Skip to main content

MappingStore

sanitize_engine::store

Struct MappingStore 

Source 
pub struct MappingStore { /* private fields */ }
Expand description

Thread-safe concurrent one-way replacement store.

Caches forward mappings for per-run consistency (same input always produces the same output within a run). There is no reverse map, no journal, and no persistence — replacements are one-way only.

See the module-level documentation for concurrency and memory details.

Implementations§

Source§

impl MappingStore

Source

pub fn new( generator: Arc<dyn ReplacementGenerator>, capacity_limit: Option<usize>, ) -> Self

Create a new, empty mapping store.

§Arguments
  • generator — replacement strategy (HMAC or random).
  • capacity_limit — optional max number of unique mappings.
Source

pub fn new_with_allowlist( generator: Arc<dyn ReplacementGenerator>, capacity_limit: Option<usize>, allowlist: Arc<AllowlistMatcher>, ) -> Self

Create a new store with an allowlist. Values matching the allowlist are returned unchanged and never recorded in the forward map.

Source

pub fn allowlist(&self) -> Option<&Arc<AllowlistMatcher>>

Return the allowlist attached to this store, if any.

Source

pub fn get_or_insert( &self, category: &Category, original: &str, ) -> Result<CompactString>

Get or create the sanitized replacement for (category, original).

This is the primary API for one-way sanitization.

Hot-path allocation: When the value is already cached, this method is allocation-free. The inner DashMap::get accepts &str directly via ZeroizingString: Borrow<str>, so no temporary String is constructed.

Thread-safety: Uses DashMap::entry() which holds a shard-level lock only for the duration of the insert closure. The generator is called inside the lock, but generation is fast (one HMAC or one RNG call). Capacity enforcement uses compare_exchange to prevent TOCTOU over-insertion.

Per-run consistency: Once a value is mapped, all subsequent lookups return the same sanitized value (first-writer-wins).

§Errors

Returns SanitizeError::CapacityExceeded if the store has reached its configured capacity limit.

Source

pub fn forward_lookup( &self, category: &Category, original: &str, ) -> Option<CompactString>

Look up an existing forward mapping without creating one.

Source

pub fn len(&self) -> usize

Number of unique mappings in the store.

Source

pub fn is_empty(&self) -> bool

Whether the store is empty.

Source

pub fn clear(&mut self)

Remove all mappings, zeroizing the original plaintexts.

This is useful for resetting the store between runs without dropping and recreating it.

Source

pub fn snapshot(&self) -> usize

Snapshot the current insertion count.

Returns an opaque usize that can be passed to Self::iter_since to iterate only the entries added after this point — useful for finding which mappings a structured processor pass discovered without building a full HashSet of all existing keys.

O(1), no allocation.

Source

pub fn iter_since( &self, snapshot: usize, ) -> impl Iterator<Item = (Category, CompactString, CompactString)> + '_

Iterate over entries added at or after the given snapshot.

snapshot is the value returned by a previous call to Self::snapshot. Entries whose insertion index is ≥ snapshot are yielded; older entries are skipped. Still O(n) in total store size, but avoids allocating a HashSet of all prior keys.

Implementation note: the inner .collect::<Vec<_>>() inside the flat_map is required to release the DashMap shard lock before yielding items — it allocates one Vec per category shard visited.

Source

pub fn iter( &self, ) -> impl Iterator<Item = (Category, CompactString, CompactString)> + '_

Iterate over all mappings. Yields (category, original, sanitized).

Note: iteration over DashMap is not snapshot-consistent if concurrent inserts are happening. Call this after all workers have finished.

Implementation note: allocates one Vec per category shard to release the DashMap shard lock between categories.

Trait Implementations§

Source§

impl Drop for MappingStore

Zeroize original keys stored in the forward map on drop. Dropping the outer DashMap triggers Arc::drop for each inner map; when the last Arc drops, ZeroizingString::drop runs for every key, overwriting the plaintext before the memory is freed.

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)
Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more