GuardianUnivalle-Benito-Yucra 0.1.14__py3-none-any.whl → 0.1.16__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.
- GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py +18 -8
- {guardianunivalle_benito_yucra-0.1.14.dist-info → guardianunivalle_benito_yucra-0.1.16.dist-info}/METADATA +1 -1
- {guardianunivalle_benito_yucra-0.1.14.dist-info → guardianunivalle_benito_yucra-0.1.16.dist-info}/RECORD +6 -6
- {guardianunivalle_benito_yucra-0.1.14.dist-info → guardianunivalle_benito_yucra-0.1.16.dist-info}/WHEEL +0 -0
- {guardianunivalle_benito_yucra-0.1.14.dist-info → guardianunivalle_benito_yucra-0.1.16.dist-info}/licenses/LICENSE +0 -0
- {guardianunivalle_benito_yucra-0.1.14.dist-info → guardianunivalle_benito_yucra-0.1.16.dist-info}/top_level.txt +0 -0
|
@@ -120,12 +120,15 @@ def detect_sqli_text(text: str) -> Tuple[bool, list]:
|
|
|
120
120
|
|
|
121
121
|
|
|
122
122
|
def get_client_ip(request):
|
|
123
|
-
|
|
123
|
+
"""
|
|
124
|
+
Retorna la IP del cliente, manejando proxies.
|
|
125
|
+
"""
|
|
124
126
|
x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
|
|
125
127
|
if x_forwarded_for:
|
|
126
|
-
|
|
128
|
+
# Puede contener varias IP separadas por coma
|
|
129
|
+
ip = x_forwarded_for.split(",")[0].strip()
|
|
127
130
|
else:
|
|
128
|
-
ip = request.META.get("REMOTE_ADDR")
|
|
131
|
+
ip = request.META.get("REMOTE_ADDR")
|
|
129
132
|
return ip
|
|
130
133
|
|
|
131
134
|
|
|
@@ -136,25 +139,32 @@ def get_client_ip(request):
|
|
|
136
139
|
|
|
137
140
|
class SQLIDefenseMiddleware(MiddlewareMixin):
|
|
138
141
|
def process_request(self, request):
|
|
139
|
-
|
|
140
|
-
|
|
142
|
+
# Obtener la IP del cliente
|
|
143
|
+
client_ip = get_client_ip(request)
|
|
144
|
+
|
|
145
|
+
# Obtener lista de IPs confiables desde settings
|
|
146
|
+
trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
|
|
147
|
+
|
|
148
|
+
# Si la IP está en la lista confiable, no hacemos nada
|
|
149
|
+
if client_ip in trusted_ips:
|
|
141
150
|
return None
|
|
142
151
|
|
|
152
|
+
# Extraemos el texto de la petición
|
|
143
153
|
text = extract_payload_text(request)
|
|
144
154
|
if not text:
|
|
145
155
|
return None
|
|
146
156
|
|
|
157
|
+
# Detectamos SQL Injection
|
|
147
158
|
flagged, matches = detect_sqli_text(text)
|
|
148
159
|
if flagged:
|
|
149
|
-
client_ip = get_client_ip(request) # obtener IP del atacante
|
|
150
160
|
logger.warning(
|
|
151
|
-
f"Ataque detectado desde IP {client_ip}: {matches}, payload: {text}"
|
|
161
|
+
f"Ataque SQL detectado desde IP {client_ip}: {matches}, payload: {text}"
|
|
152
162
|
)
|
|
153
|
-
|
|
154
163
|
return JsonResponse(
|
|
155
164
|
{"mensaje": "Ataque detectado", "tipos": matches, "ip": client_ip},
|
|
156
165
|
status=403,
|
|
157
166
|
)
|
|
167
|
+
|
|
158
168
|
return None
|
|
159
169
|
|
|
160
170
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: GuardianUnivalle-Benito-Yucra
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.16
|
|
4
4
|
Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
|
|
5
5
|
Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
|
|
6
6
|
License: MIT
|
|
@@ -7,14 +7,14 @@ GuardianUnivalle_Benito_Yucra/criptografia/kdf.py,sha256=_sbepEY1qHEKga0ExrX2WRg
|
|
|
7
7
|
GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py,sha256=EAYfLkHuxGC5rXSu4mZJ4yZDCbwBpTX8xZWGKz7i5wA,692
|
|
8
8
|
GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py,sha256=lMWmCw6nccCEnek53nVjpoBCeiBqLdrSXxqRuI7VP2I,696
|
|
9
9
|
GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py,sha256=rEDG-Q_R56OsG2ypfHVBK7erolYjdvATnAxB3yvPXts,729
|
|
10
|
-
GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=
|
|
10
|
+
GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=YTpQUTrGZPu_GMSt1kiQeZaSnqQBwQ9UMRUu2mQAWYs,6046
|
|
11
11
|
GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=66V_xuxNOZEwluvWOT4-6pk5MJ3zWE1IwcVkBl7MZSg,719
|
|
12
12
|
GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py,sha256=23pLLYqliUoMrIC6ZEwz3hKXeDjWfHSm9vYPWGmDDik,495
|
|
13
13
|
GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py,sha256=ipMOebYhql-6mSyHs0ddYXOcXq9w8P_IXLlpiIqGncw,246
|
|
14
14
|
GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py,sha256=6AYWII4mrmwCLHCvGTyoBxR4Oasr4raSHpFbVjqn7d8,193
|
|
15
15
|
GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py,sha256=Wx5XfcII4oweLvZsTBEJ7kUc9pMpP5-36RfI5C5KJXo,561
|
|
16
|
-
guardianunivalle_benito_yucra-0.1.
|
|
17
|
-
guardianunivalle_benito_yucra-0.1.
|
|
18
|
-
guardianunivalle_benito_yucra-0.1.
|
|
19
|
-
guardianunivalle_benito_yucra-0.1.
|
|
20
|
-
guardianunivalle_benito_yucra-0.1.
|
|
16
|
+
guardianunivalle_benito_yucra-0.1.16.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
|
|
17
|
+
guardianunivalle_benito_yucra-0.1.16.dist-info/METADATA,sha256=kRbYVXUib-W_0w5djy5GqeasNPG0RWeQccMdHooYKF8,1893
|
|
18
|
+
guardianunivalle_benito_yucra-0.1.16.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
19
|
+
guardianunivalle_benito_yucra-0.1.16.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
|
|
20
|
+
guardianunivalle_benito_yucra-0.1.16.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|