[Plugin] Create File Type Allowlist Plugin using Plugin Framework #996
Description
Overview
Create a File Type Allowlist Plugin that restricts resource access to only configured file types and MIME types for enhanced security.
Plugin Requirements
Plugin Details
- Name: FileTypeAllowlistPlugin
- Type: Self-contained (native) plugin
- File Location:
plugins/file_type_allowlist/ - Complexity: Low-Medium
Functionality
- Filter resources by MIME type and file extension
- Configurable allowlist for permitted file types
- Block access to potentially dangerous file types
- Support for MIME type detection and validation
- Custom error messages for blocked file types
Hook Integration
- Primary Hooks:
resource_pre_fetch,resource_post_fetch - Purpose: Prevent access to unauthorized file types
- Behavior: Block resource access if file type is not in allowlist
Configuration Schema
plugins:
- name: "FileTypeAllowlist"
kind: "plugins.file_type_allowlist.filter.FileTypeAllowlistPlugin"
description: "Allow only configured file types for resources"
version: "0.1.0"
hooks: ["resource_pre_fetch", "resource_post_fetch"]
mode: "enforce"
priority: 20
conditions:
- resource_schemes: ["file", "http", "https"]
config:
# Allowed MIME types
allowed_mime_types:
- "text/plain"
- "text/markdown"
- "text/html"
- "text/csv"
- "application/json"
- "application/xml"
- "text/xml"
- "application/yaml"
- "text/yaml"
- "application/pdf"
- "image/png"
- "image/jpeg"
- "image/gif"
- "image/webp"
# Allowed file extensions
allowed_extensions:
- ".md"
- ".txt"
- ".html"
- ".htm"
- ".json"
- ".xml"
- ".yaml"
- ".yml"
- ".csv"
- ".pdf"
- ".png"
- ".jpg"
- ".jpeg"
- ".gif"
- ".webp"
# Blocked patterns (takes precedence over allowlist)
blocked_patterns:
- "*.exe"
- "*.bat"
- "*.cmd"
- "*.ps1"
- "*.sh"
- "*.scr"
- "*.com"
- "*.pif"
# MIME type detection settings
mime_detection:
enabled: true
use_magic_numbers: true
validate_extension_match: true
trust_content_type_header: false
# Error handling
error_handling:
block_message: "File type not allowed by security policy"
include_allowed_types: true
log_blocked_attempts: true
# Special handling for different resource types
resource_type_overrides:
web_resources:
schemes: ["http", "https"]
additional_mime_types:
- "application/javascript"
- "text/css"
local_files:
schemes: ["file"]
strict_extension_check: true
# Content validation
content_validation:
max_file_size_mb: 100
scan_content_headers: true
validate_encoding: true
# Allowlist exceptions
exceptions:
- resource_patterns: ["https://trusted-domain.com/*"]
allow_all_types: true
- user_roles: ["admin", "developer"]
additional_extensions: [".py", ".js", ".sql"]Implementation Requirements
File Structure
plugins/file_type_allowlist/
├── __init__.py
├── filter.py # Main plugin class
├── mime_detector.py # MIME type detection and validation
├── extension_checker.py # File extension validation
├── content_validator.py # Content-based validation
├── exceptions.py # Exception handling logic
├── plugin-manifest.yaml # Plugin metadata
└── README.md # Usage documentation
Core Features
-
Multi-layered Validation
- MIME type checking using magic numbers
- File extension validation
- Content-Type header verification
- File size limitations
-
Comprehensive File Type Support
- Text formats: TXT, MD, HTML, CSV
- Data formats: JSON, XML, YAML
- Document formats: PDF
- Image formats: PNG, JPEG, GIF, WebP
- Custom MIME type definitions
-
Security-First Approach
- Blocklist for dangerous file types
- Magic number validation to prevent spoofing
- Extension/MIME type consistency checking
- Content encoding validation
-
Flexible Configuration
- Per-resource-type overrides
- User role-based exceptions
- Trusted domain allowlists
- Custom error messages
Usage Examples
Basic File Type Filtering
# Resource request for allowed file type
resource_uri: "https://example.com/document.pdf"
# MIME type: application/pdf
# Extension: .pdf
# Result: Allowed (both in allowlist)Blocked Executable File
# Resource request for dangerous file type
resource_uri: "https://malicious.com/virus.exe"
# MIME type: application/x-msdownload
# Extension: .exe
# Result: Blocked (executable file blocked)MIME/Extension Mismatch Detection
# Resource with spoofed extension
resource_uri: "https://suspicious.com/document.txt"
# Actual MIME type: application/x-executable
# Declared extension: .txt
# Result: Blocked (MIME/extension mismatch)Security Features
- Anti-Spoofing: Magic number validation prevents file type spoofing
- Comprehensive Blocklist: Blocks known dangerous file types
- Content Validation: Verifies file content matches declared type
- Size Limitations: Prevents resource exhaustion attacks
Testing Requirements
- Unit tests for MIME type detection accuracy
- File extension validation tests
- Magic number verification tests
- Spoofing attempt detection tests
- Performance tests with various file sizes
- Integration tests with different resource schemes
Documentation Requirements
- Plugin configuration guide with file type examples
- Security best practices for file type filtering
- MIME type reference documentation
- Troubleshooting guide for blocked files
Acceptance Criteria
- Plugin implements FileTypeAllowlistPlugin class
- Supports MIME type and file extension validation
- Magic number detection for anti-spoofing
- Configurable allowlist and blocklist management
- Resource type-specific overrides
- User role-based exceptions
- Comprehensive error handling and logging
- Plugin manifest and documentation created
- Unit tests with >90% coverage
- Security testing for spoofing attempts
- Performance benchmarks for large files
Priority
High - Important security feature
Dependencies
- python-magic for MIME type detection
- File type detection libraries
- Content validation utilities
- Pattern matching libraries
Security Considerations
- Prevent file type spoofing through magic number validation
- Secure handling of blocked file access attempts
- Audit logging for security monitoring
- Performance optimization to prevent DoS