Skip to main content

qubit_sanitize/core/
sensitive_field_preset.rs

1/*******************************************************************************
2 *
3 *    Copyright (c) 2026 Haixing Hu.
4 *
5 *    SPDX-License-Identifier: Apache-2.0
6 *
7 *    Licensed under the Apache License, Version 2.0.
8 *
9 ******************************************************************************/
10use super::SensitivityLevel;
11
12/// Predefined groups of sensitive field names.
13#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
14pub enum SensitiveFieldPreset {
15    /// Passwords, client secrets, private keys, and secret-like names.
16    Credentials,
17    /// API keys, access tokens, refresh tokens, and JWT-like names.
18    AuthTokens,
19    /// HTTP authentication and cookie fields.
20    Http,
21    /// Session identifiers and session tokens.
22    Session,
23}
24
25/// Field names for [`SensitiveFieldPreset::Credentials`].
26pub const CREDENTIALS_FIELDS: [(&str, SensitivityLevel); 5] = [
27    ("password", SensitivityLevel::Secret),
28    ("passwd", SensitivityLevel::Secret),
29    ("secret", SensitivityLevel::Secret),
30    ("client_secret", SensitivityLevel::Secret),
31    ("private_key", SensitivityLevel::Secret),
32];
33
34/// Field names for [`SensitiveFieldPreset::AuthTokens`].
35pub const AUTH_TOKEN_FIELDS: [(&str, SensitivityLevel); 9] = [
36    ("api_key", SensitivityLevel::High),
37    ("x_api_key", SensitivityLevel::High),
38    ("token", SensitivityLevel::High),
39    ("access_token", SensitivityLevel::High),
40    ("refresh_token", SensitivityLevel::High),
41    ("id_token", SensitivityLevel::High),
42    ("jwt", SensitivityLevel::High),
43    ("jwt_token", SensitivityLevel::High),
44    ("auth_token", SensitivityLevel::High),
45];
46
47/// Field names for [`SensitiveFieldPreset::Http`].
48pub const HTTP_FIELDS: [(&str, SensitivityLevel); 4] = [
49    ("authorization", SensitivityLevel::High),
50    ("proxy_authorization", SensitivityLevel::High),
51    ("cookie", SensitivityLevel::High),
52    ("set_cookie", SensitivityLevel::High),
53];
54
55/// Field names for [`SensitiveFieldPreset::Session`].
56pub const SESSION_FIELDS: [(&str, SensitivityLevel); 3] = [
57    ("session", SensitivityLevel::Medium),
58    ("session_id", SensitivityLevel::Medium),
59    ("session_token", SensitivityLevel::High),
60];
61
62impl SensitiveFieldPreset {
63    /// Returns the canonical field names and levels for this preset.
64    pub const fn fields(self) -> &'static [(&'static str, SensitivityLevel)] {
65        match self {
66            Self::Credentials => &CREDENTIALS_FIELDS,
67            Self::AuthTokens => &AUTH_TOKEN_FIELDS,
68            Self::Http => &HTTP_FIELDS,
69            Self::Session => &SESSION_FIELDS,
70        }
71    }
72}