PyPI - GuardianUnivalle-Benito-Yucra - Versions diffs - 0.1.39__tar.gz → 0.1.41__tar.gz - Mend

GuardianUnivalle-Benito-Yucra 0.1.39tar.gz → 0.1.41tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (25) hide show

{guardianunivalle_benito_yucra-0.1.39 → guardianunivalle_benito_yucra-0.1.41}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py RENAMED Viewed

@@ -1,5 +1,6 @@
 # sql_defense.py
-# sql_defense.py - versión robusta y precisa
+# GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py
 import json
 import logging
 import re
@@ -13,9 +14,10 @@ if not logger.handlers:
     handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
     logger.addHandler(handler)
-# Patrones organizados por nivel de severidad
+# =====================================================
+# ===        PATRONES DE ATAQUE SQL DEFINIDOS       ===
+# =====================================================
 SQL_PATTERNS = [
-    # Ataques fuertes (bloqueo inmediato)
     (re.compile(r"\bunion\b\s+(all\s+)?\bselect\b", re.I), "Uso de UNION SELECT", 0.7),
     (re.compile(r"\bor\b\s+'?\d+'?\s*=\s*'?\d+'?", re.I), "Tautología OR 1=1", 0.6),
     (re.compile(r"\bselect\b.+\bfrom\b", re.I), "Consulta SQL SELECT-FROM", 0.5),
@@ -24,84 +26,93 @@ SQL_PATTERNS = [
     (re.compile(r"exec\s*\(", re.I), "Ejecución de procedimiento almacenado", 0.6),
 ]
-# Campos que deben ser analizados con cuidado o ignorados
 IGNORED_FIELDS = ["password", "csrfmiddlewaretoken", "token", "auth"]
 def get_client_ip(request):
+    """
+    Obtiene la IP real del cliente.
+    Primero revisa 'X-Forwarded-For', luego 'REMOTE_ADDR'.
+    """
     x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
     if x_forwarded_for:
-        return x_forwarded_for.split(",")[0].strip()
+        # Render y otros proxies envían múltiples IPs separados por coma
+        ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
+        if ips:
+            return ips[0]  # la primera IP es la IP real del cliente
+    # Si no hay X-Forwarded-For, tomar REMOTE_ADDR
     return request.META.get("REMOTE_ADDR", "")
-def extract_body(request):
+def extract_payload(request):
+    """Extrae datos útiles de la solicitud para análisis."""
+    parts = []
     try:
         if "application/json" in request.META.get("CONTENT_TYPE", ""):
             data = json.loads(request.body.decode("utf-8") or "{}")
+            parts.append(json.dumps(data))
         else:
-            data = request.POST.dict() or {}
+            body = request.body.decode("utf-8", errors="ignore")
+            if body:
+                parts.append(body)
     except Exception:
-        data = {}
-    return data
+        pass
+    qs = request.META.get("QUERY_STRING", "")
+    if qs:
+        parts.append(qs)
+    return " ".join(parts)
-def detect_sql_injection(value: str):
-    score_total = 0.0
-    descripciones = []
-    matches = []
+def detect_sql_injection(value):
+    """Detecta patrones sospechosos en una cadena."""
+    score = 0.0
+    descripciones = []
     for pattern, desc, weight in SQL_PATTERNS:
         if pattern.search(value):
-            score_total += weight
+            score += weight
             descripciones.append(desc)
-            matches.append(pattern.pattern)
-    return score_total, descripciones, matches
+    return score, descripciones
 class SQLIDefenseMiddleware(MiddlewareMixin):
+    """Middleware de detección SQL Injection."""
     def process_request(self, request):
         client_ip = get_client_ip(request)
         trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
+        trusted_urls = getattr(settings, "SQLI_DEFENSE_TRUSTED_URLS", [])
         if client_ip in trusted_ips:
             return None
-        data = extract_body(request)
-        score = 0.0
-        all_desc = []
-        all_matches = []
-        for key, value in data.items():
-            if not isinstance(value, str):
-                continue
-            if key.lower() in IGNORED_FIELDS:
-                continue  # No analizar contraseñas ni tokens
+        referer = request.META.get("HTTP_REFERER", "")
+        host = request.get_host()
+        if any(url in referer for url in trusted_urls) or any(url in host for url in trusted_urls):
+            return None
-            s, desc, matches = detect_sql_injection(value)
-            score += s
-            all_desc.extend(desc)
-            all_matches.extend(matches)
+        payload = extract_payload(request)
+        score, descripciones = detect_sql_injection(payload)
         if score == 0:
-            return None  # nada sospechoso
+            return None
+        # Registrar ataque completo
         logger.warning(
-            f"[SQLiDetect] IP={client_ip} Score={score:.2f} Desc={all_desc} Campos={list(data.keys())}"
+            f"[SQLiDetect] IP={client_ip} Host={host} Referer={referer} "
+            f"Score={score:.2f} Desc={descripciones} Payload={payload[:500]}"
         )
-        # Guardamos info en request
+        # Guardar información del ataque en el request
         request.sql_attack_info = {
             "ip": client_ip,
             "tipos": ["SQLi"],
-            "descripcion": all_desc,
+            "descripcion": descripciones,
+            "payload": payload[:1000],  # guardar hasta 1000 caracteres
             "score": round(score, 2),
+            "url": request.build_absolute_uri(),  # registrar URL completa
         }
-        # Bloqueamos solo si supera umbral de riesgo
-        if score >= 0.7:
-            from django.http import JsonResponse
-            return JsonResponse(
-                {"error": "Posible ataque de inyección SQL detectado. Solicitud bloqueada."},
-                status=403
-            )
+        return None
 # =====================================================

{guardianunivalle_benito_yucra-0.1.39 → guardianunivalle_benito_yucra-0.1.41}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.39
+Version: 0.1.41
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.39 → guardianunivalle_benito_yucra-0.1.41}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.39
+Version: 0.1.41
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.39 → guardianunivalle_benito_yucra-0.1.41}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.39"
+version = "0.1.41"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }