An experimental Web Application Library for Rust β a collection of building blocks for form validation, input filtering, access control, and graph-based navigation. The project is in research and development stage β please do not use it for production. Early feedback and bug reports are welcome via the issue tracker.
- Repository: https://github.com/elycruz/walrs
- Minimum supported Rust version: 1.85 (edition 2024)
- License: Elastic License 2.0
Add the root crate to get access to all sub-crates:
[dependencies]
walrs = "0.1"Each sub-crate is re-exported as a module on the umbrella crate. A short
end-to-end example using walrs::validation and walrs::filter:
use walrs::validation::{Rule, ValidateRef};
use walrs::filter::FilterOp;
// Compose validation rules
let username_rule = Rule::<String>::MinLength(3).and(Rule::MaxLength(20));
assert!(username_rule.validate_ref("alice").is_ok());
assert!(username_rule.validate_ref("ab").is_err());
// Chain input filters
let normalize = FilterOp::<String>::Chain(vec![
FilterOp::Trim,
FilterOp::Lowercase,
]);
assert_eq!(normalize.apply_ref(" ALICE "), "alice");For typed struct-based field validation (the recommended path for forms), see
walrs::fieldfilter:
use walrs::fieldfilter::{Field, FieldBuilder};All sub-crates are enabled by default. Disable features you don't need to reduce compile times:
[dependencies]
walrs = { version = "0.1", default-features = false, features = ["fieldfilter", "validation", "filter"] }Available features: acl, digraph, filter, graph, fieldfilter, fieldfilter-derive, navigation, rbac, validation. The full aggregate feature turns on every sub-crate plus fieldfilter-derive.
fieldfilter-derive opts into the #[derive(Fieldset)] proc-macro β it implies fieldfilter and enables walrs_fieldfilter's derive feature:
[dependencies]
walrs = { version = "0.1", default-features = false, features = ["fieldfilter-derive", "validation"] }use walrs::fieldfilter::{DeriveFieldset, Fieldset};You can also depend on individual sub-crates directly (e.g., walrs_fieldfilter = "0.1").
| Crate | Description |
|---|---|
walrs_acl |
Access control list structure |
walrs_acl_wasm |
WebAssembly bindings for walrs_acl (sibling crate, opt-in) |
walrs_digraph |
Directed graph structures |
walrs_filter |
Input value transformation/sanitization filters |
walrs_graph |
Undirected graph structures |
walrs_fieldfilter |
Field-level validation and filtering for form processing |
walrs_fieldset_derive |
Proc-macro crate providing #[derive(Fieldset)]; consumed via walrs_fieldfilter's derive feature |
walrs_navigation |
Web page link graph / navigation structures |
walrs_rbac |
Role-Based Access Control |
walrs_rbac_wasm |
WebAssembly bindings for walrs_rbac (sibling crate, opt-in) |
walrs_validation |
Composable validation rules |
walrs_fieldfilter standardises on the typed Fieldset trait (or
#[derive(Fieldset)] via the fieldfilter-derive feature) β define a struct
describing your fields and get statically-checked validation and filtering.
- Install
cargo-llvm-cov:cargo install cargo-llvm-cov - Run tests with coverage and generate HTML report:
sh ./llvm-cov-all.shor the command directly:cargo llvm-cov --html --workspace --branch - Open the generated report at
target/llvm-cov/html/index.htmlin your web browser.
Cargo llvm-cov reference: https://github.com/taiki-e/cargo-llvm-cov
Note: branch and functions tracking is not supported with this method (currently).
- Install
llvm-tools:$ rustup component add llvm-tools-preview - Install grcov:
cargo install grcov. - Run
sh ./grcov-all.sh(builds project with instrumentation and runs tests). - Run the coverage "index.html" file (target/coverage/html/index.html) in the browser.
Reference: https://github.com/mozilla/grcov?tab=readme-ov-file#how-to-get-grcov
The workspace includes cargo-fuzz targets for crates that handle untrusted input.
# cargo-fuzz requires nightly Rust
rustup install nightly
# Install cargo-fuzz
cargo install cargo-fuzz# List available targets for a crate
cd crates/validation
cargo fuzz list
# Run a specific target for 60 seconds
cargo fuzz run fuzz_email -- -max_total_time=60
# Run with a specific corpus directory
cargo fuzz run fuzz_email fuzz/corpus/fuzz_email/ -- -max_total_time=60| Crate | Targets | Focus |
|---|---|---|
walrs_validation |
fuzz_email, fuzz_url, fuzz_ip, fuzz_hostname, fuzz_date, fuzz_rule_composition |
String parsers, rule composition |
walrs_filter |
fuzz_strip_tags, fuzz_slug, fuzz_filter_op_string |
HTML sanitization, slug generation, filter chains |
walrs_fieldfilter |
fuzz_field_string_sanitize |
Field validation pipelines |
- Per-PR smoke runs: Every PR touching validation/filter/fieldfilter crates triggers 60-second fuzz runs per target.
- Scheduled deep runs: Weekly 30-minute runs per target on Mondays at 3 AM UTC (also manually triggerable).
- Crash artifacts are uploaded on failure for investigation.
Free to use, modify, and distribute for personal or internal use. Commercial resale and managed-service offerings require explicit permission from the copyright holder. See NOTICE for AI-assisted development disclosure.