pub enum PathNormalizeTechnique {
DotSegmentEncoded,
DoubleEncodedDotSegment,
MixedDotEncoding,
BackslashTraversal,
NullByteTruncation,
MultiSlashCollapse,
FragmentLeak,
SemicolonPathParam,
UnicodeFullwidthSlash,
OverlongUtf8Slash,
}Expand description
Which path-normalization differential to emit. Each variant maps to a known WAF/origin disagreement on URL-path interpretation.
Variants§
DotSegmentEncoded
/safe/%2e%2e/<target> — URL-encoded dot-dot traversal.
Bypasses WAFs that scan only for literal ../.
DoubleEncodedDotSegment
/safe/%252e%252e/<target> — double-encoded dot-dot.
Bypasses single-decode WAFs that see literal %25....
MixedDotEncoding
/safe/%2e./<target> — mixed encoded + literal dot.
Bypasses one-pass normalizers that miss the hybrid form.
BackslashTraversal
/safe/..\<target> — Windows-style backslash separator.
IIS / some Tomcat treat \ as a path separator; many WAFs
normalize only forward slashes.
NullByteTruncation
/<target>%00/safe.html — NUL-byte truncation.
C-string-based filters truncate at NUL; URL-aware backends
keep the full path and route to /<target>.
MultiSlashCollapse
////<target> — multi-slash run.
Some proxies collapse, some don’t — a per-segment ACL gate
that counts segments by literal slash will undercount.
FragmentLeak
/safe#/<target> — fragment-leaked path.
Backends strip fragment before routing; some WAFs split before
normalization and see only /safe.
SemicolonPathParam
/<target>;jsessionid=evil — RFC 3986 path parameter suffix.
Some WAFs normalize the path-param suffix away (matching
/<target>) while others keep it and miss the gate.
UnicodeFullwidthSlash
/<U+FF0F><target> — fullwidth solidus (visually a /).
Backends that NFKC-normalize the URL see /admin; WAFs that
don’t see a 3-byte UTF-8 sequence and pass.
OverlongUtf8Slash
/%c0%af<target> — overlong UTF-8 encoding of /.
Forbidden by RFC 3629 but accepted by lenient parsers
(pre-2.2.x Apache, old IIS, some Tomcat versions).
Implementations§
Source§impl PathNormalizeTechnique
impl PathNormalizeTechnique
Sourcepub fn technique_name(&self) -> &'static str
pub fn technique_name(&self) -> &'static str
Stable kebab-case technique name. Used in JSON output and telemetry — operators key on this for reproducibility.
Sourcepub fn description(&self) -> &'static str
pub fn description(&self) -> &'static str
One-line operator description for logs and reports.
Trait Implementations§
Source§impl Clone for PathNormalizeTechnique
impl Clone for PathNormalizeTechnique
Source§fn clone(&self) -> PathNormalizeTechnique
fn clone(&self) -> PathNormalizeTechnique
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreimpl Copy for PathNormalizeTechnique
Source§impl Debug for PathNormalizeTechnique
impl Debug for PathNormalizeTechnique
impl Eq for PathNormalizeTechnique
Source§impl Hash for PathNormalizeTechnique
impl Hash for PathNormalizeTechnique
Source§impl PartialEq for PathNormalizeTechnique
impl PartialEq for PathNormalizeTechnique
Source§fn eq(&self, other: &PathNormalizeTechnique) -> bool
fn eq(&self, other: &PathNormalizeTechnique) -> bool
self and other values to be equal, and is used by ==.impl StructuralPartialEq for PathNormalizeTechnique
Auto Trait Implementations§
impl Freeze for PathNormalizeTechnique
impl RefUnwindSafe for PathNormalizeTechnique
impl Send for PathNormalizeTechnique
impl Sync for PathNormalizeTechnique
impl Unpin for PathNormalizeTechnique
impl UnsafeUnpin for PathNormalizeTechnique
impl UnwindSafe for PathNormalizeTechnique
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.