Refactor plugin to use Tokenizer and Serving APIs instead of loading the model directly

Author: mostafa

gatewayd_plugin.yaml

@@ -28,14 +28,14 @@ plugins:
       - METRICS_ENABLED=True
       - METRICS_UNIX_DOMAIN_SOCKET=/tmp/gatewayd-plugin-sql-ids-ips.sock
       - METRICS_PATH=/metrics
-      - API_ADDRESS=http://localhost:5000
+      - TOKENIZER_API_ADDRESS=http://localhost:8000
+      - SERVING_API_ADDRESS=http://localhost:8501
       # Threshold determine the minimum prediction confidence
       # required to detect an SQL injection attack. Any value
       # between 0 and 1 is valid, and it is inclusive.
       # Anything below 0.8 is not recommended,
       # but it is dependent on the application and testing.
       - THRESHOLD=0.8
-      - MODEL_PATH=sqli_model
       # The following env-vars disable the verbose logging of Tensorflow.
       - KMP_AFFINITY=noverbose
       - TF_CPP_MIN_LOG_LEVEL=3

go.mod

@@ -3,8 +3,8 @@ module github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips
 go 1.22
 
 require (
+	github.com/carlmjohnson/requests v0.23.5
 	github.com/corazawaf/libinjection-go v0.1.3
-	github.com/galeone/tensorflow/tensorflow/go v0.0.0-20240119075110-6ad3cf65adfe
 	github.com/gatewayd-io/gatewayd-plugin-sdk v0.2.5
 	github.com/hashicorp/go-hclog v1.6.2
 	github.com/hashicorp/go-plugin v1.6.0

go.sum

@@ -2,6 +2,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
 github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=
+github.com/carlmjohnson/requests v0.23.5 h1:NPANcAofwwSuC6SIMwlgmHry2V3pLrSqRiSBKYbNHHA=
+github.com/carlmjohnson/requests v0.23.5/go.mod h1:zG9P28thdRnN61aD7iECFhH5iGGKX2jIjKQD9kqYH+o=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/corazawaf/libinjection-go v0.1.3 h1:PUplAYho1BBl0tIVbhDsNRuVGIeUYSiCEc9oQpb2rJU=
@@ -17,8 +19,6 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/galeone/tensorflow/tensorflow/go v0.0.0-20240119075110-6ad3cf65adfe h1:7yELf1NFEwECpXMGowkoftcInMlVtLTCdwWLmxKgzNM=
-github.com/galeone/tensorflow/tensorflow/go v0.0.0-20240119075110-6ad3cf65adfe/go.mod h1:TelZuq26kz2jysARBwOrTv16629hyUsHmIoj54QqyFo=
 github.com/gatewayd-io/gatewayd-plugin-sdk v0.2.5 h1:H1S4CKS4IfezxlvgBLtSJ/3s85wznxgxJEnwLys+kIM=
 github.com/gatewayd-io/gatewayd-plugin-sdk v0.2.5/go.mod h1:1XS2ufw+8VRTHAbDf18Y7rSPlOczeQ/baUWPqJrDkeE=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=

main.go

@@ -4,7 +4,6 @@ import (
 	"flag"
 	"os"
 
-	tf "github.com/galeone/tensorflow/tensorflow/go"
 	sdkConfig "github.com/gatewayd-io/gatewayd-plugin-sdk/config"
 	"github.com/gatewayd-io/gatewayd-plugin-sdk/logging"
 	"github.com/gatewayd-io/gatewayd-plugin-sdk/metrics"
@@ -40,21 +39,11 @@ func main() {
 		}
 
 		pluginInstance.Impl.Threshold = cast.ToFloat32(cfg["threshold"])
-
-		modelPath := cast.ToString(cfg["modelPath"])
-		// Load the model from the file system
-		model, err := tf.LoadSavedModel(modelPath, []string{"serve"}, nil)
-		if err != nil {
-			logger.Error("Failed to load model", "error", err)
-			panic(err)
-		}
-		defer model.Session.Close()
-
-		pluginInstance.Impl.Model = model
 		pluginInstance.Impl.EnableLibinjection = cast.ToBool(cfg["enableLibinjection"])
 		pluginInstance.Impl.LibinjectionPermissiveMode = cast.ToBool(
 			cfg["libinjectionPermissiveMode"])
-		pluginInstance.Impl.APIAddress = cast.ToString(cfg["apiAddress"])
+		pluginInstance.Impl.TokenizerAPIAddress = cast.ToString(cfg["tokenizerAPIAddress"])
+		pluginInstance.Impl.ServingAPIAddress = cast.ToString(cfg["servingAPIAddress"])
 	}
 
 	goplugin.Serve(&goplugin.ServeConfig{

plugin/module.go

@@ -34,10 +34,12 @@ var (
 			"metricsEnabled": sdkConfig.GetEnv("METRICS_ENABLED", "true"),
 			"metricsUnixDomainSocket": sdkConfig.GetEnv(
 				"METRICS_UNIX_DOMAIN_SOCKET", "/tmp/gatewayd-plugin-sql-ids-ips.sock"),
-			"metricsEndpoint":            sdkConfig.GetEnv("METRICS_ENDPOINT", "/metrics"),
-			"apiAddress":                 sdkConfig.GetEnv("API_ADDRESS", "http://localhost:5000"),
+			"metricsEndpoint": sdkConfig.GetEnv("METRICS_ENDPOINT", "/metrics"),
+			"tokenizerAPIAddress": sdkConfig.GetEnv(
+				"TOKENIZER_API_ADDRESS", "http://localhost:8000"),
+			"servingAPIAddress": sdkConfig.GetEnv(
+				"SERVING_API_ADDRESS", "http://localhost:8501"),
 			"threshold":                  sdkConfig.GetEnv("THRESHOLD", "0.8"),
-			"modelPath":                  sdkConfig.GetEnv("MODEL_PATH", "sqli_model"),
 			"enableLibinjection":         sdkConfig.GetEnv("ENABLE_LIBINJECTION", "true"),
 			"libinjectionPermissiveMode": sdkConfig.GetEnv("LIBINJECTION_MODE", "true"),
 		},

plugin/plugin.go

@@ -1,15 +1,12 @@
 package plugin
 
 import (
-	"bytes"
 	"context"
 	"encoding/base64"
 	"encoding/json"
-	"net/http"
-	"net/url"
 
+	"github.com/carlmjohnson/requests"
 	"github.com/corazawaf/libinjection-go"
-	tf "github.com/galeone/tensorflow/tensorflow/go"
 	sdkAct "github.com/gatewayd-io/gatewayd-plugin-sdk/act"
 	"github.com/gatewayd-io/gatewayd-plugin-sdk/databases/postgres"
 	sdkPlugin "github.com/gatewayd-io/gatewayd-plugin-sdk/plugin"
@@ -25,11 +22,11 @@ type Plugin struct {
 	goplugin.GRPCPlugin
 	v1.GatewayDPluginServiceServer
 	Logger                     hclog.Logger
-	Model                      *tf.SavedModel
 	Threshold                  float32
 	EnableLibinjection         bool
 	LibinjectionPermissiveMode bool
-	APIAddress                 string
+	TokenizerAPIAddress        string
+	ServingAPIAddress          string
 }
 
 type InjectionDetectionPlugin struct {
@@ -105,87 +102,43 @@ func (p *Plugin) OnTrafficFromClient(ctx context.Context, req *v1.Struct) (*v1.S
 	}
 	queryString := cast.ToString(queryMap["String"])
 
-	// Create a JSON body for the request.
-	body, err := json.Marshal(map[string]interface{}{
-		"query": queryString,
-	})
-	if err != nil {
-		p.Logger.Error("Failed to marshal body", "error", err)
-		if p.isSQLi(queryString) && !p.LibinjectionPermissiveMode {
-			return p.errorResponse(req, queryString), nil
-		}
-		return req, nil
-	}
-	// Make an HTTP POST request to the tokenize service.
-	tokenizeEndpoint, err := url.JoinPath(p.APIAddress, "/tokenize_and_sequence")
-	if err != nil {
-		p.Logger.Error("Failed to join API address and path", "error", err)
-		if p.isSQLi(queryString) && !p.LibinjectionPermissiveMode {
-			return p.errorResponse(req, queryString), nil
-		}
-		return req, nil
-	}
-	resp, err := http.Post(tokenizeEndpoint, "application/json", bytes.NewBuffer(body))
+	var tokens map[string]interface{}
+	err = requests.
+		URL(p.TokenizerAPIAddress).
+		Path("/tokenize_and_sequence").
+		BodyJSON(map[string]interface{}{
+			"query": queryString,
+		}).
+		ToJSON(&tokens).
+		Fetch(context.Background())
 	if err != nil {
-		p.Logger.Error("Failed to make GET request", "error", err)
+		p.Logger.Error("Failed to make POST request", "error", err)
 		if p.isSQLi(queryString) && !p.LibinjectionPermissiveMode {
 			return p.errorResponse(req, queryString), nil
 		}
 		return req, nil
 	}
 
-	// Read the response body.
-	defer resp.Body.Close()
-	var data map[string]interface{}
-	if err := json.NewDecoder(resp.Body).Decode(&data); err != nil {
-		p.Logger.Error("Failed to decode response body", "error", err)
-		if p.isSQLi(queryString) && !p.LibinjectionPermissiveMode {
-			return p.errorResponse(req, queryString), nil
-		}
-		return req, nil
-	}
-
-	// Get the tokens from the response.
-	var tokens []float32
-	for _, v := range data["tokens"].([]interface{}) {
-		tokens = append(tokens, cast.ToFloat32(v))
-	}
-
-	// Convert []float32 to a [][]float32.
-	allTokens := make([][]float32, 1)
-	allTokens[0] = tokens
-
-	p.Logger.Trace("Tokens", "tokens", allTokens)
-
-	// Create a tensor from the tokens.
-	inputTensor, err := tf.NewTensor(allTokens)
+	var output map[string]interface{}
+	err = requests.
+		URL(p.ServingAPIAddress).
+		Path("/v1/models/sqli_model:predict").
+		BodyJSON(map[string]interface{}{
+			"inputs": []interface{}{cast.ToSlice(tokens["tokens"])},
+		}).
+		ToJSON(&output).
+		Fetch(context.Background())
 	if err != nil {
-		p.Logger.Error("Failed to create input tensor", "error", err)
+		p.Logger.Error("Failed to make POST request", "error", err)
 		if p.isSQLi(queryString) && !p.LibinjectionPermissiveMode {
 			return p.errorResponse(req, queryString), nil
 		}
 		return req, nil
 	}
 
-	// Run the model to predict if the query is malicious or not.
-	output, err := p.Model.Session.Run(
-		map[tf.Output]*tf.Tensor{
-			p.Model.Graph.Operation("serving_default_embedding_input").Output(0): inputTensor,
-		},
-		[]tf.Output{
-			p.Model.Graph.Operation("StatefulPartitionedCall").Output(0),
-		},
-		nil,
-	)
-	if err != nil {
-		p.Logger.Error("Failed to run model", "error", err)
-		if p.isSQLi(queryString) && !p.LibinjectionPermissiveMode {
-			return p.errorResponse(req, queryString), nil
-		}
-		return req, nil
-	}
-	predictions := output[0].Value().([][]float32)
-	score := predictions[0][0]
+	predictions := cast.ToSlice(output["outputs"])
+	scores := cast.ToSlice(predictions[0])
+	score := cast.ToFloat32(scores[0])
 	p.Logger.Trace("Deep learning model prediction", "score", score)
 
 	// Check the prediction against the threshold,