GuardianUnivalle-Benito-Yucra 0.1.28__py3-none-any.whl → 0.1.29__py3-none-any.whl

GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py

@@ -1,15 +1,9 @@
-"""
-detector_xss.py (version separada con IPs confiables independientes)
-"""
-
 from __future__ import annotations
 import json
 import logging
 import re
 from typing import List, Tuple
-
 from django.conf import settings
-from django.http import JsonResponse
 from django.utils.deprecation import MiddlewareMixin
 
 # Logger
@@ -94,26 +88,24 @@ def extract_payload_text(request) -> str:
 class XSSDefenseMiddleware(MiddlewareMixin):
     """
     Middleware Django que detecta XSS en IPs no confiables.
+    Solo marca el ataque en request.sql_attack_info para que
+    AuditoriaMiddleware lo registre y bloquee.
     """
 
     def process_request(self, request):
-        # 1) Obtener IP confiable específica para XSS
         trusted_ips: List[str] = getattr(settings, "XSS_DEFENSE_TRUSTED_IPS", [])
         ip = request.META.get("REMOTE_ADDR", "")
         if ip in trusted_ips:
             return None  # IP confiable → no analizar
 
-        # 2) Verificar rutas excluidas
         excluded_paths: List[str] = getattr(settings, "XSS_DEFENSE_EXCLUDED_PATHS", [])
         if any(request.path.startswith(p) for p in excluded_paths):
             return None
 
-        # 3) Extraer payload
         payload = extract_payload_text(request)
         if not payload:
             return None
 
-        # 4) Detectar XSS
         flagged, matches = detect_xss_text(payload)
         if not flagged:
             return None
@@ -125,23 +117,7 @@ class XSSDefenseMiddleware(MiddlewareMixin):
             payload,
         )
 
-        # 5) Sanitizar si está configurado
-        if getattr(settings, "XSS_DEFENSE_SANITIZE_INPUT", False):
-            try:
-                if hasattr(request, "POST"):
-                    mutable_post = request.POST.copy()
-                    for k in mutable_post.keys():
-                        mutable_post[k] = sanitize_input_basic(mutable_post.get(k))
-                    request.POST = mutable_post
-                if hasattr(request, "GET"):
-                    mutable_get = request.GET.copy()
-                    for k in mutable_get.keys():
-                        mutable_get[k] = sanitize_input_basic(mutable_get.get(k))
-                    request.GET = mutable_get
-            except Exception:
-                logger.debug("Error sanitizando inputs; continuar")
-
-        # 6) Registrar ataque en AuditoriaMiddleware
+        # Solo marcamos el ataque, no bloqueamos aquí
         request.sql_attack_info = {
             "ip": ip,
             "tipos": ["XSS"],
@@ -149,12 +125,6 @@ class XSSDefenseMiddleware(MiddlewareMixin):
             "payload": payload,
         }
 
-        # 7) Bloquear petición si está configurado
-        if getattr(settings, "XSS_DEFENSE_BLOCK", True):
-            return JsonResponse(
-                {"mensaje": "Ataque detectado (XSS)", "tipos": matches}, status=403
-            )
-
         return None
 
 

{guardianunivalle_benito_yucra-0.1.28.dist-info → guardianunivalle_benito_yucra-0.1.29.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.28
+Version: 0.1.29
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.28.dist-info → guardianunivalle_benito_yucra-0.1.29.dist-info}/RECORD

@@ -8,13 +8,13 @@ GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py,sha256=EAYfLkHuxGC5rXS
 GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py,sha256=lMWmCw6nccCEnek53nVjpoBCeiBqLdrSXxqRuI7VP2I,696
 GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py,sha256=rEDG-Q_R56OsG2ypfHVBK7erolYjdvATnAxB3yvPXts,729
 GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=b7pd4-CTH0FqW5-dwA6RA38Dls0bSBXKSLlmnKbLnbA,2982
-GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=S0E8myh4uKxYjXMDvG6i1nc66XgB0iKIRa-9gDJErdA,5411
+GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=S2vJUbdrh4oG7-1plBK7Emu2eG5ERWHBFWZe-e5OTgo,4201
 GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py,sha256=23pLLYqliUoMrIC6ZEwz3hKXeDjWfHSm9vYPWGmDDik,495
 GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py,sha256=ipMOebYhql-6mSyHs0ddYXOcXq9w8P_IXLlpiIqGncw,246
 GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py,sha256=6AYWII4mrmwCLHCvGTyoBxR4Oasr4raSHpFbVjqn7d8,193
 GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py,sha256=Wx5XfcII4oweLvZsTBEJ7kUc9pMpP5-36RfI5C5KJXo,561
-guardianunivalle_benito_yucra-0.1.28.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
-guardianunivalle_benito_yucra-0.1.28.dist-info/METADATA,sha256=ljR3reAfOBK8g2jaAp6pbsG7BpTMcjNFoLK26q4v7PM,1893
-guardianunivalle_benito_yucra-0.1.28.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-guardianunivalle_benito_yucra-0.1.28.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
-guardianunivalle_benito_yucra-0.1.28.dist-info/RECORD,,
+guardianunivalle_benito_yucra-0.1.29.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
+guardianunivalle_benito_yucra-0.1.29.dist-info/METADATA,sha256=E6PCNE91cwAxPFWHDpeLdEnsGHKfvvH8TRDQ3fNIFj4,1893
+guardianunivalle_benito_yucra-0.1.29.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+guardianunivalle_benito_yucra-0.1.29.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
+guardianunivalle_benito_yucra-0.1.29.dist-info/RECORD,,