Make API address configurable

Send query to API in the body as JSON using POST

Author: mostafa

gatewayd_plugin.yaml

@@ -30,6 +30,7 @@ plugins:
       - METRICS_ENABLED=True
       - METRICS_UNIX_DOMAIN_SOCKET=/tmp/gatewayd-plugin-sql-ids-ips.sock
       - METRICS_PATH=/metrics
+      - API_ADDRESS=http://localhost:5000
       # Threshold determine the minimum prediction confidence
       # required to detect an SQL injection attack. Any value
       # between 0 and 1 is valid, and it is inclusive.

main.go

@@ -54,6 +54,7 @@ func main() {
 		pluginInstance.Impl.EnableLibinjection = cast.ToBool(cfg["enableLibinjection"])
 		pluginInstance.Impl.LibinjectionPermissiveMode = cast.ToBool(
 			cfg["libinjectionPermissiveMode"])
+		pluginInstance.Impl.APIAddress = cast.ToString(cfg["apiAddress"])
 	}
 
 	goplugin.Serve(&goplugin.ServeConfig{

plugin/module.go

@@ -35,6 +35,7 @@ var (
 			"metricsUnixDomainSocket": sdkConfig.GetEnv(
 				"METRICS_UNIX_DOMAIN_SOCKET", "/tmp/gatewayd-plugin-sql-ids-ips.sock"),
 			"metricsEndpoint":            sdkConfig.GetEnv("METRICS_ENDPOINT", "/metrics"),
+			"apiAddress":                 sdkConfig.GetEnv("API_ADDRESS", "http://localhost:5000"),
 			"threshold":                  sdkConfig.GetEnv("THRESHOLD", "0.8"),
 			"modelPath":                  sdkConfig.GetEnv("MODEL_PATH", "sqli_model"),
 			"enableLibinjection":         sdkConfig.GetEnv("ENABLE_LIBINJECTION", "true"),

plugin/plugin.go

@@ -1,11 +1,12 @@
 package plugin
 
 import (
+	"bytes"
 	"context"
 	"encoding/base64"
 	"encoding/json"
-	"fmt"
 	"net/http"
+	"net/url"
 
 	"github.com/corazawaf/libinjection-go"
 	tf "github.com/galeone/tensorflow/tensorflow/go"
@@ -27,6 +28,7 @@ type Plugin struct {
 	Threshold                  float32
 	EnableLibinjection         bool
 	LibinjectionPermissiveMode bool
+	APIAddress                 string
 }
 
 type InjectionDetectionPlugin struct {
@@ -144,9 +146,27 @@ func (p *Plugin) OnTrafficFromClient(ctx context.Context, req *v1.Struct) (*v1.S
 		return req
 	}
 
-	// Make an HTTP GET request to the tokenize service.
-	resp, err := http.Get(
-		fmt.Sprintf("http://localhost:5000/tokenize_and_sequence/%s", queryString))
+	// Create a JSON body for the request.
+	body, err := json.Marshal(map[string]interface{}{
+		"query": queryString,
+	})
+	if err != nil {
+		p.Logger.Error("Failed to marshal body", "error", err)
+		if isSQLi(queryString) && !p.LibinjectionPermissiveMode {
+			return errorResponse(), nil
+		}
+		return req, nil
+	}
+	// Make an HTTP POST request to the tokenize service.
+	tokenizeEndpoint, err := url.JoinPath(p.APIAddress, "/tokenize_and_sequence")
+	if err != nil {
+		p.Logger.Error("Failed to join API address and path", "error", err)
+		if isSQLi(queryString) && !p.LibinjectionPermissiveMode {
+			return errorResponse(), nil
+		}
+		return req, nil
+	}
+	resp, err := http.Post(tokenizeEndpoint, "application/json", bytes.NewBuffer(body))
 	if err != nil {
 		p.Logger.Error("Failed to make GET request", "error", err)
 		if isSQLi(queryString) && !p.LibinjectionPermissiveMode {