GuardianUnivalle-Benito-Yucra 0.1.19__tar.gz → 0.1.21__tar.gz

{guardianunivalle_benito_yucra-0.1.19 → guardianunivalle_benito_yucra-0.1.21}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py

@@ -1,4 +1,3 @@
-from django.http import JsonResponse
 from django.utils.deprecation import MiddlewareMixin
 from django.conf import settings
 import logging, re, json
@@ -10,7 +9,7 @@ if not logger.handlers:
     handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
     logger.addHandler(handler)
 
-# Patrones de ataque SQL
+# 🔹 Patrones de ataque SQL
 PATTERNS = [
     (re.compile(r"\bunion\b\s+(all\s+)?\bselect\b", re.I), "UNION SELECT"),
     (
@@ -44,12 +43,12 @@ def extract_payload_text(request):
     return " ".join([p for p in parts if p])
 
 
-def detect_sqli_text(text):
-    matches = []
-    for patt, message in PATTERNS:
+def detect_sql_attack(text):
+    descripcion = []
+    for patt, msg in PATTERNS:
         if patt.search(text):
-            matches.append(message)
-    return (len(matches) > 0, matches)
+            descripcion.append(msg)
+    return (len(descripcion) > 0, descripcion)
 
 
 def get_client_ip(request):
@@ -63,26 +62,30 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
     def process_request(self, request):
         client_ip = get_client_ip(request)
         trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
+        exempt_paths = getattr(settings, "SQLI_DEFENSE_EXEMPT_PATHS", [])
 
         if client_ip in trusted_ips:
             return None
+        # 2️⃣ Permitir rutas exentas
+        for path in exempt_paths:
+            if request.path.startswith(path):
+                return None
 
         text = extract_payload_text(request)
         if not text:
             return None
 
-        flagged, matches = detect_sqli_text(text)
+        flagged, descripcion = detect_sql_attack(text)
         if flagged:
-            # Guardamos los datos del ataque en el request
+            # Solo tipo SQL, descripción con los patrones detectados
             request.sql_attack_info = {
                 "ip": client_ip,
-                "tipos": matches,
+                "tipos": ["SQL"],
+                "descripcion": descripcion,
                 "payload": text,
             }
-
             logger.warning(
-                f"Ataque SQL detectado desde IP {client_ip}: {matches}, payload: {text}"
+                f"Ataque SQL detectado desde IP {client_ip}: {descripcion}, payload: {text}"
             )
-
-            # 👉 Aquí ya NO devolvemos JsonResponse
+            # No devolvemos JsonResponse, solo marcamos el ataque
             return None

{guardianunivalle_benito_yucra-0.1.19 → guardianunivalle_benito_yucra-0.1.21}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.19
+Version: 0.1.21
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.19 → guardianunivalle_benito_yucra-0.1.21}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.19
+Version: 0.1.21
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.19 → guardianunivalle_benito_yucra-0.1.21}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.19"
+version = "0.1.21"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }