GuardianUnivalle-Benito-Yucra 0.1.26__py3-none-any.whl → 0.1.28__py3-none-any.whl

GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py

@@ -62,33 +62,17 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
     def process_request(self, request):
         client_ip = get_client_ip(request)
         trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
-        trusted_domains = getattr(settings, "SQLI_DEFENSE_TRUSTED_DOMAINS", [])
 
-        # ✅ Si la IP está permitida → dejar pasar
         if client_ip in trusted_ips:
             return None
 
-        # ✅ Revisar el dominio de origen
-        origin = request.META.get("HTTP_ORIGIN", "")
-        referer = request.META.get("HTTP_REFERER", "")
-
-        # extraemos solo el host (sin protocolo http/https)
-        def get_domain(url):
-            return url.replace("http://", "").replace("https://", "").split("/")[0]
-
-        origin_domain = get_domain(origin) if origin else ""
-        referer_domain = get_domain(referer) if referer else ""
-
-        if origin_domain in trusted_domains or referer_domain in trusted_domains:
-            return None  # → confiable, dejamos pasar
-
-        # 🔍 Analizamos payload
         text = extract_payload_text(request)
         if not text:
             return None
 
         flagged, descripcion = detect_sql_attack(text)
         if flagged:
+            # Solo tipo SQL, descripción con los patrones detectados
             request.sql_attack_info = {
                 "ip": client_ip,
                 "tipos": ["SQL"],
@@ -100,4 +84,5 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
                 f"Ataque SQL detectado desde IP {client_ip}: {descripcion}, payload: {text}"
             )
 
+            # No devolvemos JsonResponse, solo marcamos el ataque
             return None

GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py

@@ -1,15 +1,163 @@
-import html
-from ..auditoria.registro_auditoria import registrar_evento
-
-def sanitizar_xss(entrada: str) -> str:
-    return html.escape(entrada)
-
-def detectar_xss(entrada: str) -> bool:
-    patrones = ["<script", "javascript:", "onerror", "onload"]
-    if any(p in entrada.lower() for p in patrones):
-        registrar_evento("XSS", f"Ataque detectado: {entrada}")
-        return True
-    return False
+"""
+detector_xss.py (version separada con IPs confiables independientes)
+"""
+
+from __future__ import annotations
+import json
+import logging
+import re
+from typing import List, Tuple
+
+from django.conf import settings
+from django.http import JsonResponse
+from django.utils.deprecation import MiddlewareMixin
+
+# Logger
+logger = logging.getLogger("xssdefense")
+logger.setLevel(logging.INFO)
+if not logger.handlers:
+    handler = logging.StreamHandler()
+    handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
+    logger.addHandler(handler)
+
+# Intentar usar bleach si está disponible
+try:
+    import bleach
+
+    _BLEACH_AVAILABLE = True
+except Exception:
+    _BLEACH_AVAILABLE = False
+
+# Patrones de detección XSS
+XSS_PATTERNS: List[Tuple[re.Pattern, str]] = [
+    (re.compile(r"<\s*script\b", re.I), "Etiqueta <script>"),
+    (re.compile(r"on\w+\s*=", re.I), "Atributo evento (on*)"),
+    (re.compile(r"javascript:\s*", re.I), "URI javascript:"),
+    (re.compile(r"<\s*iframe\b", re.I), "Etiqueta <iframe>"),
+    (re.compile(r"<\s*embed\b", re.I), "Etiqueta <embed>"),
+]
+
+
+# Funciones auxiliares
+def detect_xss_text(text: str) -> Tuple[bool, List[str]]:
+    matches: List[str] = []
+    if not text:
+        return False, matches
+    for patt, message in XSS_PATTERNS:
+        if patt.search(text):
+            matches.append(message)
+    return len(matches) > 0, matches
+
+
+def sanitize_input_basic(text: str) -> str:
+    if text is None:
+        return text
+    if _BLEACH_AVAILABLE:
+        return bleach.clean(text, tags=[], attributes={}, protocols=[], strip=True)
+    replacements = [
+        ("&", "&amp;"),
+        ("<", "&lt;"),
+        (">", "&gt;"),
+        ('"', "&quot;"),
+        ("'", "&#x27;"),
+        ("/", "&#x2F;"),
+    ]
+    result = text
+    for old, new in replacements:
+        result = result.replace(old, new)
+    return result
+
+
+def extract_payload_text(request) -> str:
+    parts: List[str] = []
+    try:
+        ct = request.META.get("CONTENT_TYPE", "")
+        if "application/json" in ct:
+            parts.append(
+                json.dumps(
+                    json.loads(request.body.decode("utf-8") or "{}"), ensure_ascii=False
+                )
+            )
+        else:
+            parts.append(request.body.decode("utf-8", errors="ignore"))
+    except Exception:
+        pass
+    qs = request.META.get("QUERY_STRING", "")
+    if qs:
+        parts.append(qs)
+    parts.append(request.META.get("HTTP_USER_AGENT", ""))
+    parts.append(request.META.get("HTTP_REFERER", ""))
+    return " ".join([p for p in parts if p])
+
+
+# Middleware XSS
+class XSSDefenseMiddleware(MiddlewareMixin):
+    """
+    Middleware Django que detecta XSS en IPs no confiables.
+    """
+
+    def process_request(self, request):
+        # 1) Obtener IP confiable específica para XSS
+        trusted_ips: List[str] = getattr(settings, "XSS_DEFENSE_TRUSTED_IPS", [])
+        ip = request.META.get("REMOTE_ADDR", "")
+        if ip in trusted_ips:
+            return None  # IP confiable → no analizar
+
+        # 2) Verificar rutas excluidas
+        excluded_paths: List[str] = getattr(settings, "XSS_DEFENSE_EXCLUDED_PATHS", [])
+        if any(request.path.startswith(p) for p in excluded_paths):
+            return None
+
+        # 3) Extraer payload
+        payload = extract_payload_text(request)
+        if not payload:
+            return None
+
+        # 4) Detectar XSS
+        flagged, matches = detect_xss_text(payload)
+        if not flagged:
+            return None
+
+        logger.warning(
+            "XSS detectado desde IP %s: %s ; payload truncated: %.200s",
+            ip,
+            matches,
+            payload,
+        )
+
+        # 5) Sanitizar si está configurado
+        if getattr(settings, "XSS_DEFENSE_SANITIZE_INPUT", False):
+            try:
+                if hasattr(request, "POST"):
+                    mutable_post = request.POST.copy()
+                    for k in mutable_post.keys():
+                        mutable_post[k] = sanitize_input_basic(mutable_post.get(k))
+                    request.POST = mutable_post
+                if hasattr(request, "GET"):
+                    mutable_get = request.GET.copy()
+                    for k in mutable_get.keys():
+                        mutable_get[k] = sanitize_input_basic(mutable_get.get(k))
+                    request.GET = mutable_get
+            except Exception:
+                logger.debug("Error sanitizando inputs; continuar")
+
+        # 6) Registrar ataque en AuditoriaMiddleware
+        request.sql_attack_info = {
+            "ip": ip,
+            "tipos": ["XSS"],
+            "descripcion": matches,
+            "payload": payload,
+        }
+
+        # 7) Bloquear petición si está configurado
+        if getattr(settings, "XSS_DEFENSE_BLOCK", True):
+            return JsonResponse(
+                {"mensaje": "Ataque detectado (XSS)", "tipos": matches}, status=403
+            )
+
+        return None
+
+
 """ 
 Algoritmos relacionados:
     *Guardar entradas sospechosas con AES-GCM para confidencialidad y autenticidad.
@@ -18,4 +166,4 @@ S_xss = w_xss * detecciones_xss
 S_xss = 0.3 * 2
 donde w_xss es peso asignado a XSS y detecciones_xss es la cantidad de patrones detectados.
 
-"""
+"""

{guardianunivalle_benito_yucra-0.1.26.dist-info → guardianunivalle_benito_yucra-0.1.28.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.26
+Version: 0.1.28
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.26.dist-info → guardianunivalle_benito_yucra-0.1.28.dist-info}/RECORD

@@ -7,14 +7,14 @@ GuardianUnivalle_Benito_Yucra/criptografia/kdf.py,sha256=_sbepEY1qHEKga0ExrX2WRg
 GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py,sha256=EAYfLkHuxGC5rXSu4mZJ4yZDCbwBpTX8xZWGKz7i5wA,692
 GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py,sha256=lMWmCw6nccCEnek53nVjpoBCeiBqLdrSXxqRuI7VP2I,696
 GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py,sha256=rEDG-Q_R56OsG2ypfHVBK7erolYjdvATnAxB3yvPXts,729
-GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=kOX-tVCSexUf4jvxM3jLl_jYBP_9YuF9-SQwLaLpAGg,3621
-GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=66V_xuxNOZEwluvWOT4-6pk5MJ3zWE1IwcVkBl7MZSg,719
+GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=b7pd4-CTH0FqW5-dwA6RA38Dls0bSBXKSLlmnKbLnbA,2982
+GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=S0E8myh4uKxYjXMDvG6i1nc66XgB0iKIRa-9gDJErdA,5411
 GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py,sha256=23pLLYqliUoMrIC6ZEwz3hKXeDjWfHSm9vYPWGmDDik,495
 GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py,sha256=ipMOebYhql-6mSyHs0ddYXOcXq9w8P_IXLlpiIqGncw,246
 GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py,sha256=6AYWII4mrmwCLHCvGTyoBxR4Oasr4raSHpFbVjqn7d8,193
 GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py,sha256=Wx5XfcII4oweLvZsTBEJ7kUc9pMpP5-36RfI5C5KJXo,561
-guardianunivalle_benito_yucra-0.1.26.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
-guardianunivalle_benito_yucra-0.1.26.dist-info/METADATA,sha256=eTW0T-eW72Ycx5XPNt2VAWy0WgBV9bpY2FiSfPGzwKI,1893
-guardianunivalle_benito_yucra-0.1.26.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-guardianunivalle_benito_yucra-0.1.26.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
-guardianunivalle_benito_yucra-0.1.26.dist-info/RECORD,,
+guardianunivalle_benito_yucra-0.1.28.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
+guardianunivalle_benito_yucra-0.1.28.dist-info/METADATA,sha256=ljR3reAfOBK8g2jaAp6pbsG7BpTMcjNFoLK26q4v7PM,1893
+guardianunivalle_benito_yucra-0.1.28.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+guardianunivalle_benito_yucra-0.1.28.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
+guardianunivalle_benito_yucra-0.1.28.dist-info/RECORD,,