Skip to content

[TT-15968] Custom plugin not working in Compliant mode #7606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MaciekMis wants to merge 10 commits into
base: master
Choose a base branch
from
Open

[TT-15968] Custom plugin not working in Compliant mode #7606

MaciekMis wants to merge 10 commits into from
+40 −24

Conversation

@MaciekMis
Copy link
Contributor

@MaciekMis MaciekMis commented Dec 8, 2025
edited by github-actions bot
Loading

Description

Related Issue

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

  • I ensured that the documentation is up to date
  • I explained why this PR updates go.mod in detail with reasoning why it's required
  • I would like a code coverage CI quality gate exception and have explained why

Ticket Details

TT-15968
Status In Dev
Summary Custom plugin not working in Compliant mode

Generated at: 2025-12-19 12:28:05

@github-actions
Copy link
Contributor

github-actions bot commented Dec 8, 2025

API Changes

no api changes detected

@probelabs
Copy link

probelabs bot commented Dec 8, 2025
edited
Loading

{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "overview",
"title": "Pull Request Overview",
"description": "Structured PR overview with human-readable text and machine-readable tags for automation",
"type": "object",
"required": [
"text"
],
"properties": {
"text": {
"type": "string",
"description": "Markdown-formatted overview/summary to display in PR comments"
},
"tags": {
"type": "object",
"description": "Metadata used for automation (labels, effort, etc.)",
"properties": {
"review-effort": {
"type": "integer",
"minimum": 1,
"maximum": 5,
"description": "Estimated review effort from 1 (trivial) to 5 (very high)"
},
"label": {
"type": "string",
"description": "Primary PR category label",
"enum": [
"bug",
"chore",
"documentation",
"enhancement",
"feature"
]
}
},
"additionalProperties": true
}
},
"additionalProperties": true,
"text": "This PR fixes a bug where custom authentication plugins (JavaScript, Go, CoProcess/gRPC) were not being initialized correctly when an API is configured in OpenAPI (OAS) compliant security mode. The issue stemmed from fragmented initialization logic within the AuthORWrapper middleware that relied on legacy boolean flags.

The solution refactors the Init() method in gateway/mw_auth_or_wrapper.go to unify the setup for all custom authentication plugins. It replaces several separate if statements with a single switch statement that keys off the spec.CustomMiddleware.Driver. This ensures that the correct middleware is consistently initialized with all required parameters from the API definition's CustomMiddleware.AuthCheck configuration, resolving the issue in compliant mode.

Files Changed Analysis

  • gateway/mw_auth_or_wrapper.go: The core change is here, consolidating the initialization logic for custom authentication plugins from multiple if blocks into a```mermaid
    graph TD
    A["AuthORWrapper.Init()"] --> B{customPluginAuthEnabled?};
    B -- Yes --> C{switch spec.CustomMiddleware.Driver};
    C --|case "otto"|--> D[Initialize DynamicMiddleware];
    C --|case "goplugin"|--> E[Initialize GoPluginMiddleware];
    C -- default --> F[Initialize CoProcessMiddleware];
    B --|No / Also|--> G[Initialize Standard Auth];
- **Key technical changes introduced:** The PR replaces a system of disparate boolean flags (`UseGoPluginAuth`, `EnableCoProcessAuth`, etc.) with a centralized, driver-based `switch` statement. This makes the initialization logic more robust and easier to maintain.
- **Affected system components:** The primary impact is on the Gateway's authentication middleware layer, specifically the `AuthORWrapper` responsible for handling multiple authentication providers. The fix is targeted at configurations using OpenAPI specifications.
- **Middleware Initialization Flow:**
  ```mermaid
graph TD
    A[\"AuthORWrapper.Init()\"] --> B{customPluginAuthEnabled?};
    B -- Yes --> C{switch spec.CustomMiddleware.Driver};
    C -- case \\\"otto\\\" --> D[Initialize DynamicMiddleware];
    C -- case \\\"goplugin\\\" --> E[Initialize GoPluginMiddleware];
    C -- default --> F[Initialize CoProcessMiddleware];
    B -- No / Also --> G[Initialize Standard Auth];

Scope Discovery & Context Expansion

  • The change is localized to gateway/mw_auth_or_wrapper.go, but it affects the core security flow for APIs with custom authentication.
  • To fully vet this change, a reviewer should cross-reference apidef/api_definitions.go to understand the structure of spec.CustomMiddleware, which is now the single source of truth for the initialization logic.
  • It would also be beneficial to inspect the Init() methods of the affected middlewares (GoPluginMiddleware, DynamicMiddleware, CoProcessMiddleware) to confirm that the parameters being passed (e.g., Path, SymbolName, HookType) are handled as expected.",
    "tags": {
    "review-effort": 2,
    "label": "bug"
    }
    }

Powered by Visor from Probelabs

Last updated: 2025-12-19T12:32:42.421Z | Triggered by: pr_updated | Commit: 8f33c5a

💡 TIP: You can chat with Visor using /visor ask <your question>

@probelabs
Copy link

probelabs bot commented Dec 8, 2025
edited
Loading

Security Issues (1)

Severity Location Issue
🔴 Critical gateway/mw_auth_or_wrapper.go:321-325
The Go plugin path is taken directly from the API definition (`spec.CustomMiddleware.AuthCheck.Path`) and used to load a shared object (`.so`) file without proper sanitization. This introduces a path traversal vulnerability.
💡 SuggestionAn attacker with permissions to create or modify an API definition could specify a plugin path like `../../../../path/to/malicious.so`. If the attacker can also upload a malicious shared object file to the server, this could lead to remote code execution. The path should be sanitized to ensure it resolves to a file within a designated, secure plugin directory. The application should not load plugins from arbitrary filesystem locations based on user-supplied configuration.

✅ Architecture Check Passed

No architecture issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

✅ Quality Check Passed

No quality issues found – changes LGTM.

Powered by Visor from Probelabs

Last updated: 2025-12-19T12:32:45.364Z | Triggered by: pr_updated | Commit: 8f33c5a

💡 TIP: You can chat with Visor using /visor ask <your question>

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 15, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MaciekMis