NeuralTrust | The leading security platform for generative AI

Code Sanitation Plugin

The code_sanitation plugin provides advanced protection against code injection by analyzing and optionally sanitizing suspicious code patterns across multiple programming languages. It allows you to define whether to block the request or sanitize its content.

Technical Overview

The Code Sanitation plugin implements a sophisticated pattern detection and sanitization system. It analyzes incoming requests for potentially malicious code across multiple languages and request parts.

Core Components

Component	Features
Language Pattern Engine	- Language-specific pattern detection - Contextual code analysis - Pattern overlap handling - Syntax-aware detection
Sanitization System	- Pattern replacement - Context-aware sanitization - Character encoding handling - Preservation of code structure
Pattern Registry	- Per-language pattern sets - Pattern priority handling - Pattern conflict resolution - Dynamic pattern updates

Language-Specific Detection

Language	Category	Patterns / Techniques
JavaScript	Function Execution	`eval()`, `Function()`, `setTimeout()` with strings
	DOM Manipulation	`innerHTML`, `document.write`, script injection
	Event Handlers	`on*` attributes, `addEventListener` with strings
Python	Code Execution	`exec()`, `eval()`, `compile()`, `__import__()`
	Shell Commands	`os.system`, `subprocess.Popen`, command strings
Shell	Command Execution	Direct execution, shell metacharacters, substitution
	File Operations	Read/write operations, directory manipulation, permission changes

Processing Pipeline

Phase	Steps
Content Analysis	- Language detection - Context determination - Pattern application - Sanitization planning
Pattern Application	- Pattern matching - Priority enforcement - Overlap resolution - Result aggregation
Sanitization Process	- Character replacement - Structure preservation - Context validation - Output verification

Performance Optimization

Area	Techniques
Pattern Matching	- Optimized regex compilation - Pattern caching - Early termination - Partial matching
Content Processing	- Streaming and chunked analysis - Memory efficiency - CPU optimization
Sanitization	- In-place modification - Buffer reuse - Minimal allocations - Efficient replacements

Supported Languages

Language	Description	Example Patterns
JavaScript	Client-side scripting	`eval()`, `Function()`
Python	Server-side scripting	`exec()`, `eval()`
PHP	Web server code	`eval()`, `system()`
SQL	Database queries	`UNION SELECT`, `DROP TABLE`
Shell	Shell commands	`system()`, `exec()`
Java	JVM-based apps	`Runtime.exec()`
C#	.NET code	`Process.Start()`
Ruby	Ruby scripts	`eval()`, `exec()`
HTML	Markup injection	`<script>`, `onerror=`

Configuration

{
  "name": "code_sanitation",
  "enabled": true,
  "stage": "pre_request",
  "settings": {
    "languages": [
      { "language": "javascript", "enabled": true },
      { "language": "python", "enabled": true }
    ],
    "content_to_check": ["headers", "path_and_query", "body"],
    "action": "block",
    "status_code": 400,
    "error_message": "Code injection detected",
    "sanitize_char": "X"
  }
}

Configuration Parameters

Parameter	Type	Description	Required
languages	array	List of languages to scan	Yes
content_to_check	array	Request parts to inspect (`headers`, `body`, `path_and_query`)	Yes
action	string	`block` or `sanitize`	Yes
status_code	number	Status code returned when blocking	No
error_message	string	Message returned when blocking	No
sanitize_char	string	Character used to sanitize content	No

Usage Example

curl -X POST "http://localhost:8080/api/v1/gateways" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Sanitized Gateway",
    "subdomain": "sanitized",
    "required_plugins": [
      {
        "name": "code_sanitation",
        "enabled": true,
        "stage": "pre_request",
        "settings": {
          "languages": [
            { "language": "javascript", "enabled": true }
          ],
          "content_to_check": ["body"],
          "action": "block",
          "status_code": 400
        }
      }
    ]
  }'

Behavior Summary

Detects and handles code injection patterns across headers, body, and query
Supports multiple languages with extensible pattern definitions
Blocks or sanitizes input depending on configuration
Provides default and custom error messaging
Can sanitize in-place or reject malicious requests based on action

Getting Started

Core Concepts

Traffic Management

Rate Limiting & Request Control

Content Security

Application Security

Data masking

Extending Functionality

Observability & Monitoring

API Reference

Code Sanitation

Code Sanitation Plugin

Technical Overview

Core Components

Language-Specific Detection

Processing Pipeline

Performance Optimization

Supported Languages

Configuration

Configuration Parameters

Usage Example

Behavior Summary

Getting Started

Core Concepts

Traffic Management

Rate Limiting & Request Control

Content Security

Application Security

Data masking

Extending Functionality

Observability & Monitoring

API Reference

​Code Sanitation Plugin

​Technical Overview

​Core Components

​Language-Specific Detection

​Processing Pipeline

​Performance Optimization

​Supported Languages

​Configuration

​Configuration Parameters

​Usage Example

​Behavior Summary

Code Sanitation Plugin

Technical Overview

Core Components

Language-Specific Detection

Processing Pipeline

Performance Optimization

Supported Languages

Configuration

Configuration Parameters

Usage Example

Behavior Summary