GuardianUnivalle-Benito-Yucra 0.1.3__py3-none-any.whl → 0.1.5__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.
- GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py +35 -45
- {guardianunivalle_benito_yucra-0.1.3.dist-info → guardianunivalle_benito_yucra-0.1.5.dist-info}/METADATA +1 -1
- {guardianunivalle_benito_yucra-0.1.3.dist-info → guardianunivalle_benito_yucra-0.1.5.dist-info}/RECORD +6 -6
- {guardianunivalle_benito_yucra-0.1.3.dist-info → guardianunivalle_benito_yucra-0.1.5.dist-info}/WHEEL +0 -0
- {guardianunivalle_benito_yucra-0.1.3.dist-info → guardianunivalle_benito_yucra-0.1.5.dist-info}/licenses/LICENSE +0 -0
- {guardianunivalle_benito_yucra-0.1.3.dist-info → guardianunivalle_benito_yucra-0.1.5.dist-info}/top_level.txt +0 -0
|
@@ -5,67 +5,57 @@ from typing import Tuple
|
|
|
5
5
|
from django.http import JsonResponse
|
|
6
6
|
from django.utils.deprecation import MiddlewareMixin
|
|
7
7
|
|
|
8
|
-
# ---------- Patrones
|
|
9
|
-
_literal_single = re.compile(r"'([^'\\]|\\.)*'")
|
|
10
|
-
_literal_double = re.compile(r'"([^"\\]|\\.)*"')
|
|
11
|
-
_comment_sql = re.compile(r"(--[^\n]*|/\*.*?\*/)", re.S)
|
|
12
|
-
|
|
8
|
+
# ---------- Patrones de ataques SQL ----------
|
|
13
9
|
PATTERNS = [
|
|
14
|
-
(
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
(re.compile(r"
|
|
10
|
+
(
|
|
11
|
+
re.compile(r"\bunion\b\s+(all\s+)?\bselect\b", re.I),
|
|
12
|
+
"Intento de UNION SELECT detectado",
|
|
13
|
+
),
|
|
14
|
+
(re.compile(r"or\s+\d+\s*=\s*\d+", re.I), "Intento de OR 1=1 detectado"),
|
|
15
|
+
(
|
|
16
|
+
re.compile(r"\b(select\b.*\bfrom\b.*\bwhere\b.*\b(or|and)\b.*=)", re.I),
|
|
17
|
+
"Intento de SELECT con OR/AND detectado",
|
|
18
|
+
),
|
|
19
|
+
(
|
|
20
|
+
re.compile(r"\b(drop|truncate|delete|insert|update)\b", re.I),
|
|
21
|
+
"Intento de manipulación de tabla detectado",
|
|
22
|
+
),
|
|
23
|
+
(
|
|
24
|
+
re.compile(r"(--|#|;)", re.I),
|
|
25
|
+
"Comentario o terminador de sentencia sospechoso detectado",
|
|
26
|
+
),
|
|
19
27
|
]
|
|
20
28
|
|
|
21
29
|
|
|
22
30
|
# ---------- Helpers ----------
|
|
23
|
-
def normalize_text(s: str) -> str:
|
|
24
|
-
"""Quita literales y comentarios para reducir falsos positivos"""
|
|
25
|
-
if not s:
|
|
26
|
-
return ""
|
|
27
|
-
s = _comment_sql.sub(" ", s)
|
|
28
|
-
s = _literal_single.sub("''", s)
|
|
29
|
-
s = _literal_double.sub('""', s)
|
|
30
|
-
s = re.sub(r"\s+", " ", s).strip()
|
|
31
|
-
return s
|
|
32
|
-
|
|
33
|
-
|
|
34
31
|
def extract_payload_text(request) -> str:
|
|
35
32
|
"""Extrae texto potencialmente peligroso del request"""
|
|
36
33
|
parts = []
|
|
34
|
+
# Query params
|
|
35
|
+
if request.META.get("QUERY_STRING"):
|
|
36
|
+
parts.append(request.META.get("QUERY_STRING"))
|
|
37
|
+
# Body
|
|
37
38
|
try:
|
|
38
|
-
# query params
|
|
39
|
-
if request.META.get("QUERY_STRING"):
|
|
40
|
-
parts.append(request.META.get("QUERY_STRING"))
|
|
41
|
-
# body
|
|
42
39
|
content_type = request.META.get("CONTENT_TYPE", "")
|
|
43
40
|
if "application/json" in content_type:
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
parts.append(json.dumps(body_json))
|
|
47
|
-
except Exception:
|
|
48
|
-
parts.append((request.body or b"").decode("utf-8", errors="ignore"))
|
|
41
|
+
body_json = json.loads(request.body.decode("utf-8") or "{}")
|
|
42
|
+
parts.append(json.dumps(body_json))
|
|
49
43
|
else:
|
|
50
|
-
|
|
51
|
-
parts.append(request.body.decode("utf-8", errors="ignore"))
|
|
52
|
-
except Exception:
|
|
53
|
-
pass
|
|
54
|
-
# headers sospechosos
|
|
55
|
-
parts.append(request.META.get("HTTP_USER_AGENT", ""))
|
|
56
|
-
parts.append(request.META.get("HTTP_REFERER", ""))
|
|
44
|
+
parts.append(request.body.decode("utf-8", errors="ignore"))
|
|
57
45
|
except Exception:
|
|
58
46
|
pass
|
|
47
|
+
# Headers
|
|
48
|
+
parts.append(request.META.get("HTTP_USER_AGENT", ""))
|
|
49
|
+
parts.append(request.META.get("HTTP_REFERER", ""))
|
|
59
50
|
return " ".join([p for p in parts if p])
|
|
60
51
|
|
|
61
52
|
|
|
62
53
|
def detect_sqli_text(text: str) -> Tuple[bool, list]:
|
|
63
|
-
"""Detecta
|
|
64
|
-
q = normalize_text(text)
|
|
54
|
+
"""Detecta ataques SQL en el texto"""
|
|
65
55
|
matches = []
|
|
66
|
-
for patt,
|
|
67
|
-
if patt.search(
|
|
68
|
-
matches.append(
|
|
56
|
+
for patt, message in PATTERNS:
|
|
57
|
+
if patt.search(text):
|
|
58
|
+
matches.append(message)
|
|
69
59
|
return (len(matches) > 0, matches)
|
|
70
60
|
|
|
71
61
|
|
|
@@ -78,11 +68,11 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
|
|
|
78
68
|
|
|
79
69
|
flagged, matches = detect_sqli_text(text)
|
|
80
70
|
if flagged:
|
|
81
|
-
#
|
|
71
|
+
# Mensaje estandarizado
|
|
82
72
|
return JsonResponse(
|
|
83
73
|
{
|
|
84
|
-
"detail": "Request bloqueado: posible inyección SQL
|
|
85
|
-
"
|
|
74
|
+
"detail": "Request bloqueado: posible intento de inyección SQL detectado",
|
|
75
|
+
"alerts": matches,
|
|
86
76
|
},
|
|
87
77
|
status=403,
|
|
88
78
|
)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: GuardianUnivalle-Benito-Yucra
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.5
|
|
4
4
|
Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
|
|
5
5
|
Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
|
|
6
6
|
License: MIT
|
|
@@ -7,14 +7,14 @@ GuardianUnivalle_Benito_Yucra/criptografia/kdf.py,sha256=_sbepEY1qHEKga0ExrX2WRg
|
|
|
7
7
|
GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py,sha256=EAYfLkHuxGC5rXSu4mZJ4yZDCbwBpTX8xZWGKz7i5wA,692
|
|
8
8
|
GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py,sha256=lMWmCw6nccCEnek53nVjpoBCeiBqLdrSXxqRuI7VP2I,696
|
|
9
9
|
GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py,sha256=rEDG-Q_R56OsG2ypfHVBK7erolYjdvATnAxB3yvPXts,729
|
|
10
|
-
GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=
|
|
10
|
+
GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=4yaATxsBEvx2wACJDbYfBIkjVTfIo9gwdcAFxN85ygA,2559
|
|
11
11
|
GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=66V_xuxNOZEwluvWOT4-6pk5MJ3zWE1IwcVkBl7MZSg,719
|
|
12
12
|
GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py,sha256=23pLLYqliUoMrIC6ZEwz3hKXeDjWfHSm9vYPWGmDDik,495
|
|
13
13
|
GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py,sha256=ipMOebYhql-6mSyHs0ddYXOcXq9w8P_IXLlpiIqGncw,246
|
|
14
14
|
GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py,sha256=6AYWII4mrmwCLHCvGTyoBxR4Oasr4raSHpFbVjqn7d8,193
|
|
15
15
|
GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py,sha256=Wx5XfcII4oweLvZsTBEJ7kUc9pMpP5-36RfI5C5KJXo,561
|
|
16
|
-
guardianunivalle_benito_yucra-0.1.
|
|
17
|
-
guardianunivalle_benito_yucra-0.1.
|
|
18
|
-
guardianunivalle_benito_yucra-0.1.
|
|
19
|
-
guardianunivalle_benito_yucra-0.1.
|
|
20
|
-
guardianunivalle_benito_yucra-0.1.
|
|
16
|
+
guardianunivalle_benito_yucra-0.1.5.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
|
|
17
|
+
guardianunivalle_benito_yucra-0.1.5.dist-info/METADATA,sha256=hQDjXHgP4KpMSw2SyJH80dQ2ugvZBQC5asY159ZYDWw,1892
|
|
18
|
+
guardianunivalle_benito_yucra-0.1.5.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
|
|
19
|
+
guardianunivalle_benito_yucra-0.1.5.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
|
|
20
|
+
guardianunivalle_benito_yucra-0.1.5.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|