Expand description
Payload oracles — semantic validation across injection types.
The oracle system ensures that evasion transforms preserve exploit semantics. Each oracle understands the structural invariants of a specific injection type and rejects transforms that would render the payload inert.
§Architecture
PayloadOracle (trait)
├── SqlOracle — SQL AST parsing via sqlparser
├── XssOracle — HTML tag/event/exec structure validation
├── SstiOracle — Template delimiter and expression validation
├── CmdiOracle — Shell separator + command validation
├── PathOracle — Directory traversal sequence validation
├── LdapOracle — LDAP filter syntax validation
└── SsrfOracle — URL structure and host validation§Usage
use wafrift_oracle::traits::PayloadOracle;
use wafrift_oracle::xss::XssOracle;
let oracle = XssOracle;
assert!(oracle.is_semantically_valid(
"<script>alert(1)</script>",
"<ScRiPt>alert(1)</sCrIpT>",
));Pick the right oracle dynamically from the classified payload
type — every grammar in wafrift-grammar has a matching oracle:
use wafrift_grammar::PayloadType;
use wafrift_oracle::oracle_for;
let oracle = oracle_for(PayloadType::Sql).unwrap();
assert_eq!(oracle.name(), "SQL");
assert!(oracle.is_semantically_valid("1 OR 1=1 --", "1 OR 1=1 --"));
// Mutilated payload that no longer parses as SQL: rejected.
assert!(!oracle.is_semantically_valid("1 OR 1=1 --", "1 O R 1=1 --"));Reject SSRF mutations that lose the loopback target (a transformation engine can call this before emitting a variant):
use wafrift_oracle::ssrf::SsrfOracle;
use wafrift_oracle::traits::PayloadOracle;
let oracle = SsrfOracle;
// Same target, different on-the-wire encoding — kept.
assert!(oracle.is_semantically_valid("http://127.0.0.1/", "http://127.1/"));
// Pivot to a public host — semantics lost, rejected.
assert!(!oracle.is_semantically_valid("http://127.0.0.1/", "http://example.com/"));Modules§
- cloudflare
- Cloudflare-specific WAF response parser. Cloudflare-specific WAF response parser.
- cmdi
- Command injection oracle. Command injection payload oracle.
- ldap
- LDAP injection oracle. LDAP-injection payload oracle.
- oob
- path
- Path traversal oracle. Path traversal payload oracle.
- response_
oracle - WAF response oracle. WAF response oracle.
- sql
- SQL AST oracle. SQL AST Oracle.
- ssi
- SSI (Server-Side Includes) oracle. Server-Side Includes (SSI) payload oracle.
- ssrf
- SSRF (Server-Side Request Forgery) oracle. SSRF (Server-Side Request Forgery) payload oracle.
- ssti
- SSTI (Server-Side Template Injection) oracle. SSTI (Server-Side Template Injection) payload oracle.
- traits
- Oracle trait definition. Payload oracle trait — validates that evasion transforms preserve semantic meaning.
- xss
- XSS (Cross-Site Scripting) oracle. XSS payload oracle — validates that HTML/JS execution semantics survive transforms.
Structs§
- SqlOracle
- SQL oracle adapter that implements the
PayloadOracletrait.
Functions§
- oracle_
for - Select the appropriate oracle for a given payload type.