secure_boundary/lib.rs
1#![forbid(unsafe_code)]
2#![deny(missing_docs)]
3//! `secure_boundary` — Input validation, secure extractors, security headers, and browser protections (OWASP C4 + C5 + C8).
4//!
5//! # Feature Overview
6//!
7//! The crate ships a framework-neutral core plus optional HTTP framework
8//! adapters. Pick exactly one of `axum` or `actix-web` (or both):
9//!
10//! | Feature flag | Default | Enables |
11//! |---|---|---|
12//! | `axum` | ✅ | [`SecureJson`] / [`SecureQuery`] / [`SecurePath`] as `FromRequest[Parts]`; [`SecurityHeadersLayer`] / [`FetchMetadataLayer`] as tower layers; [`cors::secure_cors_defaults`]; [`SecureXml`] |
13//! | `actix-web` | | `SecureJson<T>` as an actix `FromRequest`; `SecurityHeadersTransform` / `FetchMetadataTransform` actix middleware (see [`actix`]) |
14//! | `html-sanitize` | | HTML sanitization helpers backed by `ammonia` |
15//! | `mobile-platform` | | Mobile-specific platform guards |
16//!
17//! Both `axum` and `actix-web` can be enabled at the same time (useful when a
18//! workspace hosts services on different frameworks). `--no-default-features`
19//! disables both and keeps only the framework-neutral types
20//! (validation, `SafeUrl`, safe-types, limits, IDs).
21//!
22//! # What this crate gives you
23//!
24//! - [`SecureValidate`] trait for structured four-stage validation pipelines
25//! - [`SecureJson`], [`SecureQuery`], [`SecurePath`] framework extractors
26//! - [`SecureXml`] axum extractor with XXE prevention (`axum` feature)
27//! - [`SecurityHeadersLayer`] middleware for OWASP security headers and CSP nonces
28//! - [`cors::secure_cors_defaults`] and [`cors::SecureCorsBuilder`] for secure-by-default CORS (`axum` feature)
29//! - [`FetchMetadataLayer`] for blocking unsafe cross-site browser requests
30//! - [`BoundaryRejection`] error type with safe HTTP response mapping
31//! - [`BoundaryViolation`] for flowing violations into the security events subsystem
32//! - Safe types: [`safe_types::SafePath`], [`safe_types::SafeFilename`],
33//! [`safe_types::SafeCommandArg`], [`safe_types::SafeUrl`],
34//! [`safe_types::SafeRedirectUrl`], [`safe_types::SqlIdentifier`],
35//! [`safe_types::LdapSafeString`]
36//! - [`sanitize_header_value`] for CRLF injection prevention
37//! - Input normalization, strict deserialization, and configurable request limits
38//!
39//! # Framework selection quickstart
40//!
41//! ```toml
42//! # Axum (default)
43//! secure_boundary = "0.1"
44//!
45//! # Actix-web 4
46//! secure_boundary = { version = "0.1", default-features = false, features = ["actix-web"] }
47//!
48//! # Both frameworks in the same crate
49//! secure_boundary = { version = "0.1", features = ["actix-web"] }
50//! ```
51
52pub mod attack_signal;
53pub mod content_type;
54#[cfg(feature = "axum")]
55pub mod cors;
56pub mod dto;
57pub mod error;
58pub mod extract;
59pub mod fetch_metadata;
60pub mod header_sanitize;
61pub mod headers;
62pub mod id;
63pub mod limits;
64pub mod normalize;
65pub mod safe_types;
66pub mod serde;
67pub mod validate;
68#[cfg(feature = "axum")]
69pub mod xml;
70
71#[cfg(feature = "html-sanitize")]
72pub mod sanitize;
73
74#[cfg(feature = "mobile-platform")]
75pub mod platform;
76
77/// Actix-web 4 integration — adapters for `SecureJson<T>`,
78/// `SecurityHeadersLayer`, and `FetchMetadataLayer`.
79///
80/// Gated on the `actix-web` feature. See [the integration guide] for
81/// copy-paste examples.
82///
83/// [the integration guide]: https://github.com/kerberosmansour/SunLitSecurityLibraries/blob/main/docs/dev-guide/secure_boundary-actix.md
84#[cfg(feature = "actix-web")]
85pub mod actix;
86
87/// Kani proof harnesses (compiled only under `cargo kani`).
88/// See `docs/dev-guide/formal-verification.md`.
89#[cfg(kani)]
90mod proofs;
91
92pub use attack_signal::{BoundaryViolation, ViolationKind};
93#[cfg(feature = "axum")]
94pub use cors::{secure_cors_defaults, CorsConfigError, SecureCorsBuilder};
95pub use dto::SecureDto;
96pub use error::BoundaryRejection;
97pub use extract::{SecureJson, SecurePath, SecureQuery};
98pub use fetch_metadata::FetchMetadataLayer;
99pub use header_sanitize::sanitize_header_value;
100pub use headers::{CspNonce, SecurityHeadersLayer};
101pub use id::{OpaquePublicId, OrderId, TenantId, UserId};
102pub use limits::RequestLimits;
103pub use safe_types::{
104 LdapSafeString, SafeCommandArg, SafeFilename, SafePath, SafeRedirectUrl, SafeUrl, SqlIdentifier,
105};
106pub use validate::{SecureValidate, ValidationContext};
107#[cfg(feature = "axum")]
108pub use xml::SecureXml;