Skip to content

Update plugin docs for sql-ids-ips, cache, and js plugins #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mostafa merged 1 commit into from
Feb 21, 2026
Merged

Update plugin docs for sql-ids-ips, cache, and js plugins #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion plugins/gatewayd-plugin-cache.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
last_modified_date: 2024-09-14 13:37:00
last_modified_date: 2026-02-22 00:27:00
layout: default
title: gatewayd-plugin-cache
description: GatewayD plugin for caching query results in Redis.
Expand Down Expand Up @@ -85,6 +85,7 @@ plugins:
- PERIODIC_INVALIDATOR_START_DELAY=1m
- EXIT_ON_STARTUP_ERROR=False
- SENTRY_DSN=https://70eb1abcd32e41acbdfc17bc3407a543@o4504550475038720.ingest.sentry.io/4505342961123328
- SCAN_COUNT=1000
- CACHE_CHANNEL_BUFFER_SIZE=100
checksum: 3988e10aefce2cd9b30888eddd2ec93a431c9018a695aea1cea0dac46ba91cae
```
Expand All @@ -106,6 +107,7 @@ plugins:
| `PERIODIC_INVALIDATOR_INTERVAL` | The interval for periodic cache invalidation. | `1m` |
| `PERIODIC_INVALIDATOR_START_DELAY` | The delay before starting periodic cache invalidation. | `1m` |
| `EXIT_ON_STARTUP_ERROR` | Whether to exit the plugin if there is an error during startup. | `False` |
| `SCAN_COUNT` | The number of keys to scan per iteration during periodic cache invalidation. | `1000` |
| `SENTRY_DSN` | Sentry DSN. Set to empty string to disable Sentry. | `https://70eb1abcd32e41acbdfc17bc3407a543@o4504550475038720.ingest.sentry.io/4505342961123328` |
| `CACHE_CHANNEL_BUFFER_SIZE` | The buffer size for the cache channel. | `100` |

Expand Down
32 changes: 25 additions & 7 deletions plugins/gatewayd-plugin-js.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
last_modified_date: 2024-05-31 20:16:38
last_modified_date: 2026-02-22 00:28:00
layout: default
title: gatewayd-plugin-js
description: GatewayD plugin for running JS functions as hooks.
Expand All @@ -26,10 +26,21 @@ The gatewayd-plugin-js is a GatewayD plugin for running JS functions as hooks an
> }
> ```

## Helper Functions

The following built-in helper functions are available in the JavaScript runtime:

| Function | Description |
| ---------- | -------------------------------------------------------------------------------------------------------------- |
| `parseSQL` | Parses a SQL query string and returns a stringified JSON representation of the parsed AST. Takes one argument. |
| `btoa` | Encodes a string to base64. Takes one argument. |
| `atob` | Decodes a base64-encoded string. Takes one argument. |

## Features

- Run JS functions as hooks
- Helper functions for common tasks such as parsing incoming queries
- Thread-safe JavaScript execution via mutex-protected runtime
- Support for running multiple JS functions as hooks
- Prometheus metrics for monitoring
- Logging
Expand Down Expand Up @@ -67,23 +78,30 @@ plugins:
- name: gatewayd-plugin-js
enabled: True
localPath: ../gatewayd-plugin-js/gatewayd-plugin-js
url: github.com/gatewayd-io/gatewayd-plugin-js@latest
args: ["--log-level", "info"]
env:
- MAGIC_COOKIE_KEY=GATEWAYD_PLUGIN
- MAGIC_COOKIE_VALUE=5712b87aa5d7e9f9e9ab643e6603181c5b796015cb1c09d6f5ada882bf2a1872
- SCRIPT_PATH=./scripts/index.js
- METRICS_ENABLED=True
- METRICS_UNIX_DOMAIN_SOCKET=/tmp/gatewayd-plugin-js.sock
- METRICS_PATH=/metrics
- SENTRY_DSN=https://439b580ade4a947cf16e5cfedd18f51f@o4504550475038720.ingest.sentry.io/4506475229413376
checksum: d310772152467d9c6ab4ba17fd9dd40d3f724dee4aa014a722e1865d91744a4f
```

### Environment variables

| Name | Description | Default |
| -------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| `MAGIC_COOKIE_KEY` | The key for the magic cookie. | `GATEWAYD_PLUGIN` |
| `MAGIC_COOKIE_VALUE` | The value for the magic cookie. | `5712b87aa5d7e9f9e9ab643e6603181c5b796015cb1c09d6f5ada882bf2a1872` |
| `SCRIPT_PATH` | The path to the JS file that contains the functions to be executed as hooks. | `./scripts/index.js` |
| `SENTRY_DSN` | Sentry DSN. Set to empty string to disable Sentry. | `https://439b580ade4a947cf16e5cfedd18f51f@o4504550475038720.ingest.sentry.io/4506475229413376` |
| Name | Description | Default |
| ---------------------------- | --------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| `MAGIC_COOKIE_KEY` | The key for the magic cookie. | `GATEWAYD_PLUGIN` |
| `MAGIC_COOKIE_VALUE` | The value for the magic cookie. | `5712b87aa5d7e9f9e9ab643e6603181c5b796015cb1c09d6f5ada882bf2a1872` |
| `SCRIPT_PATH` | The path to the JS file that contains the functions to be executed as hooks. | `./scripts/index.js` |
| `METRICS_ENABLED` | Whether to enable metrics. | `True` |
| `METRICS_UNIX_DOMAIN_SOCKET` | The path to the Unix domain socket for exposing metrics. This must be accessible to GatewayD. | `/tmp/gatewayd-plugin-js.sock` |
| `METRICS_PATH` | The path for exposing metrics. | `/metrics` |
| `SENTRY_DSN` | Sentry DSN. Set to empty string to disable Sentry. | `https://439b580ade4a947cf16e5cfedd18f51f@o4504550475038720.ingest.sentry.io/4506475229413376` |

### Command-line arguments

Expand Down
53 changes: 33 additions & 20 deletions plugins/gatewayd-plugin-sql-ids-ips.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
last_modified_date: 2026-02-21 21:44:00
last_modified_date: 2026-02-22 00:27:00
layout: default
title: gatewayd-plugin-sql-ids-ips
description: GatewayD plugin for SQL injection detection and prevention.
Expand Down Expand Up @@ -34,7 +34,18 @@

## DeepSQLi

The plugin must be used in conjunction with DeepSQLi, a deep-learning model for SQL injection detection. DeepSQLi is available as a separate service and must be started before the plugin. For more information, refer to the [DeepSQLi documentation](https://github.com/gatewayd-io/DeepSQLi).
The plugin must be used in conjunction with [DeepSQLi](https://github.com/gatewayd-io/DeepSQLi), a deep-learning model for SQL injection detection. DeepSQLi uses a CNN-BiLSTM architecture with a custom SQL tokenizer to classify queries as malicious or legitimate.

Check failure on line 37 in plugins/gatewayd-plugin-sql-ids-ips.md

View workflow job for this annotation

GitHub Actions / Lint prose 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'tokenizer'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'tokenizer'?", "location": {"path": "plugins/gatewayd-plugin-sql-ids-ips.md", "range": {"start": {"line": 37, "column": 207}}}, "severity": "ERROR"}

DeepSQLi is available as a Docker container and must be started before the plugin:

```bash
cd DeepSQLi
docker compose up -d prediction-api
```

The prediction API exposes a `/predict` endpoint on port 8000 by default, along with a `/health` endpoint for health checks. Configure the plugin to point to this address via the `PREDICTION_API_ADDRESS` environment variable.

For more information, refer to the [DeepSQLi documentation](https://github.com/gatewayd-io/DeepSQLi).

## Installation

Expand Down Expand Up @@ -71,6 +82,7 @@
- METRICS_UNIX_DOMAIN_SOCKET=/tmp/gatewayd-plugin-sql-ids-ips.sock
- METRICS_PATH=/metrics
- PREDICTION_API_ADDRESS=http://localhost:8000
- PREDICTION_TIMEOUT=10
- THRESHOLD=0.8
- ENABLE_LIBINJECTION=True
- LIBINJECTION_PERMISSIVE_MODE=True
Expand All @@ -86,24 +98,25 @@

## Environment Variables

| Name | Description | Default |
| ------------------------------ | --------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
| `MAGIC_COOKIE_KEY` | The key for the magic cookie. | `GATEWAYD_PLUGIN` |
| `MAGIC_COOKIE_VALUE` | The value for the magic cookie. | `5712b87aa5d7e9f9e9ab643e6603181c5b796015cb1c09d6f5ada882bf2a1872` |
| `METRICS_ENABLED` | Whether to enable metrics. | `True` |
| `METRICS_UNIX_DOMAIN_SOCKET` | The path to the Unix domain socket for exposing metrics. This must be accessible to GatewayD. | `/tmp/gatewayd-plugin-sql-ids-ips.sock` |
| `METRICS_PATH` | The path for exposing metrics. | `/metrics` |
| `PREDICTION_API_ADDRESS` | The address for the prediction API server. | `http://localhost:8000` |
| `THRESHOLD` | The threshold for the prediction confidence score. | `0.8` |
| `ENABLE_LIBINJECTION` | Whether to enable syntax-based detection using `libinjection`. | `True` |
| `LIBINJECTION_PERMISSIVE_MODE` | Whether to enable permissive mode for `libinjection`. | `True` |
| `RESPONSE_TYPE` | The response type for SQL injection attempts. Choose between `error` or `empty`. | `error` |
| `ERROR_SEVERITY` | The severity level for the error response. | `EXCEPTION`. See [this](https://www.postgresql.org/docs/current/protocol-error-fields.html) for more information. |
| `ERROR_NUMBER` | The error number for the error response. | `42000`. See [this](https://www.postgresql.org/docs/current/errcodes-appendix.html) for more information. |
| `ERROR_MESSAGE` | The error message for the error response. | `SQL injection detected` |
| `ERROR_DETAIL` | The error detail for the error response. | `Back off, you're not welcome here.` |
| `LOG_LEVEL` | The log level for the plugin. | `error` |
| `SENTRY_DSN` | Sentry DSN. Set to empty string to disable Sentry. | `https://379ef59ea0c55742957b06c94bc496e1@o4504550475038720.ingest.us.sentry.io/4507282732810240` |
| Name | Description | Default |
| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
| `MAGIC_COOKIE_KEY` | The key for the magic cookie. | `GATEWAYD_PLUGIN` |
| `MAGIC_COOKIE_VALUE` | The value for the magic cookie. | `5712b87aa5d7e9f9e9ab643e6603181c5b796015cb1c09d6f5ada882bf2a1872` |
| `METRICS_ENABLED` | Whether to enable metrics. | `True` |
| `METRICS_UNIX_DOMAIN_SOCKET` | The path to the Unix domain socket for exposing metrics. This must be accessible to GatewayD. | `/tmp/gatewayd-plugin-sql-ids-ips.sock` |
| `METRICS_PATH` | The path for exposing metrics. | `/metrics` |
| `PREDICTION_API_ADDRESS` | The address for the prediction API server. | `http://localhost:8000` |
| `PREDICTION_TIMEOUT` | Timeout in seconds for the prediction API request. If the API does not respond within this time, the request falls back to libinjection (if enabled). | `10` |

Check failure on line 109 in plugins/gatewayd-plugin-sql-ids-ips.md

View workflow job for this annotation

GitHub Actions / Lint prose 

[vale] reported by reviewdog 🐶
[Vale.Spelling] Did you really mean 'libinjection'?

Raw Output:
{"message": "[Vale.Spelling] Did you really mean 'libinjection'?", "location": {"path": "plugins/gatewayd-plugin-sql-ids-ips.md", "range": {"start": {"line": 109, "column": 159}}}, "severity": "ERROR"}
| `THRESHOLD` | The threshold for the prediction confidence score. | `0.8` |
| `ENABLE_LIBINJECTION` | Whether to enable syntax-based detection using `libinjection`. | `True` |
| `LIBINJECTION_PERMISSIVE_MODE` | Whether to enable permissive mode for `libinjection`. | `True` |
| `RESPONSE_TYPE` | The response type for SQL injection attempts. Choose between `error` or `empty`. | `error` |
| `ERROR_SEVERITY` | The severity level for the error response. | `EXCEPTION`. See [this](https://www.postgresql.org/docs/current/protocol-error-fields.html) for more information. |
| `ERROR_NUMBER` | The error number for the error response. | `42000`. See [this](https://www.postgresql.org/docs/current/errcodes-appendix.html) for more information. |
| `ERROR_MESSAGE` | The error message for the error response. | `SQL injection detected` |
| `ERROR_DETAIL` | The error detail for the error response. | `Back off, you're not welcome here.` |
| `LOG_LEVEL` | The log level for the plugin. | `error` |
| `SENTRY_DSN` | Sentry DSN. Set to empty string to disable Sentry. | `https://379ef59ea0c55742957b06c94bc496e1@o4504550475038720.ingest.us.sentry.io/4507282732810240` |

### Command-line arguments

Expand Down
Loading