GuardianUnivalle-Benito-Yucra 0.1.27__py3-none-any.whl → 0.1.29__py3-none-any.whl

GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py

@@ -1,15 +1,133 @@
-import html
-from ..auditoria.registro_auditoria import registrar_evento
-
-def sanitizar_xss(entrada: str) -> str:
-    return html.escape(entrada)
-
-def detectar_xss(entrada: str) -> bool:
-    patrones = ["<script", "javascript:", "onerror", "onload"]
-    if any(p in entrada.lower() for p in patrones):
-        registrar_evento("XSS", f"Ataque detectado: {entrada}")
-        return True
-    return False
+from __future__ import annotations
+import json
+import logging
+import re
+from typing import List, Tuple
+from django.conf import settings
+from django.utils.deprecation import MiddlewareMixin
+
+# Logger
+logger = logging.getLogger("xssdefense")
+logger.setLevel(logging.INFO)
+if not logger.handlers:
+    handler = logging.StreamHandler()
+    handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
+    logger.addHandler(handler)
+
+# Intentar usar bleach si está disponible
+try:
+    import bleach
+
+    _BLEACH_AVAILABLE = True
+except Exception:
+    _BLEACH_AVAILABLE = False
+
+# Patrones de detección XSS
+XSS_PATTERNS: List[Tuple[re.Pattern, str]] = [
+    (re.compile(r"<\s*script\b", re.I), "Etiqueta <script>"),
+    (re.compile(r"on\w+\s*=", re.I), "Atributo evento (on*)"),
+    (re.compile(r"javascript:\s*", re.I), "URI javascript:"),
+    (re.compile(r"<\s*iframe\b", re.I), "Etiqueta <iframe>"),
+    (re.compile(r"<\s*embed\b", re.I), "Etiqueta <embed>"),
+]
+
+
+# Funciones auxiliares
+def detect_xss_text(text: str) -> Tuple[bool, List[str]]:
+    matches: List[str] = []
+    if not text:
+        return False, matches
+    for patt, message in XSS_PATTERNS:
+        if patt.search(text):
+            matches.append(message)
+    return len(matches) > 0, matches
+
+
+def sanitize_input_basic(text: str) -> str:
+    if text is None:
+        return text
+    if _BLEACH_AVAILABLE:
+        return bleach.clean(text, tags=[], attributes={}, protocols=[], strip=True)
+    replacements = [
+        ("&", "&amp;"),
+        ("<", "&lt;"),
+        (">", "&gt;"),
+        ('"', "&quot;"),
+        ("'", "&#x27;"),
+        ("/", "&#x2F;"),
+    ]
+    result = text
+    for old, new in replacements:
+        result = result.replace(old, new)
+    return result
+
+
+def extract_payload_text(request) -> str:
+    parts: List[str] = []
+    try:
+        ct = request.META.get("CONTENT_TYPE", "")
+        if "application/json" in ct:
+            parts.append(
+                json.dumps(
+                    json.loads(request.body.decode("utf-8") or "{}"), ensure_ascii=False
+                )
+            )
+        else:
+            parts.append(request.body.decode("utf-8", errors="ignore"))
+    except Exception:
+        pass
+    qs = request.META.get("QUERY_STRING", "")
+    if qs:
+        parts.append(qs)
+    parts.append(request.META.get("HTTP_USER_AGENT", ""))
+    parts.append(request.META.get("HTTP_REFERER", ""))
+    return " ".join([p for p in parts if p])
+
+
+# Middleware XSS
+class XSSDefenseMiddleware(MiddlewareMixin):
+    """
+    Middleware Django que detecta XSS en IPs no confiables.
+    Solo marca el ataque en request.sql_attack_info para que
+    AuditoriaMiddleware lo registre y bloquee.
+    """
+
+    def process_request(self, request):
+        trusted_ips: List[str] = getattr(settings, "XSS_DEFENSE_TRUSTED_IPS", [])
+        ip = request.META.get("REMOTE_ADDR", "")
+        if ip in trusted_ips:
+            return None  # IP confiable → no analizar
+
+        excluded_paths: List[str] = getattr(settings, "XSS_DEFENSE_EXCLUDED_PATHS", [])
+        if any(request.path.startswith(p) for p in excluded_paths):
+            return None
+
+        payload = extract_payload_text(request)
+        if not payload:
+            return None
+
+        flagged, matches = detect_xss_text(payload)
+        if not flagged:
+            return None
+
+        logger.warning(
+            "XSS detectado desde IP %s: %s ; payload truncated: %.200s",
+            ip,
+            matches,
+            payload,
+        )
+
+        # Solo marcamos el ataque, no bloqueamos aquí
+        request.sql_attack_info = {
+            "ip": ip,
+            "tipos": ["XSS"],
+            "descripcion": matches,
+            "payload": payload,
+        }
+
+        return None
+
+
 """ 
 Algoritmos relacionados:
     *Guardar entradas sospechosas con AES-GCM para confidencialidad y autenticidad.
@@ -18,4 +136,4 @@ S_xss = w_xss * detecciones_xss
 S_xss = 0.3 * 2
 donde w_xss es peso asignado a XSS y detecciones_xss es la cantidad de patrones detectados.
 
-"""
+"""

{guardianunivalle_benito_yucra-0.1.27.dist-info → guardianunivalle_benito_yucra-0.1.29.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.27
+Version: 0.1.29
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.27.dist-info → guardianunivalle_benito_yucra-0.1.29.dist-info}/RECORD

@@ -8,13 +8,13 @@ GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py,sha256=EAYfLkHuxGC5rXS
 GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py,sha256=lMWmCw6nccCEnek53nVjpoBCeiBqLdrSXxqRuI7VP2I,696
 GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py,sha256=rEDG-Q_R56OsG2ypfHVBK7erolYjdvATnAxB3yvPXts,729
 GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=b7pd4-CTH0FqW5-dwA6RA38Dls0bSBXKSLlmnKbLnbA,2982
-GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=66V_xuxNOZEwluvWOT4-6pk5MJ3zWE1IwcVkBl7MZSg,719
+GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=S2vJUbdrh4oG7-1plBK7Emu2eG5ERWHBFWZe-e5OTgo,4201
 GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py,sha256=23pLLYqliUoMrIC6ZEwz3hKXeDjWfHSm9vYPWGmDDik,495
 GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py,sha256=ipMOebYhql-6mSyHs0ddYXOcXq9w8P_IXLlpiIqGncw,246
 GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py,sha256=6AYWII4mrmwCLHCvGTyoBxR4Oasr4raSHpFbVjqn7d8,193
 GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py,sha256=Wx5XfcII4oweLvZsTBEJ7kUc9pMpP5-36RfI5C5KJXo,561
-guardianunivalle_benito_yucra-0.1.27.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
-guardianunivalle_benito_yucra-0.1.27.dist-info/METADATA,sha256=8i1ER5rmcdjBiu5tgrzdVnhI80HkwR_EUjpifg5589A,1893
-guardianunivalle_benito_yucra-0.1.27.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-guardianunivalle_benito_yucra-0.1.27.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
-guardianunivalle_benito_yucra-0.1.27.dist-info/RECORD,,
+guardianunivalle_benito_yucra-0.1.29.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
+guardianunivalle_benito_yucra-0.1.29.dist-info/METADATA,sha256=E6PCNE91cwAxPFWHDpeLdEnsGHKfvvH8TRDQ3fNIFj4,1893
+guardianunivalle_benito_yucra-0.1.29.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+guardianunivalle_benito_yucra-0.1.29.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
+guardianunivalle_benito_yucra-0.1.29.dist-info/RECORD,,