Expand description
WAF rule-coverage feedback for MAP-Elites quality-diversity search.
When the bench fires against a ModSec-fronted target, the response body
may contain the specific CRS rule_id that fired (parsed by
wafrift_oracle::signal_body_marker::BlockReason::RuleId). This module
turns that signal into a 2-D MAP-Elites behavior descriptor:
(PayloadClass, Option<RuleId>)The grid cell is (attack-class × rule-id). When a cell is
undiscovered the mutation strategy can target it deliberately, so
bypasses are found ACROSS the rule corpus rather than concentrated on
the rules the engine accidentally hits first.
§Usage
use wafrift_evolution::coverage_feedback::{
RuleCoverage, PayloadClass, RuleId, map_elites_descriptor,
};
let mut cov = RuleCoverage::default();
let desc = map_elites_descriptor("' OR 1=1--", Some("942100"));
cov.record("' OR 1=1--", desc.1.as_ref().map(|r| r.0.as_str()));
let report = cov.coverage_report();
assert!(!report.is_empty());Structs§
- Payload
Class - The attack-class dimension of the MAP-Elites grid.
- Rule
Coverage - Accumulates
(payload, rule_id)observations from live bench runs and exposes coverage analytics used by the--coverage-reportflag. - RuleId
- A CRS / WAF rule identifier.
Functions§
- map_
elites_ descriptor - Produce the 2-D MAP-Elites behavior descriptor for one
(payload, rule_id)observation.