

fn model_validate_json(json: &str) -> Result<Self, ValidationError>

Create and validate a model from JSON string with default options.
Source§

fn model_validate_dict( dict: HashMap<String, Value>, ) -> Result<Self, ValidationError>

Create and validate a model from a HashMap with default options.
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToCompactString for T
where T: Display,

Source§

fn to_compact_string(&self) -> CompactString

Converts the given value to a CompactString. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ParallelSend for T

Source§

impl<T> Send for T
where T: ?Sized,

Source§

impl<T> Sync for T
where T: ?Sized,