Skip to main content

Module coverage_feedback

Module coverage_feedback 

Source
Expand description

WAF rule-coverage feedback for MAP-Elites quality-diversity search.

When the bench fires against a ModSec-fronted target, the response body may contain the specific CRS rule_id that fired (parsed by wafrift_oracle::signal_body_marker::BlockReason::RuleId). This module turns that signal into a 2-D MAP-Elites behavior descriptor:

 (PayloadClass, Option<RuleId>)

The grid cell is (attack-class × rule-id). When a cell is undiscovered the mutation strategy can target it deliberately, so bypasses are found ACROSS the rule corpus rather than concentrated on the rules the engine accidentally hits first.

§Usage

use wafrift_evolution::coverage_feedback::{
    RuleCoverage, PayloadClass, RuleId, map_elites_descriptor,
};

let mut cov = RuleCoverage::default();
let desc = map_elites_descriptor("' OR 1=1--", Some("942100"));
cov.record("' OR 1=1--", desc.1.as_ref().map(|r| r.0.as_str()));

let report = cov.coverage_report();
assert!(!report.is_empty());

Structs§

PayloadClass
The attack-class dimension of the MAP-Elites grid.
RuleCoverage
Accumulates (payload, rule_id) observations from live bench runs and exposes coverage analytics used by the --coverage-report flag.
RuleId
A CRS / WAF rule identifier.

Functions§

map_elites_descriptor
Produce the 2-D MAP-Elites behavior descriptor for one (payload, rule_id) observation.