PyPI - GuardianUnivalle-Benito-Yucra - Versions diffs - 0.1.43__tar.gz → 0.1.45__tar.gz - Mend

GuardianUnivalle-Benito-Yucra 0.1.43tar.gz → 0.1.45tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (26) hide show

{guardianunivalle_benito_yucra-0.1.43 → guardianunivalle_benito_yucra-0.1.45}/GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py RENAMED Viewed

@@ -1,16 +1,4 @@
-"""
-CSRF Defense Middleware
-========================
-Detecta y registra posibles ataques CSRF (Cross-Site Request Forgery).
-Algoritmos relacionados:
-    * Uso de secreto aleatorio criptográfico (generar_token_csrf).
-    * Validación simple por comparación (validar_token_csrf).
-    * Contribución a fórmula de amenaza S:
-        S_csrf = w_csrf * intentos_csrf
-        S_csrf = 0.2 * 1
-"""
+# CSRF defense (parche recomendado)
 from __future__ import annotations
 import secrets
 import logging
@@ -21,9 +9,6 @@ from urllib.parse import urlparse
 from django.conf import settings
 from django.utils.deprecation import MiddlewareMixin
-# ======================================================
-# === CONFIGURACIÓN DE LOGGER ===
-# ======================================================
 logger = logging.getLogger("csrfdefense")
 logger.setLevel(logging.INFO)
 if not logger.handlers:
@@ -31,57 +16,33 @@ if not logger.handlers:
     handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
     logger.addHandler(handler)
-# ======================================================
-# === FUNCIONES AUXILIARES DE TOKEN CSRF ===
-# ======================================================
-def registrar_evento(tipo: str, mensaje: str):
-    """Registra eventos importantes en los logs."""
-    logger.warning(f"[{tipo}] {mensaje}")
-def generar_token_csrf() -> str:
-    """Genera un token CSRF seguro."""
-    token = secrets.token_hex(32)
-    registrar_evento("CSRF", "Token CSRF generado")
-    return token
-def validar_token_csrf(token: str, token_sesion: str) -> bool:
-    """Valida que el token recibido coincida con el token en sesión."""
-    valido = token == token_sesion
-    if not valido:
-        registrar_evento("CSRF", "Intento de CSRF detectado (token no coincide)")
-    return valido
-# ======================================================
-# === CONSTANTES Y CONFIGURACIONES ===
-# ======================================================
 STATE_CHANGING_METHODS = {"POST", "PUT", "PATCH", "DELETE"}
-CSRF_HEADER_NAMES = (
-    "HTTP_X_CSRFTOKEN",
-    "HTTP_X_CSRF_TOKEN",
-)
+CSRF_HEADER_NAMES = ("HTTP_X_CSRFTOKEN", "HTTP_X_CSRF_TOKEN")
 CSRF_COOKIE_NAME = getattr(settings, "CSRF_COOKIE_NAME", "csrftoken")
 POST_FIELD_NAME = "csrfmiddlewaretoken"
+# Nota: NO consideramos 'application/json' sospechoso aquí por defecto,
+# porque muchas APIs legítimas usan JSON.
 SUSPICIOUS_CT_PATTERNS = [
+    re.compile(r"text/plain", re.I),
     re.compile(r"application/x-www-form-urlencoded", re.I),
     re.compile(r"multipart/form-data", re.I),
 ]
+# Umbral minimo de "señales" para marcar como ataque (configurable)
+CSRF_DEFENSE_MIN_SIGNALS = getattr(settings, "CSRF_DEFENSE_MIN_SIGNALS", 1)
+# Opción para excluir rutas de API que manejan JSON (cambia según tu proyecto)
+CSRF_DEFENSE_EXCLUDED_API_PREFIXES = getattr(settings, "CSRF_DEFENSE_EXCLUDED_API_PREFIXES", ["/api/"])
-# ======================================================
-# === FUNCIONES DE APOYO ===
-# ======================================================
 def get_client_ip(request):
     x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
     if x_forwarded_for:
-        return x_forwarded_for.split(",")[0].strip()
+        # toma la primera IP real
+        ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
+        if ips:
+            return ips[0]
     return request.META.get("REMOTE_ADDR", "")
 def host_from_header(header_value: str) -> str | None:
     if not header_value:
         return None
@@ -93,52 +54,44 @@ def host_from_header(header_value: str) -> str | None:
     except Exception:
         return None
 def origin_matches_host(request) -> bool:
-    """Verifica si Origin/Referer coinciden con Host."""
     host_header = request.META.get("HTTP_HOST") or request.META.get("SERVER_NAME")
     if not host_header:
         return True
     host = host_header.split(":")[0]
     origin = request.META.get("HTTP_ORIGIN", "")
     referer = request.META.get("HTTP_REFERER", "")
     origin_host = host_from_header(origin)
     referer_host = host_from_header(referer)
+    # bloquear obvious javascript: referers
+    if any(re.search(r"(javascript:|<script|data:text/html)", h or "", re.I) for h in [origin, referer]):
+        return False
     if origin_host and origin_host == host:
         return True
     if referer_host and referer_host == host:
         return True
+    # si no hay origin ni referer, lo consideramos neutral (no marcar)
     if not origin and not referer:
         return True
     return False
 def has_csrf_token(request) -> bool:
-    """Comprueba si hay signos de token CSRF presente."""
+    # busca header, cookie o campo form
     for h in CSRF_HEADER_NAMES:
         if request.META.get(h):
             return True
     cookie_val = request.COOKIES.get(CSRF_COOKIE_NAME)
     if cookie_val:
         return True
     try:
         if request.method == "POST" and hasattr(request, "POST"):
             if request.POST.get(POST_FIELD_NAME):
                 return True
     except Exception:
         pass
     return False
 def extract_payload_text(request) -> str:
-    """Extrae contenido útil de la solicitud para análisis."""
     parts: List[str] = []
     try:
         body = request.body.decode("utf-8", errors="ignore")
@@ -153,18 +106,15 @@ def extract_payload_text(request) -> str:
     parts.append(request.META.get("HTTP_REFERER", ""))
     return " ".join([p for p in parts if p])
-# ======================================================
-# === MIDDLEWARE DE DEFENSA CSRF ===
-# ======================================================
 class CSRFDefenseMiddleware(MiddlewareMixin):
-    """
-    Middleware para DETECTAR intentos de CSRF:
-    - Marca request.sql_attack_info con 'tipos': ['CSRF'] y 'descripcion' con razones.
-    - No bloquea la petición directamente, permite que AuditoriaMiddleware lo maneje.
-    """
     def process_request(self, request):
+        # 1) Excluir APIs JSON si se configuró así
+        for prefix in CSRF_DEFENSE_EXCLUDED_API_PREFIXES:
+            if request.path.startswith(prefix):
+                # debug log opcional
+                logger.debug(f"[CSRFDefense] Skip analysis for API prefix {prefix} path {request.path}")
+                return None
         client_ip = get_client_ip(request)
         trusted_ips = getattr(settings, "CSRF_DEFENSE_TRUSTED_IPS", [])
         if client_ip in trusted_ips:
@@ -187,24 +137,22 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
         # 2) Origin/Referer no coinciden
         if not origin_matches_host(request):
-            descripcion.append(
-                "Origin/Referer no coinciden con Host (posible cross-site)"
-            )
+            descripcion.append("Origin/Referer no coinciden con Host (posible cross-site)")
-        # 3) Content-Type sospechoso
-        content_type = request.META.get("CONTENT_TYPE", "") or ""
+        # 3) Content-Type sospechoso (solo marcaremos si coincide uno de los patterns)
+        content_type = (request.META.get("CONTENT_TYPE") or "")
         for patt in SUSPICIOUS_CT_PATTERNS:
             if patt.search(content_type):
                 descripcion.append(f"Content-Type sospechoso: {content_type}")
                 break
-        # 4) Referer ausente
+        # 4) Referer ausente y sin header CSRF
         referer = request.META.get("HTTP_REFERER", "")
         if not referer and not any(request.META.get(h) for h in CSRF_HEADER_NAMES):
             descripcion.append("Referer ausente y sin X-CSRFToken")
-        # Si hay señales, calculamos puntaje y registramos
-        if descripcion:
+        # Si señales >= umbral entonces marcamos para auditoría
+        if descripcion and len(descripcion) >= CSRF_DEFENSE_MIN_SIGNALS:
             w_csrf = getattr(settings, "CSRF_DEFENSE_WEIGHT", 0.2)
             intentos_csrf = len(descripcion)
             s_csrf = w_csrf * intentos_csrf
@@ -218,15 +166,31 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
             }
             logger.warning(
-                "CSRF detectado desde IP %s: %s ; payload: %.200s ; score: %.2f",
-                client_ip,
-                descripcion,
-                payload,
-                s_csrf,
+                "CSRF detectado desde IP %s: %s ; path=%s ; Content-Type=%s ; score=%.2f",
+                client_ip, descripcion, request.path, content_type, s_csrf
             )
+        else:
+            # debug útil: saber por qué NO se marcó
+            if descripcion:
+                logger.debug(f"[CSRFDefense] low-signals ({len(descripcion)}) not marking: {descripcion}")
         return None
+"""
+CSRF Defense Middleware
+========================
+Detecta y registra posibles ataques CSRF (Cross-Site Request Forgery).
+Algoritmos relacionados:
+    * Uso de secreto aleatorio criptográfico (generar_token_csrf).
+    * Validación simple por comparación (validar_token_csrf).
+    * Integración con detección XSS/SQL Injection mediante registro unificado.
+Fórmula de amenaza:
+    S_csrf = w_csrf * intentos_csrf
+    S_csrf = 0.2 * 1
+"""
 """
 Algoritmos relacionados:

guardianunivalle_benito_yucra-0.1.45/GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py ADDED Viewed

@@ -0,0 +1,289 @@
+# xss_defense.py
+# GuardianUnivalle_Benito_Yucra/detectores/xss_defense.py
+from __future__ import annotations
+import json
+import logging
+import re
+from typing import List, Tuple, Any, Dict
+from django.conf import settings
+from django.utils.deprecation import MiddlewareMixin
+# -------------------------------------------------
+# Logger
+# -------------------------------------------------
+logger = logging.getLogger("xssdefense")
+logger.setLevel(logging.INFO)
+if not logger.handlers:
+    handler = logging.StreamHandler()
+    handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
+    logger.addHandler(handler)
+# -------------------------------------------------
+# Intentar usar bleach (si está instalado). Si no,
+# seguimos con heurísticos de patrones.
+# -------------------------------------------------
+try:
+    import bleach
+    _BLEACH_AVAILABLE = True
+except Exception:
+    _BLEACH_AVAILABLE = False
+# -------------------------------------------------
+# Patrones XSS con peso (descripcion, peso)
+# - pesos mayores = más severo (por ejemplo <script> o javascript:)
+# - esto permite un scoring acumulativo y menos falsos positivos
+# -------------------------------------------------
+XSS_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
+    (re.compile(r"<\s*script\b", re.I), "Etiqueta <script>", 0.8),
+    (re.compile(r"javascript\s*:", re.I), "URI javascript:", 0.7),
+    (re.compile(r"<\s*iframe\b", re.I), "Etiqueta <iframe>", 0.7),
+    (re.compile(r"<\s*embed\b", re.I), "Etiqueta <embed>", 0.7),
+    (re.compile(r"<\s*object\b", re.I), "Etiqueta <object>", 0.7),
+    (re.compile(r"on\w+\s*=", re.I), "Atributo de evento (on*)", 0.5),
+    (re.compile(r"document\.cookie", re.I), "Acceso a document.cookie", 0.6),
+    (re.compile(r"alert\s*\(", re.I), "Uso de alert() potencial", 0.4),
+    # patrón para imágenes con onerror u onload (caso común)
+    (re.compile(r"<\s*img\b[^>]*on\w+\s*=", re.I), "Imagen con evento on*", 0.6),
+]
+# -------------------------------------------------
+# Campos que NO queremos analizar (contraseñas, tokens, etc.)
+# -------------------------------------------------
+IGNORED_FIELDS = getattr(settings, "XSS_DEFENSE_IGNORED_FIELDS", ["password", "csrfmiddlewaretoken", "token", "auth"])
+# Umbral por defecto para considerar "alto riesgo" (Auditoria puede bloquear según su lógica)
+XSS_DEFENSE_THRESHOLD = getattr(settings, "XSS_DEFENSE_THRESHOLD", 0.6)
+# -------------------------------------------------
+# Util: validación / extracción de IP (robusta)
+# -------------------------------------------------
+def _is_valid_ip(ip: str) -> bool:
+    """Verifica que la cadena sea una IP válida (v4 o v6)."""
+    try:
+        import ipaddress
+        ipaddress.ip_address(ip)
+        return True
+    except Exception:
+        return False
+def get_client_ip(request) -> str:
+    """
+    Obtiene la mejor estimación de la IP del cliente:
+    - Revisa X-Forwarded-For (primera IP no vacía).
+    - Luego X-Real-IP, CF-Connecting-IP.
+    - Finalmente REMOTE_ADDR como fallback.
+    """
+    # Preferir X-Forwarded-For
+    xff = request.META.get("HTTP_X_FORWARDED_FOR")
+    if xff:
+        # "client, proxy1, proxy2" => tomar la primera no vacía
+        parts = [p.strip() for p in xff.split(",") if p.strip()]
+        if parts:
+            return parts[0]
+    # Otros encabezados comunes
+    for h in ("HTTP_X_REAL_IP", "HTTP_CF_CONNECTING_IP", "HTTP_CLIENT_IP"):
+        v = request.META.get(h)
+        if v and _is_valid_ip(v):
+            return v
+    # Fallback
+    remote = request.META.get("REMOTE_ADDR")
+    return remote or ""
+# -------------------------------------------------
+# Extraer payload pero evitando cabeceras (para reducir falsos positivos)
+# - Devuelve dict si es JSON, o dict con 'raw' para otros cuerpos
+# - NO añade User-Agent o Referer al texto a analizar
+# -------------------------------------------------
+def extract_body_as_map(request) -> Dict[str, Any]:
+    """
+    Extrae un diccionario con los datos a analizar:
+    - Si JSON: devuelve el dict JSON.
+    - Si form-data: devuelve request.POST.dict()
+    - Si otro: devuelve {'raw': <texto>}
+    """
+    try:
+        ct = request.META.get("CONTENT_TYPE", "")
+        if "application/json" in ct:
+            raw = request.body.decode("utf-8") or "{}"
+            try:
+                data = json.loads(raw)
+                if isinstance(data, dict):
+                    return data
+                else:
+                    # si el JSON no es un objeto (ej: lista), lo devolvemos como raw
+                    return {"raw": raw}
+            except Exception:
+                return {"raw": raw}
+        else:
+            # FORM data (request.POST) u otros
+            try:
+                post = request.POST.dict()
+                if post:
+                    return post
+            except Exception:
+                pass
+            # fallback: cuerpo crudo
+            raw = request.body.decode("utf-8", errors="ignore")
+            if raw:
+                return {"raw": raw}
+    except Exception:
+        pass
+    return {}
+# -------------------------------------------------
+# Analizar un solo valor (string) en busca de XSS usando patrones
+# Devuelve (score, descripciones, matches_patterns)
+# -------------------------------------------------
+def detect_xss_in_value(value: str) -> Tuple[float, List[str], List[str]]:
+    """
+    Analiza una cadena y devuelve:
+      - score acumulado (sum pesos)
+      - lista de descripciones activadas
+      - lista de patrones (regex.pattern) que matchearon
+    """
+    if not value:
+        return 0.0, [], []
+    score_total = 0.0
+    descripcion = []
+    matches = []
+    # Si bleach está disponible, podemos "limpiar" y comparar; pero aquí solo detectamos
+    for patt, msg, weight in XSS_PATTERNS:
+        if patt.search(value):
+            score_total += weight
+            descripcion.append(msg)
+            matches.append(patt.pattern)
+    return round(score_total, 3), descripcion, matches
+# -------------------------------------------------
+# Middleware principal XSS
+# -------------------------------------------------
+class XSSDefenseMiddleware(MiddlewareMixin):
+    """
+    Middleware para detección XSS.
+    - Analiza el body (campo por campo) y querystring si aplica.
+    - Ignora campos sensibles (password, token).
+    - No incluye User-Agent/Referer en el texto analizado (evita falsos positivos).
+    - Añade request.xss_attack_info con: ip, tipos, descripcion, payload, score, url.
+    """
+    def process_request(self, request):
+        # 1) IP y exclusiones
+        client_ip = get_client_ip(request)
+        trusted_ips: List[str] = getattr(settings, "XSS_DEFENSE_TRUSTED_IPS", [])
+        if client_ip and client_ip in trusted_ips:
+            return None
+        excluded_paths: List[str] = getattr(settings, "XSS_DEFENSE_EXCLUDED_PATHS", [])
+        if any(request.path.startswith(p) for p in excluded_paths):
+            return None
+        # 2) Extraer datos para analizar (dict)
+        data = extract_body_as_map(request)
+        # Incluir querystring (como campo separado) para análisis si existe
+        qs = request.META.get("QUERY_STRING", "")
+        if qs:
+            data["_query_string"] = qs
+        if not data:
+            return None
+        total_score = 0.0
+        all_descriptions: List[str] = []
+        all_matches: List[str] = []
+        # payload_for_storage: guardamos un resumen/truncado para auditoría
+        payload_summary = []
+        # 3) Analizar campo por campo (si es dict) o el raw
+        if isinstance(data, dict):
+            for key, value in data.items():
+                # evitar analizar campos sensibles
+                if isinstance(key, str) and key.lower() in [f.lower() for f in IGNORED_FIELDS]:
+                    continue
+                # convertir a string si es otro tipo (list, int...)
+                if isinstance(value, (dict, list)):
+                    try:
+                        vtext = json.dumps(value, ensure_ascii=False)
+                    except Exception:
+                        vtext = str(value)
+                else:
+                    vtext = str(value or "")
+                # salto rápido: si el valor parece ser un email o password muy corto y sin signos,
+                # las probabilidades de XSS son muy bajas; continúa (reduce falsos positivos).
+                if key.lower() in ("email", "username") and len(vtext) < 256:
+                    # aún así pasar por patrones (no lo ignoramos completamente), pero podemos bajar sensibilidad
+                    pass
+                s, descs, matches = detect_xss_in_value(vtext)
+                total_score += s
+                all_descriptions.extend(descs)
+                all_matches.extend(matches)
+                if s > 0:
+                    # almacenar fragmento del campo para auditoría (truncado)
+                    payload_summary.append({ "field": key, "snippet": vtext[:300] })
+        else:
+            # si no es dict, analizar el raw como texto
+            raw = str(data)
+            s, descs, matches = detect_xss_in_value(raw)
+            total_score += s
+            all_descriptions.extend(descs)
+            all_matches.extend(matches)
+            if s > 0:
+                payload_summary.append({"field":"raw","snippet": raw[:500]})
+        # 4) si no detectó nada, continuar
+        if total_score == 0:
+            return None
+        # 5) construir info para auditoría (truncada)
+        url = request.build_absolute_uri()
+        score_rounded = round(total_score, 3)
+        payload_for_request = json.dumps(payload_summary, ensure_ascii=False)[:2000]
+        logger.warning(
+            "XSS detectado desde IP %s URL=%s Score=%.3f Desc=%s",
+            client_ip,
+            url,
+            score_rounded,
+            all_descriptions,
+        )
+        # 6) marcar en el request (AuditoriaMiddleware lo consumirá)
+        request.xss_attack_info = {
+            "ip": client_ip,
+            "tipos": ["XSS"],
+            "descripcion": all_descriptions,
+            "payload": payload_for_request,
+            "score": score_rounded,
+            "url": url,
+        }
+        # 7) NO bloquear aquí — lo hace AuditoriaMiddleware según su política
+        return None
+# =====================================================
+# ===              INFORMACIÓN EXTRA                ===
+# =====================================================
+"""
+Algoritmos relacionados:
+    - Se recomienda almacenar los payloads XSS cifrados con AES-GCM
+      para confidencialidad e integridad.
+Contribución a fórmula de amenaza S:
+    S_xss = w_xss * detecciones_xss
+    Ejemplo: S_xss = 0.3 * 2 = 0.6
+"""

{guardianunivalle_benito_yucra-0.1.43 → guardianunivalle_benito_yucra-0.1.45}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.43
+Version: 0.1.45
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.43 → guardianunivalle_benito_yucra-0.1.45}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.43
+Version: 0.1.45
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.43 → guardianunivalle_benito_yucra-0.1.45}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.43"
+version = "0.1.45"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }

guardianunivalle_benito_yucra-0.1.43/GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py DELETED Viewed

@@ -1,197 +0,0 @@
-# xss_defense.py
-from __future__ import annotations
-import json
-import logging
-import re
-from typing import List, Tuple
-from django.conf import settings
-from django.utils.deprecation import MiddlewareMixin
-# =====================================================
-# ===               CONFIGURACIÓN LOGGER             ===
-# =====================================================
-logger = logging.getLogger("xssdefense")
-logger.setLevel(logging.INFO)
-if not logger.handlers:
-    handler = logging.StreamHandler()
-    handler.setFormatter(logging.Formatter("%(asctime)s - %(levelname)s - %(message)s"))
-    logger.addHandler(handler)
-# =====================================================
-# ===              INTENTAR CARGAR BLEACH            ===
-# =====================================================
-try:
-    import bleach
-    _BLEACH_AVAILABLE = True
-except Exception:
-    _BLEACH_AVAILABLE = False
-# =====================================================
-# ===           PATRONES DE DETECCIÓN XSS            ===
-# =====================================================
-XSS_PATTERNS: List[Tuple[re.Pattern, str]] = [
-    (re.compile(r"<\s*script\b", re.I), "Etiqueta <script>"),
-    (re.compile(r"on\w+\s*=", re.I), "Atributo de evento (on*)"),
-    (re.compile(r"javascript:\s*", re.I), "URI javascript:"),
-    (re.compile(r"<\s*iframe\b", re.I), "Etiqueta <iframe>"),
-    (re.compile(r"<\s*embed\b", re.I), "Etiqueta <embed>"),
-    (re.compile(r"<\s*object\b", re.I), "Etiqueta <object>"),
-    (re.compile(r"document\.cookie", re.I), "Acceso a document.cookie"),
-    (re.compile(r"alert\s*\(", re.I), "Uso de alert() potencial"),
-]
-# =====================================================
-# ===         FUNCIONES AUXILIARES XSS              ===
-# =====================================================
-def detect_xss_text(text: str) -> Tuple[bool, List[str]]:
-    """
-    Busca patrones de XSS conocidos dentro de un texto.
-    Devuelve (True, lista_de_coincidencias) si hay indicios.
-    """
-    matches: List[str] = []
-    if not text:
-        return False, matches
-    for patt, message in XSS_PATTERNS:
-        if patt.search(text):
-            matches.append(message)
-    return len(matches) > 0, matches
-def sanitize_input_basic(text: str) -> str:
-    """
-    Sanitiza una cadena eliminando etiquetas o caracteres peligrosos.
-    Usa bleach si está disponible, de lo contrario hace escape manual.
-    """
-    if text is None:
-        return text
-    if _BLEACH_AVAILABLE:
-        return bleach.clean(text, tags=[], attributes={}, protocols=[], strip=True)
-    replacements = [
-        ("&", "&amp;"),
-        ("<", "&lt;"),
-        (">", "&gt;"),
-        ('"', "&quot;"),
-        ("'", "&#x27;"),
-        ("/", "&#x2F;"),
-    ]
-    result = text
-    for old, new in replacements:
-        result = result.replace(old, new)
-    return result
-def extract_payload_text(request) -> str:
-    """
-    Extrae un texto combinado con información del cuerpo, querystring,
-    agente de usuario y referer para análisis XSS.
-    """
-    parts: List[str] = []
-    try:
-        content_type = request.META.get("CONTENT_TYPE", "")
-        if "application/json" in content_type:
-            body_data = json.loads(request.body.decode("utf-8") or "{}")
-            parts.append(json.dumps(body_data, ensure_ascii=False))
-        else:
-            body_text = request.body.decode("utf-8", errors="ignore")
-            if body_text:
-                parts.append(body_text)
-    except Exception:
-        pass
-    qs = request.META.get("QUERY_STRING", "")
-    if qs:
-        parts.append(qs)
-    parts.append(request.META.get("HTTP_USER_AGENT", ""))
-    parts.append(request.META.get("HTTP_REFERER", ""))
-    return " ".join([p for p in parts if p])
-# =====================================================
-# ===            MIDDLEWARE DE DEFENSA XSS           ===
-# =====================================================
-class XSSDefenseMiddleware(MiddlewareMixin):
-    """
-    Middleware profesional de detección XSS.
-    - Detecta patrones maliciosos en solicitudes sospechosas.
-    - No bloquea directamente, solo marca el ataque para auditoría.
-    - Se integra con AuditoriaMiddleware (request.sql_attack_info).
-    """
-    def process_request(self, request):
-        # ---------------------------------------------
-        # 1. Filtrar IPs de confianza
-        # ---------------------------------------------
-        trusted_ips: List[str] = getattr(settings, "XSS_DEFENSE_TRUSTED_IPS", [])
-        client_ip = request.META.get("REMOTE_ADDR", "")
-        if client_ip in trusted_ips:
-            return None
-        # ---------------------------------------------
-        # 2. Excluir rutas seguras
-        # ---------------------------------------------
-        excluded_paths: List[str] = getattr(settings, "XSS_DEFENSE_EXCLUDED_PATHS", [])
-        if any(request.path.startswith(p) for p in excluded_paths):
-            return None
-        # ---------------------------------------------
-        # 3. Extraer y analizar payload
-        # ---------------------------------------------
-        payload = extract_payload_text(request)
-        if not payload:
-            return None
-        flagged, matches = detect_xss_text(payload)
-        if not flagged:
-            return None
-        # ---------------------------------------------
-        # 4. Calcular puntaje de amenaza S_xss
-        # ---------------------------------------------
-        w_xss = getattr(settings, "XSS_DEFENSE_WEIGHT", 0.3)
-        detecciones_xss = len(matches)
-        s_xss = w_xss * detecciones_xss
-        # ---------------------------------------------
-        # 5. Loggear y marcar en el request
-        # ---------------------------------------------
-        logger.warning(
-            "XSS detectado desde IP %s: %s ; payload: %.200s ; score: %.2f",
-            client_ip,
-            matches,
-            payload,
-            s_xss,
-        )
-        request.xss_attack_info = {
-            "ip": client_ip,
-            "tipos": ["XSS"],
-            "descripcion": matches,
-            "payload": payload,
-            "score": s_xss,
-        }
-        return None
-# =====================================================
-# ===              INFORMACIÓN EXTRA                ===
-# =====================================================
-"""
-Algoritmos relacionados:
-    - Se recomienda almacenar los payloads XSS cifrados con AES-GCM
-      para confidencialidad e integridad.
-Contribución a fórmula de amenaza S:
-    S_xss = w_xss * detecciones_xss
-    Ejemplo: S_xss = 0.3 * 2 = 0.6
-"""