Input validation and auth middleware for PLATO fleet services

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for superinstance from gravatar.com superinstance

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Requires: Python >=3.9
  • Provides-Extra: dev
Report project as malware

Project description

plato-input-sanitizer

Input validation and authentication middleware for PLATO fleet services.

Components

input_sanitizer — Defense-in-depth input validation

  • Agent name sanitization (XSS, SQL injection, path traversal blocking)
  • Room name validation (whitelist characters)
  • Content sanitization (null bytes, length limits)
  • Tile submission validation (required fields, answer min-length)

auth — Bearer token authentication with rate limiting

  • Simple shared-secret Bearer token auth
  • Per-agent rate limiting (configurable RPM for reads vs writes)
  • Timing-safe token comparison
  • Modes: token (enforce), open (dev), permissive (log-only)

Install

pip install plato-input-sanitizer

Usage

from plato_input_sanitizer import sanitize_agent_name, sanitize_tile_submission
from plato_input_sanitizer.auth import AuthMiddleware

# Validate inputs
name = sanitize_agent_name("agent-42")  # raises ValueError if bad

# Auth middleware
auth = AuthMiddleware.from_env()  # reads PLATO_API_KEY
if not auth.validate(request.headers.get("Authorization", "")):
    return 401, {"error": "Unauthorized"}

if not auth.check_rate_limit(agent_name, is_write=True):
    return 429, {"error": "Rate limited"}

Security Audit Response

Created in response to external security audit findings:

  • CRITICAL-5: Stored XSS via agent names → sanitize_agent_name() with HTML escaping
  • HIGH-4: Path traversal in multiple services → injection pattern blocking
  • HIGH-3: Rate limit bypass via agent rotation → per-agent rate limiting with timing enforcement

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for superinstance from gravatar.com superinstance

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Requires: Python >=3.9
  • Provides-Extra: dev

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

plato_input_sanitizer-0.1.0.tar.gz (5.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

plato_input_sanitizer-0.1.0-py3-none-any.whl (6.2 kB view details)

Uploaded Python 3

File details

Details for the file plato_input_sanitizer-0.1.0.tar.gz.

File metadata

  • Download URL: plato_input_sanitizer-0.1.0.tar.gz
  • Upload date:
  • Size: 5.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.10.12

File hashes

Hashes for plato_input_sanitizer-0.1.0.tar.gz
Algorithm Hash digest
SHA256 cd6b8690e1629eb5dbf4e44a3c9fc78e8cfe89b4b9d5e017e2fac8f77a0cd3f1
MD5 c6fbe79b9f3dbaceffc6c580a5925385
BLAKE2b-256 7f53e41605dd6b74c78c2e88b15c94dc16b08c1fb43eb57eeba2a775bf6ed50e

See more details on using hashes here.

File details

Details for the file plato_input_sanitizer-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for plato_input_sanitizer-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0fd3aaff27ee0006a974a07d41c01d1e37c06575dbe02a476a43e44a6df9f437
MD5 2b09ad86e18aaf0ed6556873d0355a4e
BLAKE2b-256 692c474544ae115fd5d611d53b1588231afb0329bbaf2182e5f57d9840594f8d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page