feat: add Lua sandbox validation for plugins via deck plugin lint

cmd/plugin.go

@@ -0,0 +1,18 @@
+package cmd
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func newPluginCmd() *cobra.Command {
+	pluginCmd := &cobra.Command{
+		Use:		"plugin",
+		Short:	"Manage and validate Kong plugins",
+		Long:		`The plugin command set allows you to manage, validate, and lint Kong plugins locally.`,
+	}
+
+	pluginCmd.AddCommand(newPluginLintCmd())
+
+
+	return pluginCmd
+}

cmd/plugin_lint.go

@@ -0,0 +1,100 @@
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/kong/deck/plugin/lua"
+	"github.com/spf13/cobra"
+
+)
+
+var (
+	pluginLintCode		string
+	pluginLintEdition	string
+	pluginLintSandbox	string
+)
+
+// Executes plugin lint command. 
+func executePluginLint(cmd *cobra.Command, args []string) error{
+	var luaCode string
+	var err error
+
+	if pluginLintCode == "-" {
+		luaCode, err = readFromStdin()
+	} else {
+		content, readErr := os.ReadFile(pluginLintCode)
+		if readErr != nil {
+			return fmt.Errorf("failed to read file %s: %w", pluginLintCode, readErr)
+		}
+		luaCode = string(content)
+
+	}
+
+	if err != nil {
+		return fmt.Errorf("failed to read input: %w", err)
+	}
+
+	if strings.TrimSpace(luaCode) == "" {
+		return errors.New("no Lua code provided. Use --code or pipe code to stdin")
+	}
+
+
+	v, err := lua.NewValidator(pluginLintEdition, "")
+	if err != nil {
+		return err
+	}
+
+	violations, err := v.Validate(luaCode, pluginLintSandbox)
+	if err != nil {
+		return err
+	}
+
+	if len(violations) == 0 {
+		fmt.Println("Success: No violations found. Your Lua code is safe for the specified sandbox.")
+		return nil
+	}
+
+	fmt.Printf("Found %d violations:\n", len(violations))
+	for _, vio := range violations {
+		lineInfo := ""
+		if vio.Line > 0 {
+			lineInfo = fmt.Sprintf(" (line %d)", vio.Line)
+		}
+		fmt.Printf("  - [%s] %s: %s%s\n", vio.Severity, vio.ID, vio.Message, lineInfo)
+	}
+
+
+	return errors.New("lua validation failed")
+
+
+
+}
+func readFromStdin() (string, error) {
+   data, err := io.ReadAll(os.Stdin)
+	 if err != nil {
+		 return "", fmt.Errorf("error reading from stdin: %w", err)
+	 }
+
+   return string(data), err
+}
+
+
+func newPluginLintCmd() *cobra.Command {
+	pluginLintCmd := &cobra.Command{
+		Use: "lint [flags]",
+		Short: "Check custom LUA code for security and sandbox compatibility",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return executePluginLint(cmd, args)
+		},
+	}
+
+	pluginLintCmd.Flags().StringVarP(&pluginLintCode, "code", "c", "-", "custom LUA code to validate. Use - to read from stdin.")
+	pluginLintCmd.Flags().StringVarP(&pluginLintEdition, "edition", "e", "ee", "Kong Edition [choices: ee (enterprise), oss (open source).")
+	pluginLintCmd.Flags().StringVarP(&pluginLintSandbox, "sandbox", "s", "strict", "Kong Edition [choices: ee (enterprise), oss (open source).")
+
+	return pluginLintCmd
+}

cmd/root.go

@@ -237,6 +237,9 @@ It can be used to export, import, or sync entities to Kong.`,
 	rootCmd.AddCommand(newDiffCmd(true))            // deprecated, to exist under the `gateway` subcommand only
 	rootCmd.AddCommand(newConvertCmd(true))         // deprecated, to exist under the `file` subcommand only
 	rootCmd.AddCommand(newKonnectCmd())             // deprecated, to be removed
+
+	rootCmd.AddCommand(newPluginCmd())
+
 	{
 		gatewayCmd := newGatewaySubCmd()
 		rootCmd.AddCommand(gatewayCmd)
@@ -267,6 +270,8 @@ It can be used to export, import, or sync entities to Kong.`,
 		fileCmd.AddCommand(newKong2KicCmd())
 		fileCmd.AddCommand(newKong2TfCmd())
 	}
+
+
 	return rootCmd
 }
 

go.mod

@@ -111,6 +111,7 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	github.com/yuin/goldmark v1.8.2 // indirect
+	github.com/yuin/gopher-lua v1.1.2 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
 	go.opentelemetry.io/otel v1.33.0 // indirect

go.sum

@@ -415,6 +415,8 @@ github.com/yuin/goldmark v1.8.2 h1:kEGpgqJXdgbkhcOgBxkC0X0PmoPG1ZyoZ117rDVp4zE=
 github.com/yuin/goldmark v1.8.2/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
 github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
+github.com/yuin/gopher-lua v1.1.2 h1:yF/FjE3hD65tBbt0VXLE13HWS9h34fdzJmrWRXwobGA=
+github.com/yuin/gopher-lua v1.1.2/go.mod h1:7aRmXIWl37SqRf0koeyylBEzJ+aPt8A+mmkQ4f1ntR8=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=

pkg/lua/policies/kong_ee_3x.yaml

@@ -0,0 +1,104 @@
+# Kong Enterprise Lua Sandbox Knowledge Base
+# Accurate mapping from kong/tools/sandbox/environment/
+
+version: "1.0"
+edition: "EE"
+
+profiles:
+  - name: lua
+    description: "Base Lua environment. Standard libraries only."
+    allowed_globals:
+      - _VERSION
+      - assert
+      - error
+      - ipairs
+      - next
+      - pairs
+      - pcall
+      - print
+      - select
+      - tonumber
+      - tostring
+      - type
+      - unpack
+      - xpcall
+    allowed_prefixes:
+      - bit.
+      - coroutine.
+      - io.type
+      - jit.
+      - math.
+      - os.clock
+      - os.date
+      - os.difftime
+      - os.time
+      - string.
+      - table.
+
+  - name: strict
+    extends: lua
+    description: "Standard Kong Sandbox. Safe PDK and Nginx utilities."
+    allowed_globals:
+      - kong
+      - ngx
+    allowed_prefixes:
+      - kong.client.
+      - kong.cluster.
+      - kong.default_workspace
+      - kong.ip.
+      - kong.jwe.
+      - kong.nginx.
+      - kong.node.
+      - kong.plugin.
+      - kong.request.
+      - kong.response.
+      - kong.service.request.
+      - kong.service.response.
+      - kong.table.
+      - kong.telemetry.
+      - kong.tracing.
+      - kong.version
+      - ngx.log
+      - ngx.sleep
+      - ngx.time
+      - ngx.re.
+      - ngx.req.
+      - ngx.resp.
+      - ngx.worker.
+      - ngx.config.
+      # Common constants
+      - ngx.HTTP_
+      - ngx.OK
+      - ngx.ERR
+      - ngx.INFO
+
+  - name: lax
+    extends: strict
+    description: "Permissive Sandbox. Allows DB, cache, and network sockets."
+    allowed_prefixes:
+      - kong.cache.
+      - kong.db.consumers.
+      - kong.db.services.
+      - kong.db.routes.
+      - kong.db.upstreams.
+      - kong.db.targets.
+      - kong.db.plugins.
+      - kong.db.certificates.
+      - kong.db.snis.
+      - kong.db.ca_certificates.
+      - kong.dns.
+      - kong.vault.
+      - ngx.socket.
+      - ngx.thread.
+      - ngx.location.capture
+
+
+rules:
+  - id: LUA-EV-001
+    pattern: "(_G\\[|getfenv|setfenv)"
+    severity: CRITICAL
+    message: "Potential sandbox evasion: global environment manipulation."
+  - id: LUA-SEC-001
+    pattern: "require\\s*\\(['\"] (ffi|os|io) ['\"]\\)"
+    severity: CRITICAL
+    message: "Forbidden module loading."

pkg/lua/policies/kong_oss_3x.yaml

@@ -0,0 +1,54 @@
+# Kong OSS Lua Sandbox Knowledge Base
+
+version: "1.0"
+edition: "OSS"
+
+profiles:
+  - name: lua
+    description: "Base Lua environment for OSS"
+    allowed_globals:
+      - _VERSION
+      - assert
+      - error
+      - ipairs
+      - next
+      - pairs
+      - pcall
+      - print
+      - select
+      - tonumber
+      - tostring
+      - type
+      - unpack
+      - xpcall
+    allowed_prefixes:
+      - math.
+      - string.
+      - table.
+
+  - name: standard
+    extends: lua
+    description: "Standard OSS Sandbox. Core PDK only."
+    allowed_globals:
+      - kong
+      - ngx
+    allowed_prefixes:
+      - kong.log.
+      - kong.request.
+      - kong.response.
+      - kong.service.
+      - kong.ip.
+      - kong.table.
+      - ngx.log
+      - ngx.sleep
+      - ngx.time
+      - ngx.re.
+      - ngx.exit
+      - ngx.HTTP_
+      - ngx.OK
+
+rules:
+  - id: LUA-EV-001
+    pattern: "(_G\\[|getfenv|setfenv)"
+    severity: CRITICAL
+    message: "Sandbox evasion: global environment access is strictly blocked."