Skip to main content

SchemaLearnerConfig

synapse_pingora::profiler::schema_learner

Struct SchemaLearnerConfig 

Source 
pub struct SchemaLearnerConfig {
    pub max_schemas: usize,
    pub min_samples_for_validation: u32,
    pub max_nesting_depth: usize,
    pub max_fields_per_schema: usize,
    pub string_length_tolerance: f64,
    pub number_value_tolerance: f64,
    pub required_field_threshold: f64,
}
Expand description

Configuration for the schema learner.

§Security Considerations

The tolerance values (string_length_tolerance and number_value_tolerance) directly impact the security posture of schema validation. These multipliers determine how much deviation from learned baselines is permitted before a request is flagged as anomalous.

§Tolerance Trade-offs

  • Lower values (1.0-1.5): Stricter validation, higher security, but may cause false positives if legitimate traffic has natural variance.
  • Higher values (2.0+): More permissive, fewer false positives, but allows attackers more room to inject oversized payloads or extreme values.

§Recommendations

  • Start with default tolerance (1.5) and monitor for false positives
  • For high-security APIs: consider 1.2-1.3
  • For APIs with high variance: consider 1.5-2.0
  • Never set below 1.0 (would reject valid baseline data)

§Example

use synapse_pingora::profiler::SchemaLearnerConfig;

// Stricter configuration for sensitive APIs
let config = SchemaLearnerConfig {
    string_length_tolerance: 1.3,  // 30% buffer above learned max
    number_value_tolerance: 1.25,  // 25% buffer above learned max
    ..Default::default()
};

// Validate config before use
config.validate().expect("Invalid configuration");

Fields§

§max_schemas: usize

Maximum number of endpoint schemas to track.

When this limit is reached, the least recently used (LRU) schema is evicted.

§min_samples_for_validation: u32

Minimum samples required before validation is active.

Until an endpoint has been observed this many times, validation will not flag anomalies. This prevents false positives during the initial learning phase.

§max_nesting_depth: usize

Maximum depth for nested object learning.

Prevents excessive memory usage from deeply nested JSON structures.

§max_fields_per_schema: usize

Maximum fields per schema (memory protection).

Limits the number of fields tracked per endpoint to prevent memory exhaustion from APIs with dynamic or unbounded field sets.

§string_length_tolerance: f64

String length tolerance multiplier for validation.

When validating string fields, the maximum allowed length is: learned_max_length * string_length_tolerance

§Security Impact

  • Lower values (1.0-1.3): Catches buffer overflow attempts more aggressively but may flag legitimate variance as anomalous.
  • Higher values (1.5-2.0): More permissive, reducing false positives but allowing larger payloads that could exploit vulnerabilities.

Default: 1.5 (50% buffer above learned maximum)

§Constraints

Must be >= 1.0. Values below 1.0 would reject strings that were seen in the baseline training data, causing immediate false positives.

§number_value_tolerance: f64

Number value tolerance multiplier for validation.

When validating numeric fields:

  • Maximum allowed: learned_max * number_value_tolerance
  • Minimum allowed: learned_min / number_value_tolerance

§Security Impact

  • Lower values (1.0-1.3): Catches integer overflow attempts and extreme value injection more aggressively.
  • Higher values (1.5-2.0): More permissive for APIs with high numeric variance.

Default: 1.5 (50% buffer on max values, 33% reduction on min values)

§Constraints

Must be >= 1.0. Values below 1.0 would reject values that were seen in the baseline training data, causing immediate false positives.

§required_field_threshold: f64

Required field threshold (fields seen in > threshold% of requests).

Fields that appear in more than this percentage of observed requests are considered “required” and their absence will trigger a MissingField violation.

Default: 0.9 (90% - fields must appear in 90% of samples to be required)

Implementations§

Source§

impl SchemaLearnerConfig

Source

pub fn validate(&self) -> Result<(), ConfigValidationError>

Validates the configuration, ensuring all values are within acceptable ranges.

§Errors

Returns ConfigValidationError if:

  • string_length_tolerance < 1.0
  • number_value_tolerance < 1.0
  • required_field_threshold is not in range [0.0, 1.0]
§Example
use synapse_pingora::profiler::SchemaLearnerConfig;

let config = SchemaLearnerConfig {
    string_length_tolerance: 0.5, // Invalid!
    ..Default::default()
};

assert!(config.validate().is_err());

Trait Implementations§

Source§

impl Clone for SchemaLearnerConfig

Source§

fn clone(&self) -> SchemaLearnerConfig

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SchemaLearnerConfig

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for SchemaLearnerConfig

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for SchemaLearnerConfig

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for SchemaLearnerConfig

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> Downcast for T
where T: Any,

Source§

fn into_any(self: Box<T>) -> Box<dyn Any>

Convert Box<dyn Trait> (where Trait: Downcast) to Box<dyn Any>. Box<dyn Any> can then be further downcast into Box<ConcreteType> where ConcreteType implements Trait.
Source§

fn into_any_rc(self: Rc<T>) -> Rc<dyn Any>

Convert Rc<Trait> (where Trait: Downcast) to Rc<Any>. Rc<Any> can then be further downcast into Rc<ConcreteType> where ConcreteType implements Trait.
Source§

fn as_any(&self) -> &(dyn Any + 'static)

Convert &Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &Any’s vtable from &Trait’s.
Source§

fn as_any_mut(&mut self) -> &mut (dyn Any + 'static)

Convert &mut Trait (where Trait: Downcast) to &Any. This is needed since Rust cannot generate &mut Any’s vtable from &mut Trait’s.
Source§

impl<T> DowncastSync for T
where T: Any + Send + Sync,

Source§

fn into_any_arc(self: Arc<T>) -> Arc<dyn Any + Sync + Send>

Convert Arc<Trait> (where Trait: Downcast) to Arc<Any>. Arc<Any> can then be further downcast into Arc<ConcreteType> where ConcreteType implements Trait.
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<A, B, T> HttpServerConnExec<A, B> for T
where B: Body,