[FEATURE][PLUGIN]: Create Code Safety Linter plugin

[crivetimihai]

Overview

Create a Code Safety Linter Plugin that detects unsafe code patterns in tool outputs to prevent execution of potentially dangerous commands.

Plugin Requirements

Plugin Details

• Name: CodeSafetyLinterPlugin
• Type: Self-contained (native) plugin
• File Location: plugins/code_safety_linter/
• Complexity: Medium

Functionality

• Detect unsafe code patterns using regex and AST analysis
• Block or warn on dangerous function calls and commands
• Configurable pattern matching with severity levels
• Support for multiple programming languages
• Allowlist management for safe patterns

Hook Integration

• Primary Hooks: tool_post_invoke
• Purpose: Scan tool outputs for unsafe code patterns before returning to user
• Behavior: Block dangerous code or add warnings based on configuration

Configuration Schema

plugins:
  - name: "CodeSafetyLinter"
    kind: "plugins.code_safety_linter.linter.CodeSafetyLinterPlugin"
    description: "Detect unsafe code patterns in tool outputs"
    version: "0.1.0"
    hooks: ["tool_post_invoke"]
    mode: "enforce"
    priority: 15
    conditions:
      - tool_names: ["code_generator", "script_executor", "shell_command"]
    config:
      # Pattern detection settings
      blocked_patterns:
        - pattern: "\\beval\\s*\\("
          severity: "high"
          message: "Use of eval() function detected - potential code injection risk"
          languages: ["python", "javascript"]
        - pattern: "\\bexec\\s*\\("
          severity: "high" 
          message: "Use of exec() function detected - potential code execution risk"
          languages: ["python"]
        - pattern: "\\bos\\.system\\s*\\("
          severity: "critical"
          message: "Use of os.system() detected - shell injection vulnerability"
          languages: ["python"]
        - pattern: "\\bsubprocess\\.(Popen|call|run)\\s*\\("
          severity: "medium"
          message: "Subprocess execution detected - review for shell injection"
          languages: ["python"]
        - pattern: "\\brm\\s+-rf\\b"
          severity: "critical"
          message: "Dangerous rm -rf command detected"
          languages: ["bash", "shell"]
        - pattern: "\\$\\(.*\\)"
          severity: "medium"
          message: "Command substitution detected"
          languages: ["bash", "shell"]
        - pattern: "__import__\\s*\\("
          severity: "high"
          message: "Dynamic import detected - potential security risk"
          languages: ["python"]
      
      # Language-specific settings
      language_detection:
        auto_detect: true
        explicit_markers:
          python: ["```python", "#!/usr/bin/env python"]
          javascript: ["```javascript", "```js"]
          bash: ["```bash", "```shell", "#!/bin/bash"]
          sql: ["```sql"]
      
      # Response handling
      severity_actions:
        critical: "block"     # Block output completely
        high: "block"         # Block output completely  
        medium: "warn"        # Add warning but allow output
        low: "log"           # Log only, no user notification
      
      # Allowlist management
      allowlist:
        patterns:
          - "subprocess.run\\(\\[.*\\], shell=False"  # Safe subprocess usage
          - "eval\\(.*validate_input\\("              # Validated eval usage
        contexts:
          - tool_names: ["trusted_executor"]
            allow_all_patterns: true
          - server_ids: ["development"]
            severity_override:
              critical: "warn"
              high: "warn"
      
      # Advanced analysis
      ast_analysis:
        enabled: true
        languages: ["python"]
        check_imports: true
        check_function_calls: true
        check_exec_statements: true
      
      # Reporting and metrics
      reporting:
        log_detections: true
        include_context: true
        metrics_enabled: true
        alert_on_critical: true

Implementation Requirements

File Structure

plugins/code_safety_linter/
├── __init__.py
├── linter.py               # Main plugin class
├── detectors/              # Pattern detection engines
│   ├── __init__.py
│   ├── regex_detector.py   # Regex pattern matching
│   ├── ast_analyzer.py     # AST-based analysis
│   └── language_detector.py # Programming language detection
├── patterns/               # Pattern definitions
│   ├── __init__.py
│   ├── python_patterns.py  # Python-specific unsafe patterns
│   ├── javascript_patterns.py # JavaScript patterns
│   ├── shell_patterns.py   # Shell/Bash patterns
│   └── sql_patterns.py     # SQL injection patterns
├── allowlist.py           # Allowlist management
├── severity.py            # Severity assessment logic
├── plugin-manifest.yaml   # Plugin metadata
└── README.md              # Usage documentation

Core Features

1. Multi-Language Pattern Detection

   • Python: eval, exec, import, os.system, subprocess
   • JavaScript: eval, Function constructor, innerHTML assignment
   • Shell/Bash: rm -rf, curl pipes, command substitution
   • SQL: Union-based injections, stacked queries

2. Advanced Analysis

   • AST parsing for context-aware detection
   • Language detection from code markers
   • Severity scoring based on risk level
   • Context-sensitive pattern matching

3. Flexible Response Handling

   • Block critical vulnerabilities
   • Warn on medium-risk patterns
   • Log low-risk detections
   • Configurable severity thresholds

4. Enterprise Features

   • Allowlist management with pattern matching
   • Per-environment severity overrides
   • Detailed audit logging
   • Integration with security monitoring

Usage Examples

Python Code Analysis

# Tool output with dangerous pattern
output = '''
def process_data(user_input):
    result = eval(user_input)  # Dangerous!
    return result
'''

# Plugin detects eval() usage
# Result: Output blocked with security warning

Shell Command Detection

# Tool output with dangerous shell command
output = '''
#!/bin/bash
rm -rf /important/data/*
'''

# Plugin detects dangerous rm -rf command
# Result: Output blocked with critical security alert

Safe Pattern Allowlist

# Tool output with safe subprocess usage
output = '''
import subprocess
result = subprocess.run(["ls", "-la"], shell=False, capture_output=True)
'''

# Plugin recognizes safe subprocess pattern from allowlist
# Result: Output allowed without warnings

Security Features

• Comprehensive Pattern Database: Covers major vulnerability classes
• Context-Aware Analysis: Reduces false positives through AST analysis
• Configurable Severity: Adjust response based on risk tolerance
• Audit Trail: Complete logging of all detections and actions

Testing Requirements

• Unit tests for all pattern detection engines
• Language-specific test cases for each supported language
• False positive/negative rate testing
• Performance tests with large code outputs
• Integration tests with real-world code samples
• Security bypass testing

Documentation Requirements

• Plugin configuration guide with pattern examples
• Secure coding best practices
• Language-specific security guidelines
• Custom pattern development guide

Acceptance Criteria

• Plugin implements CodeSafetyLinterPlugin class
• Supports regex and AST-based pattern detection
• Detects unsafe patterns in multiple programming languages
• Configurable severity levels and response actions
• Allowlist management with pattern matching
• Context-aware analysis to reduce false positives
• Comprehensive audit logging
• Plugin manifest and documentation created
• Unit tests with >95% coverage
• Security testing for bypass attempts
• Performance benchmarks for large code analysis

Priority

High - Critical security feature

Dependencies

• AST parsing libraries for supported languages
• Regex optimization libraries
• Language detection utilities
• Logging and metrics collection

Security Considerations

• Plugin must not introduce vulnerabilities in pattern matching
• Secure handling of detected dangerous code
• Rate limiting for analysis operations
• Audit trail for all security decisions