pub fn null_byte_injection(input: &str) -> StringExpand description
Inserts null byte representations for testing null byte vulnerabilities.
Randomly inserts null byte string representations (%00, \0, \x00, �)
between characters with 25% probability. Uses string representations rather than
actual null bytes to ensure the output remains a valid Rust string. This tests
how systems handle null byte injection attacks.
§Use Cases
- Red Team: Exploit null byte vulnerabilities in file operations
- Path Truncation: Test if systems truncate at null bytes (
file.txt%00.jpg) - Filter Bypass: Bypass extension or content-type validation
- Blue Team: Validate proper null byte handling and sanitization
§Examples
use redstr::null_byte_injection;
let result = null_byte_injection("test.txt");
// Example: "test%00.txt" or "te\x00st.txt" (varies each run)
assert!(result.len() >= "test.txt".len());
// File extension bypass
let file = null_byte_injection("shell.php.jpg");
// Example: "shell.php%00.jpg"
// May be interpreted as "shell.php" if system truncates at null
// Path traversal with null byte
let path = null_byte_injection("../../etc/passwd.txt");
// Example: "../..%00/etc/passwd.txt"