Skip to main content

Crate wafrift_oracle

Crate wafrift_oracle 

Source
Expand description

Payload oracles — semantic validation across injection types.

The oracle system ensures that evasion transforms preserve exploit semantics. Each oracle understands the structural invariants of a specific injection type and rejects transforms that would render the payload inert.

§Architecture

PayloadOracle (trait)
├── SqlOracle       — SQL AST parsing via sqlparser
├── XssOracle       — HTML tag/event/exec structure validation
├── SstiOracle      — Template delimiter and expression validation
├── CmdiOracle      — Shell separator + command validation
├── PathOracle      — Directory traversal sequence validation
├── LdapOracle      — LDAP filter syntax validation
└── SsrfOracle      — URL structure and host validation

§Usage

use wafrift_oracle::traits::PayloadOracle;
use wafrift_oracle::xss::XssOracle;

let oracle = XssOracle;
assert!(oracle.is_semantically_valid(
    "<script>alert(1)</script>",
    "<ScRiPt>alert(1)</sCrIpT>",
));

Pick the right oracle dynamically from the classified payload type — every grammar in wafrift-grammar has a matching oracle:

use wafrift_grammar::PayloadType;
use wafrift_oracle::oracle_for;

let oracle = oracle_for(PayloadType::Sql).unwrap();
assert_eq!(oracle.name(), "SQL");
assert!(oracle.is_semantically_valid("1 OR 1=1 --", "1 OR 1=1 --"));
// Mutilated payload that no longer parses as SQL: rejected.
assert!(!oracle.is_semantically_valid("1 OR 1=1 --", "1 O R 1=1 --"));

Reject SSRF mutations that lose the loopback target (a transformation engine can call this before emitting a variant):

use wafrift_oracle::ssrf::SsrfOracle;
use wafrift_oracle::traits::PayloadOracle;

let oracle = SsrfOracle;
// Same target, different on-the-wire encoding — kept.
assert!(oracle.is_semantically_valid("http://127.0.0.1/", "http://127.1/"));
// Pivot to a public host — semantics lost, rejected.
assert!(!oracle.is_semantically_valid("http://127.0.0.1/", "http://example.com/"));

Modules§

cloudflare
Cloudflare-specific WAF response parser. Cloudflare-specific WAF response parser.
cmdi
Command injection oracle. Command injection payload oracle.
ldap
LDAP injection oracle. LDAP-injection payload oracle.
oob
path
Path traversal oracle. Path traversal payload oracle.
response_oracle
WAF response oracle. WAF response oracle.
sql
SQL AST oracle. SQL AST Oracle.
ssi
SSI (Server-Side Includes) oracle. Server-Side Includes (SSI) payload oracle.
ssrf
SSRF (Server-Side Request Forgery) oracle. SSRF (Server-Side Request Forgery) payload oracle.
ssti
SSTI (Server-Side Template Injection) oracle. SSTI (Server-Side Template Injection) payload oracle.
traits
Oracle trait definition. Payload oracle trait — validates that evasion transforms preserve semantic meaning.
xss
XSS (Cross-Site Scripting) oracle. XSS payload oracle — validates that HTML/JS execution semantics survive transforms.

Structs§

SqlOracle
SQL oracle adapter that implements the PayloadOracle trait.

Functions§

oracle_for
Select the appropriate oracle for a given payload type.