GuardianUnivalle-Benito-Yucra 0.1.40__py3-none-any.whl → 0.1.41__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (6) hide show
  1. GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py +15 -7
  2. {guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/METADATA +1 -1
  3. {guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/RECORD +6 -6
  4. {guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/WHEEL +0 -0
  5. {guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/licenses/LICENSE +0 -0
  6. {guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/top_level.txt +0 -0
GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py CHANGED
@@ -30,13 +30,19 @@ IGNORED_FIELDS = ["password", "csrfmiddlewaretoken", "token", "auth"]
30
30
 
31
31
 
32
32
  def get_client_ip(request):
33
- """Obtiene la IP real del cliente."""
33
+ """
34
+ Obtiene la IP real del cliente.
35
+ Primero revisa 'X-Forwarded-For', luego 'REMOTE_ADDR'.
36
+ """
34
37
  x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
35
38
  if x_forwarded_for:
36
- return x_forwarded_for.split(",")[0].strip()
39
+ # Render y otros proxies envían múltiples IPs separados por coma
40
+ ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
41
+ if ips:
42
+ return ips[0] # la primera IP es la IP real del cliente
43
+ # Si no hay X-Forwarded-For, tomar REMOTE_ADDR
37
44
  return request.META.get("REMOTE_ADDR", "")
38
45
 
39
-
40
46
  def extract_payload(request):
41
47
  """Extrae datos útiles de la solicitud para análisis."""
42
48
  parts = []
@@ -76,11 +82,9 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
76
82
  trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
77
83
  trusted_urls = getattr(settings, "SQLI_DEFENSE_TRUSTED_URLS", [])
78
84
 
79
- # Ignorar si la IP es confiable
80
85
  if client_ip in trusted_ips:
81
86
  return None
82
87
 
83
- # Ignorar si la URL de referencia (Referer) o Host está en la lista de URLs confiables
84
88
  referer = request.META.get("HTTP_REFERER", "")
85
89
  host = request.get_host()
86
90
  if any(url in referer for url in trusted_urls) or any(url in host for url in trusted_urls):
@@ -92,16 +96,20 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
92
96
  if score == 0:
93
97
  return None
94
98
 
99
+ # Registrar ataque completo
95
100
  logger.warning(
96
- f"[SQLiDetect] IP={client_ip} Score={score:.2f} Desc={descripciones} Payload={payload[:200]}"
101
+ f"[SQLiDetect] IP={client_ip} Host={host} Referer={referer} "
102
+ f"Score={score:.2f} Desc={descripciones} Payload={payload[:500]}"
97
103
  )
98
104
 
105
+ # Guardar información del ataque en el request
99
106
  request.sql_attack_info = {
100
107
  "ip": client_ip,
101
108
  "tipos": ["SQLi"],
102
109
  "descripcion": descripciones,
103
- "payload": payload[:500],
110
+ "payload": payload[:1000], # guardar hasta 1000 caracteres
104
111
  "score": round(score, 2),
112
+ "url": request.build_absolute_uri(), # registrar URL completa
105
113
  }
106
114
 
107
115
  return None
{guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: GuardianUnivalle-Benito-Yucra
3
- Version: 0.1.40
3
+ Version: 0.1.41
4
4
  Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
5
5
  Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
6
6
  License: MIT
{guardianunivalle_benito_yucra-0.1.40.dist-info → guardianunivalle_benito_yucra-0.1.41.dist-info}/RECORD RENAMED
@@ -7,14 +7,14 @@ GuardianUnivalle_Benito_Yucra/criptografia/kdf.py,sha256=_sbepEY1qHEKga0ExrX2WRg
7
7
  GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py,sha256=wt9LRMG9XK4eSSmW91tlGmsJWfyk445b8-n2oxlXlwo,7893
8
8
  GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py,sha256=l_JYCmRYpsXt1ZauNPF_wy5uGJhmunRbtJ_WKpC3Otc,6953
9
9
  GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py,sha256=L5RQ0Sdgg7hTU1qkZYwt7AcDqtAzT6u-jwBGo7YWfsw,8078
10
- GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=hdiRuIJy5Dg4Gq8PP7UmsA4eRzIF-J02HFRLCtGLyY8,4391
10
+ GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py,sha256=AL4eLnds5I45aTTmMsRuH4bsb6tOZ2PZlzzXljBz7_s,4814
11
11
  GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py,sha256=Ipw1XXBd1-SsOOhhl9joQGduTq0GhSa61TRTyASF3XE,6795
12
12
  GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py,sha256=23pLLYqliUoMrIC6ZEwz3hKXeDjWfHSm9vYPWGmDDik,495
13
13
  GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py,sha256=ipMOebYhql-6mSyHs0ddYXOcXq9w8P_IXLlpiIqGncw,246
14
14
  GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py,sha256=6AYWII4mrmwCLHCvGTyoBxR4Oasr4raSHpFbVjqn7d8,193
15
15
  GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py,sha256=Wx5XfcII4oweLvZsTBEJ7kUc9pMpP5-36RfI5C5KJXo,561
16
- guardianunivalle_benito_yucra-0.1.40.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
17
- guardianunivalle_benito_yucra-0.1.40.dist-info/METADATA,sha256=ue2VCRiG_RztWsCO7HprHZegV6iwBeOVDJDnT-mm844,1893
18
- guardianunivalle_benito_yucra-0.1.40.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
19
- guardianunivalle_benito_yucra-0.1.40.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
20
- guardianunivalle_benito_yucra-0.1.40.dist-info/RECORD,,
16
+ guardianunivalle_benito_yucra-0.1.41.dist-info/licenses/LICENSE,sha256=5e4IdL542v1E8Ft0A24GZjrxZeTsVK7XrS3mZEUhPtM,37
17
+ guardianunivalle_benito_yucra-0.1.41.dist-info/METADATA,sha256=t6FHFilu7eDZIUrvlnW7s1lmlCtAVDd7UvNSxjYeJ8c,1893
18
+ guardianunivalle_benito_yucra-0.1.41.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
19
+ guardianunivalle_benito_yucra-0.1.41.dist-info/top_level.txt,sha256=HTWfZM64WAV_QYr5cnXnLuabQt92dvlxqlR3pCwpbDQ,30
20
+ guardianunivalle_benito_yucra-0.1.41.dist-info/RECORD,,