Expand description
Request body decompression with ratio limits
This module provides safe decompression of request bodies for WAF/agent inspection. It implements ratio limiting to prevent “zip bomb” attacks where a small compressed payload expands to an enormous size.
§Security Features
- Ratio limiting: Stops decompression if output/input ratio exceeds threshold
- Size limiting: Stops decompression if output exceeds max bytes
- Incremental checking: Ratio checked during decompression, not just at end
§Supported Encodings
- gzip (Content-Encoding: gzip)
- deflate (Content-Encoding: deflate)
- brotli (Content-Encoding: br)
§Example
ⓘ
use sentinel_proxy::decompression::{decompress_body, DecompressionConfig};
let config = DecompressionConfig {
max_ratio: 100.0,
max_output_bytes: 10 * 1024 * 1024, // 10MB
};
let result = decompress_body(&compressed_data, "gzip", &config)?;Structs§
- Decompression
Config - Decompression configuration
- Decompression
Result - Decompression result with metadata
- Decompression
Stats - Statistics for decompression operations
Enums§
- Decompression
Error - Decompression errors
Functions§
- decompress_
body - Decompress body data with ratio and size limits
- decompress_
body_ with_ stats - Wrapper for decompressing body with statistics tracking
- is_
supported_ encoding - Check if the content encoding is supported for decompression
- parse_
content_ encoding - Parse Content-Encoding header to determine encoding type