PyPI - GuardianUnivalle-Benito-Yucra - Versions diffs - 0.1.61__tar.gz → 0.1.62__tar.gz - Mend

GuardianUnivalle-Benito-Yucra 0.1.61tar.gz → 0.1.62tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (25) hide show

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.62}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py RENAMED Viewed

@@ -10,6 +10,9 @@ import urllib.parse
 import html
 from typing import List, Tuple, Dict
+# ----------------------------
+# Configuración del logger
+# ----------------------------
 logger = logging.getLogger("sqlidefense")
 logger.setLevel(logging.INFO)
 if not logger.handlers:
@@ -18,7 +21,7 @@ if not logger.handlers:
     logger.addHandler(handler)
 # =====================================================
-# ===        PATRONES DE ATAQUE SQL DEFINIDOS       ===
+# ===        PATRONES DE ATAQUE SQL DEFINIDOS       ===
 # =====================================================
 SQL_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
     # ------------------ In‑Band / Exfiltration (muy alto) ------------------
@@ -50,7 +53,7 @@ SQL_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
     # ------------------ Metadata / Recon (alto) ------------------
     (re.compile(r"\binformation_schema\b", re.I), "INFORMATION_SCHEMA (recon meta‑datos)", 0.92),
     (re.compile(r"\b(information_schema\.tables|information_schema\.columns)\b", re.I), "INFORMATION_SCHEMA.tables/columns", 0.92),
-    (re.compile(r"\b(sys\.tables|sys\.objects|sys\.databases|pg_catalog|pg_tables|pg_user)\b", re.I), "Catalogos del sistema (MSSQL/Postgres)", 0.9),
+    (re.compile(r"\b(sys\.tables|sys\.objects|sys\.databases|pg_catalog|pg_tables|pg_user)\b", re.I), "Catálogos del sistema (MSSQL/Postgres)", 0.9),
     # ------------------ DML/DDL Destructivo (alto) ------------------
     (re.compile(r"\b(drop\s+table|truncate\s+table|drop\s+database|drop\s+schema)\b", re.I), "DROP/TRUNCATE (DDL destructivo)", 0.95),
@@ -107,27 +110,23 @@ SQL_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
     (re.compile(r"\b(or)\b\s+1\s*=\s*1\b", re.I), "OR 1=1 tautology", 0.85),
 ]
 IGNORED_FIELDS = ["password", "csrfmiddlewaretoken", "token", "auth"]
+# ----------------------------
+# Obtener IP real del cliente
+# ----------------------------
 def get_client_ip(request):
-    """
-    Obtiene la IP real del cliente.
-    Primero revisa 'X-Forwarded-For', luego 'REMOTE_ADDR'.
-    """
     x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
     if x_forwarded_for:
-        # Render y otros proxies envían múltiples IPs separados por coma
         ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
         if ips:
-            return ips[0]  # la primera IP es la IP real del cliente
-    # Si no hay X-Forwarded-For, tomar REMOTE_ADDR
+            return ips[0]
     return request.META.get("REMOTE_ADDR", "")
+# ----------------------------
+# Extraer payload de la solicitud
+# ----------------------------
 def extract_payload(request):
-    """Extrae datos útiles de la solicitud para análisis."""
     parts = []
     try:
         if "application/json" in request.META.get("CONTENT_TYPE", ""):
@@ -146,50 +145,29 @@ def extract_payload(request):
     return " ".join(parts)
 # ----------------------------
 # Normalización / preprocesamiento
 # ----------------------------
 def normalize_input(s: str) -> str:
-    """
-    Normaliza la entrada:
-    - decode URL encoding
-    - unescape HTML entities
-    - sustituye escapes de hex (\xNN) por su literal
-    - colapsa múltiples espacios y newlines
-    - lower() opcional (NO se hace porque algunos patrones usan case-insensitive)
-    """
     if not s:
         return ""
     try:
-        # URL decode
         s_dec = urllib.parse.unquote_plus(s)
     except Exception:
         s_dec = s
     try:
-        # Unescape HTML entities
         s_dec = html.unescape(s_dec)
     except Exception:
         pass
-    # Replace \xNN sequences visually (keep raw as text; we don't convert binary)
-    s_dec = re.sub(r"\\x([0-9a-fA-F]{2})", r"\\x\1", s_dec)
-    # Collapse whitespace
+    # Reemplazo seguro de secuencias \xNN
+    s_dec = re.sub(r"\\x([0-9a-fA-F]{2})", r"\\x\g<1>", s_dec)
     s_dec = re.sub(r"\s+", " ", s_dec)
     return s_dec.strip()
 # ----------------------------
-# Detector: retorna score, matches y detalles
+# Detector SQLi
 # ----------------------------
 def detect_sql_injection(text: str) -> Dict:
-    """
-    Detecta coincidencias con SQL_PATTERNS en el texto normalizado.
-    Devuelve:
-      {
-        "score": float,
-        "matches": [("Etiqueta", "regex pattern string", weight), ...],
-        "descriptions": [ "Etiqueta", ... ],
-        "sample": excerpt (primeros 1200 chars)
-      }
-    """
     norm = normalize_input(text or "")
     score = 0.0
     matches = []
@@ -203,17 +181,10 @@ def detect_sql_injection(text: str) -> Dict:
     return {
         "score": round(score, 3),
         "matches": matches,
-        "descriptions": list(dict.fromkeys(descriptions)),  # unique
+        "descriptions": list(dict.fromkeys(descriptions)),
         "sample": norm[:1200],
     }
-# ----------------------------
-# Umbrales sugeridos
-# ----------------------------
-# - >= 1.8 : ALTA (bloquear + registrar)
-# - 1.0 - <1.8 : MEDIA (registrar, desafío/2FA, throttling)
-# - 0.5 - <1.0 : BAJA (registrar, monitorear)
-# - <0.5 : INFORMATIVO (log heurístico)
 DEFAULT_THRESHOLDS = {
     "HIGH": 1.8,
     "MEDIUM": 1.0,
@@ -221,17 +192,9 @@ DEFAULT_THRESHOLDS = {
 }
 # ----------------------------
-# Ejemplo de uso (snippet)
+# Middleware SQLi
 # ----------------------------
-# payload = extract_payload(request)  # tu función actual
-# result = detect_sql_injection(payload)
-# if result["score"] >= DEFAULT_THRESHOLDS["HIGH"]:
-#     bloquear_y_registrar()
-# else:
-#     registrar_solo()
 class SQLIDefenseMiddleware(MiddlewareMixin):
-    """Middleware de detección SQL Injection."""
     def process_request(self, request):
         client_ip = get_client_ip(request)
         trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
@@ -246,35 +209,35 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
             return None
         payload = extract_payload(request)
-        score, descripciones = detect_sql_injection(payload)
+        result = detect_sql_injection(payload)
+        score = result["score"]
+        descripciones = result["descriptions"]
         if score == 0:
             return None
-        # Registrar ataque completo
+        # Registrar ataque
         logger.warning(
             f"[SQLiDetect] IP={client_ip} Host={host} Referer={referer} "
             f"Score={score:.2f} Desc={descripciones} Payload={payload[:500]}"
         )
-        # Guardar información del ataque en el request
+        # Guardar info en request
         request.sql_attack_info = {
             "ip": client_ip,
             "tipos": ["SQLi"],
             "descripcion": descripciones,
-            "payload": payload[:1000],  # guardar hasta 1000 caracteres
+            "payload": payload[:1000],
             "score": round(score, 2),
-            "url": request.build_absolute_uri(),  # registrar URL completa
+            "url": request.build_absolute_uri(),
         }
         return None
 # =====================================================
 # ===              INFORMACIÓN EXTRA                ===
 # =====================================================
-"""
+r"""
 Algoritmos relacionados:
     - Se recomienda almacenar logs SQLi cifrados (AES-GCM)
       para proteger evidencia de intentos maliciosos.

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.62}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.61
+Version: 0.1.62
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.62}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.61
+Version: 0.1.62
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.62}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.61"
+version = "0.1.62"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }