Skip to main content

synapse_pingora/waf/
mod.rs

1//! WAF Rule Engine module.
2//!
3//! High-performance WAF rule evaluation with regex caching,
4//! index-based candidate selection, and SQL/XSS detection.
5//!
6//! # Features
7//!
8//! - Rule compilation with pre-compiled regex patterns (~30μs for 237 rules)
9//! - Index-based candidate selection for O(1) rule filtering
10//! - SQL injection pattern detection
11//! - XSS pattern detection
12//! - Stateful IP tracking with rate limiting
13//! - Credential stuffing detection integration
14//!
15//! # Architecture
16//!
17//! - [`Engine`] - Main WAF rule engine
18//! - [`WafRule`] - Rule definition with conditions
19//! - [`RuleIndex`] - Index for fast rule candidate selection
20//! - [`StateStore`] - Per-IP stateful tracking
21//!
22//! # Example
23//!
24//! ```ignore
25//! use synapse_pingora::waf::{Engine, Request, Action};
26//!
27//! let mut engine = Engine::empty();
28//! engine.load_rules(rules_json)?;
29//!
30//! let verdict = engine.analyze(&Request {
31//!     method: "GET",
32//!     path: "/api/users?id=1' OR '1'='1",
33//!     ..Default::default()
34//! });
35//!
36//! assert_eq!(verdict.action, Action::Block);
37//! ```
38
39mod engine;
40mod index;
41mod rule;
42mod state;
43mod synapse;
44mod trace;
45mod types;
46
47pub use engine::Engine;
48pub use index::{
49    build_rule_index, get_candidate_rule_indices, method_to_mask, CandidateCache,
50    CandidateCacheKey, IndexedRule, RuleIndex, RuleRequirements, UriAnchor, UriAnchorKind,
51    UriTransform, METHOD_GET, METHOD_HEAD, METHOD_PATCH, METHOD_POST, METHOD_PUT, REQ_ARGS,
52    REQ_ARG_ENTRIES, REQ_BODY, REQ_JSON, REQ_MULTIPART, REQ_RESPONSE, REQ_RESPONSE_BODY,
53};
54pub use rule::{boolean_operands, MatchCondition, MatchValue, WafRule};
55pub use state::{now_ms, StateStore};
56pub use synapse::Synapse;
57pub use trace::{TraceEvent, TraceSink, TraceState};
58pub use types::{
59    repeat_multiplier, Action, AnomalyContribution, AnomalySignal, AnomalySignalType, AnomalyType,
60    ArgEntry, BlockingMode, EvalContext, Header, Request, RiskConfig, RiskContribution, Verdict,
61};
62
63/// Error type for WAF operations.
64#[derive(Debug, Clone)]
65pub enum WafError {
66    /// Failed to parse rules JSON.
67    ParseError(String),
68    /// Invalid regex pattern in rules.
69    RegexError(String),
70}
71
72impl std::fmt::Display for WafError {
73    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
74        match self {
75            WafError::ParseError(msg) => write!(f, "parse error: {}", msg),
76            WafError::RegexError(msg) => write!(f, "regex error: {}", msg),
77        }
78    }
79}
80
81impl std::error::Error for WafError {}