feat: add rust validation middleware sidecar

Signed-off-by: lucarlig <luca.carlig@ibm.com>

Author: lucarlig

.secrets.baseline

@@ -349,6 +349,10 @@ class Settings(BaseSettings):
 
     # Security Validation & Sanitization
     experimental_validate_io: bool = Field(default=False, description="Enable experimental input validation and output sanitization")
+    experimental_rust_validation_middleware_enabled: bool = Field(
+        default=False,
+        description="Enable experimental Rust sidecar for recursive validation middleware JSON checks",
+    )
     validation_middleware_enabled: bool = Field(default=False, description="Enable validation middleware for all requests")
     validation_strict: bool = Field(default=True, description="Strict validation mode - reject on violations")
     sanitize_output: bool = Field(default=True, description="Sanitize output to remove control characters")

mcpgateway/config.py

@@ -17,6 +17,7 @@
 """
 
 # Standard
+import importlib
 import logging
 from pathlib import Path
 import re
@@ -32,6 +33,8 @@
 
 logger = logging.getLogger(__name__)
 
+_RUST_VALIDATION_MODULE = None
+
 
 def is_path_traversal(uri: str) -> bool:
     """Check if URI contains path traversal patterns.
@@ -165,6 +168,17 @@ def _validate_json_data(self, data: Any):
         Raises:
             HTTPException: If validation fails in strict mode
         """
+        if getattr(settings, "experimental_rust_validation_middleware_enabled", False) is True:
+            result = self._load_rust_validation_module().validate_json_data(data, settings.max_param_length, list(settings.dangerous_patterns))
+            if result is not None:
+                key, error_type = result
+                if error_type == "max_length":
+                    raise HTTPException(status_code=422, detail=f"Parameter {key} exceeds maximum length")
+                if error_type == "dangerous_pattern":
+                    raise HTTPException(status_code=422, detail=f"Parameter {key} contains dangerous characters")
+                raise HTTPException(status_code=422, detail=f"Parameter {key} failed validation")
+            return
+
         if isinstance(data, dict):
             for key, value in data.items():
                 if isinstance(value, str):
@@ -175,6 +189,14 @@ def _validate_json_data(self, data: Any):
             for item in data:
                 self._validate_json_data(item)
 
+    def _load_rust_validation_module(self):
+        """Load the experimental Rust validation sidecar on demand."""
+        global _RUST_VALIDATION_MODULE
+
+        if _RUST_VALIDATION_MODULE is None:
+            _RUST_VALIDATION_MODULE = importlib.import_module("validation_middleware_sidecar")
+        return _RUST_VALIDATION_MODULE
+
     def validate_resource_path(self, path: str) -> str:
         """Validate and normalize resource paths to prevent traversal attacks.
 

mcpgateway/middleware/validation_middleware.py

@@ -0,0 +1,144 @@
+# -*- coding: utf-8 -*-
+"""Benchmark the validation middleware Rust sidecar against the Python path."""
+
+# Standard
+from __future__ import annotations
+
+import importlib
+import re
+import statistics
+import subprocess
+import time
+from pathlib import Path
+from typing import Any, Callable
+
+# Third-Party
+from fastapi import HTTPException
+
+# First-Party
+from mcpgateway.config import settings
+from mcpgateway.middleware.validation_middleware import ValidationMiddleware
+
+REPO_ROOT = Path(__file__).resolve().parents[2]
+SIDECAR_MANIFEST = REPO_ROOT / "tools_rust" / "validation_middleware_sidecar" / "Cargo.toml"
+
+
+def _ensure_sidecar_installed() -> Any:
+    subprocess.run(["uv", "run", "maturin", "develop", "--release", "--manifest-path", str(SIDECAR_MANIFEST)], check=True, cwd=REPO_ROOT)
+    return importlib.import_module("validation_middleware_sidecar")
+
+
+def _build_python_validator(max_param_length: int, dangerous_patterns: list[str]) -> Callable[[Any], None]:
+    settings.max_param_length = max_param_length
+    settings.dangerous_patterns = dangerous_patterns
+    settings.experimental_rust_validation_middleware_enabled = False
+    settings.environment = "production"
+    middleware = ValidationMiddleware(app=None)
+    middleware.dangerous_patterns = [re.compile(pattern) for pattern in dangerous_patterns]
+
+    def _run(data: Any) -> None:
+        middleware._validate_json_data(data)
+
+    return _run
+
+
+def _build_rust_validator(max_param_length: int, dangerous_patterns: list[str]) -> Callable[[Any], None]:
+    sidecar = _ensure_sidecar_installed()
+    settings.max_param_length = max_param_length
+    settings.dangerous_patterns = dangerous_patterns
+    settings.environment = "production"
+
+    def _run(data: Any) -> None:
+        result = sidecar.validate_json_data(data, max_param_length, dangerous_patterns)
+        if result is None:
+            return
+        key, error_type = result
+        if error_type == "max_length":
+            raise HTTPException(status_code=422, detail=f"Parameter {key} exceeds maximum length")
+        raise HTTPException(status_code=422, detail=f"Parameter {key} contains dangerous characters")
+
+    return _run
+
+
+def _measure(label: str, fn: Callable[[Any], None], payload: Any, iterations: int) -> tuple[float, float]:
+    samples = []
+    for _ in range(iterations):
+        started = time.perf_counter_ns()
+        try:
+            fn(payload)
+        except HTTPException:
+            pass
+        samples.append(time.perf_counter_ns() - started)
+
+    median_ms = statistics.median(samples) / 1_000_000
+    p95_ms = statistics.quantiles(samples, n=100)[94] / 1_000_000
+    print(f"{label}: median={median_ms:.3f}ms p95={p95_ms:.3f}ms")
+    return median_ms, p95_ms
+
+
+def _assert_parity(python_fn: Callable[[Any], None], rust_fn: Callable[[Any], None], payloads: list[Any]) -> None:
+    for payload in payloads:
+        python_error = None
+        rust_error = None
+
+        try:
+            python_fn(payload)
+        except HTTPException as exc:
+            python_error = (exc.status_code, exc.detail)
+
+        try:
+            rust_fn(payload)
+        except HTTPException as exc:
+            rust_error = (exc.status_code, exc.detail)
+
+        if python_error != rust_error:
+            raise AssertionError(f"Parity mismatch for payload {payload!r}: python={python_error!r} rust={rust_error!r}")
+
+
+def main() -> None:
+    max_param_length = 1024
+    dangerous_patterns = [r"[;&|`$(){}\[\]<>]", r"\.\.[\\/]", r"[\x00-\x1f\x7f-\x9f]"]
+
+    python_fn = _build_python_validator(max_param_length, dangerous_patterns)
+    rust_fn = _build_rust_validator(max_param_length, dangerous_patterns)
+
+    parity_payloads = [
+        {"name": "safe", "nested": {"description": "still safe"}},
+        {"prompt": "<script>alert(1)</script>"},
+        {"outer": {"inner": "a" * 2048}},
+    ]
+    _assert_parity(python_fn, rust_fn, parity_payloads)
+
+    scenarios = [
+        (
+            "nested_safe",
+            {
+                "tool": {
+                    "name": "safe-tool",
+                    "description": "ok" * 32,
+                    "metadata": [{"field": "value" * 8} for _ in range(256)],
+                }
+            },
+            400,
+        ),
+        (
+            "deep_nested",
+            {"batch": [{"payload": {"name": f"item-{index}", "content": ("alpha-beta-gamma-" * 16)}} for index in range(512)]},
+            250,
+        ),
+        (
+            "dangerous_string",
+            {"batch": [{"payload": {"name": f"item-{index}", "content": "safe-content"}} for index in range(511)] + [{"payload": {"name": "bad", "content": "<script>alert(1)</script>"}}]},
+            250,
+        ),
+    ]
+
+    for name, payload, iterations in scenarios:
+        print(f"\n{name} ({iterations} iterations)")
+        python_median, _ = _measure("python", python_fn, payload, iterations)
+        rust_median, _ = _measure("rust", rust_fn, payload, iterations)
+        print(f"speedup={python_median / rust_median:.2f}x")
+
+
+if __name__ == "__main__":
+    main()

tests/performance/test_validation_middleware_sidecar_benchmark.py

@@ -8,7 +8,6 @@
 """
 
 # Standard
-import re
 from unittest.mock import AsyncMock, MagicMock, patch
 
 # Third-Party
@@ -350,6 +349,45 @@ def test_validate_json_data_list(self):
             # Should not raise for valid data
             middleware._validate_json_data([{"name": "item1"}, {"name": "item2"}])
 
+    def test_validate_json_data_uses_rust_sidecar_when_enabled(self):
+        """Test JSON validation uses the Rust sidecar when explicitly enabled."""
+        with patch("mcpgateway.middleware.validation_middleware.settings") as mock_settings:
+            mock_settings.experimental_validate_io = True
+            mock_settings.experimental_rust_validation_middleware_enabled = True
+            mock_settings.validation_strict = True
+            mock_settings.sanitize_output = False
+            mock_settings.allowed_roots = []
+            mock_settings.dangerous_patterns = [r"<script"]
+            mock_settings.max_param_length = 1000
+            mock_settings.environment = "production"
+
+            middleware = ValidationMiddleware(app=None)
+            rust_module = MagicMock()
+            rust_module.validate_json_data.return_value = None
+
+            with patch.object(middleware, "_load_rust_validation_module", return_value=rust_module):
+                middleware._validate_json_data({"name": "safe"})
+
+            rust_module.validate_json_data.assert_called_once_with({"name": "safe"}, 1000, [r"<script"])
+
+    def test_validate_json_data_missing_sidecar_is_hard_failure_when_enabled(self):
+        """Test Rust mode fails hard when the sidecar cannot be loaded."""
+        with patch("mcpgateway.middleware.validation_middleware.settings") as mock_settings:
+            mock_settings.experimental_validate_io = True
+            mock_settings.experimental_rust_validation_middleware_enabled = True
+            mock_settings.validation_strict = True
+            mock_settings.sanitize_output = False
+            mock_settings.allowed_roots = []
+            mock_settings.dangerous_patterns = [r"<script"]
+            mock_settings.max_param_length = 1000
+            mock_settings.environment = "production"
+
+            middleware = ValidationMiddleware(app=None)
+
+            with patch.object(middleware, "_load_rust_validation_module", side_effect=ModuleNotFoundError("missing sidecar")):
+                with pytest.raises(ModuleNotFoundError, match="missing sidecar"):
+                    middleware._validate_json_data({"name": "<script>"})
+
     def test_validate_resource_path_traversal(self):
         """Test resource path validation for traversal."""
         with patch("mcpgateway.middleware.validation_middleware.settings") as mock_settings:

tests/unit/mcpgateway/middleware/test_validation_middleware.py

@@ -0,0 +1,14 @@
+[package]
+name = "validation_middleware_sidecar"
+version = "0.1.0"
+edition = "2021"
+license = "Apache-2.0"
+
+[lib]
+name = "validation_middleware_sidecar"
+crate-type = ["cdylib"]
+
+[dependencies]
+once_cell = "1.21.3"
+pyo3 = { version = "0.27.1", features = ["extension-module"] }
+regex = "1.12.2"

tools_rust/validation_middleware_sidecar/Cargo.toml

@@ -0,0 +1,12 @@
+[build-system]
+requires = ["maturin>=1.8,<2.0"]
+build-backend = "maturin"
+
+[project]
+name = "validation-middleware-sidecar"
+version = "0.1.0"
+requires-python = ">=3.11"
+
+[tool.maturin]
+module-name = "validation_middleware_sidecar"
+bindings = "pyo3"