PyPI - GuardianUnivalle-Benito-Yucra - Versions diffs - 0.1.61__tar.gz → 0.1.63__tar.gz - Mend

GuardianUnivalle-Benito-Yucra 0.1.61tar.gz → 0.1.63tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (25) hide show

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.63}/GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# CSRF defense (parche recomendado)
+# CSRF defense (versión reforzada)
 from __future__ import annotations
 import secrets
 import logging
@@ -21,23 +21,24 @@ CSRF_HEADER_NAMES = ("HTTP_X_CSRFTOKEN", "HTTP_X_CSRF_TOKEN")
 CSRF_COOKIE_NAME = getattr(settings, "CSRF_COOKIE_NAME", "csrftoken")
 POST_FIELD_NAME = "csrfmiddlewaretoken"
-# Nota: NO consideramos 'application/json' sospechoso aquí por defecto,
-# porque muchas APIs legítimas usan JSON.
+# Patrón de Content-Type sospechoso
 SUSPICIOUS_CT_PATTERNS = [
     re.compile(r"text/plain", re.I),
     re.compile(r"application/x-www-form-urlencoded", re.I),
     re.compile(r"multipart/form-data", re.I),
 ]
-# Umbral minimo de "señales" para marcar como ataque (configurable)
+# Parámetros sensibles típicos de CSRF
+SENSITIVE_PARAMS = [
+    "password", "csrfmiddlewaretoken", "token", "amount", "transfer", "delete", "update"
+]
 CSRF_DEFENSE_MIN_SIGNALS = getattr(settings, "CSRF_DEFENSE_MIN_SIGNALS", 1)
-# Opción para excluir rutas de API que manejan JSON (cambia según tu proyecto)
 CSRF_DEFENSE_EXCLUDED_API_PREFIXES = getattr(settings, "CSRF_DEFENSE_EXCLUDED_API_PREFIXES", ["/api/"])
 def get_client_ip(request):
     x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
     if x_forwarded_for:
-        # toma la primera IP real
         ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
         if ips:
             return ips[0]
@@ -63,25 +64,22 @@ def origin_matches_host(request) -> bool:
     referer = request.META.get("HTTP_REFERER", "")
     origin_host = host_from_header(origin)
     referer_host = host_from_header(referer)
-    # bloquear obvious javascript: referers
+    # Bloquear obvious javascript: referers
     if any(re.search(r"(javascript:|<script|data:text/html)", h or "", re.I) for h in [origin, referer]):
         return False
     if origin_host and origin_host == host:
         return True
     if referer_host and referer_host == host:
         return True
-    # si no hay origin ni referer, lo consideramos neutral (no marcar)
     if not origin and not referer:
         return True
     return False
 def has_csrf_token(request) -> bool:
-    # busca header, cookie o campo form
     for h in CSRF_HEADER_NAMES:
         if request.META.get(h):
             return True
-    cookie_val = request.COOKIES.get(CSRF_COOKIE_NAME)
-    if cookie_val:
+    if request.COOKIES.get(CSRF_COOKIE_NAME):
         return True
     try:
         if request.method == "POST" and hasattr(request, "POST"):
@@ -106,12 +104,25 @@ def extract_payload_text(request) -> str:
     parts.append(request.META.get("HTTP_REFERER", ""))
     return " ".join([p for p in parts if p])
+def extract_parameters(request) -> List[str]:
+    params = []
+    if hasattr(request, "POST"):
+        params.extend(request.POST.keys())
+    if hasattr(request, "GET"):
+        params.extend(request.GET.keys())
+    try:
+        if request.body and "application/json" in (request.META.get("CONTENT_TYPE") or ""):
+            data = json.loads(request.body)
+            params.extend(data.keys())
+    except Exception:
+        pass
+    return params
 class CSRFDefenseMiddleware(MiddlewareMixin):
     def process_request(self, request):
-        # 1) Excluir APIs JSON si se configuró así
+        # Excluir APIs JSON si se configuró así
         for prefix in CSRF_DEFENSE_EXCLUDED_API_PREFIXES:
             if request.path.startswith(prefix):
-                # debug log opcional
                 logger.debug(f"[CSRFDefense] Skip analysis for API prefix {prefix} path {request.path}")
                 return None
@@ -130,6 +141,7 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
         descripcion: List[str] = []
         payload = extract_payload_text(request)
+        params = extract_parameters(request)
         # 1) Falta token CSRF
         if not has_csrf_token(request):
@@ -139,24 +151,33 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
         if not origin_matches_host(request):
             descripcion.append("Origin/Referer no coinciden con Host (posible cross-site)")
-        # 3) Content-Type sospechoso (solo marcaremos si coincide uno de los patterns)
+        # 3) Content-Type sospechoso
         content_type = (request.META.get("CONTENT_TYPE") or "")
         for patt in SUSPICIOUS_CT_PATTERNS:
             if patt.search(content_type):
                 descripcion.append(f"Content-Type sospechoso: {content_type}")
                 break
-        # 4) Referer ausente y sin header CSRF
+        # 4) Referer ausente y sin token CSRF
         referer = request.META.get("HTTP_REFERER", "")
         if not referer and not any(request.META.get(h) for h in CSRF_HEADER_NAMES):
             descripcion.append("Referer ausente y sin X-CSRFToken")
-        # Si señales >= umbral entonces marcamos para auditoría
+        # 5) Parámetros sensibles en GET/JSON
+        for p in params:
+            if p.lower() in SENSITIVE_PARAMS and method == "GET":
+                descripcion.append(f"Parámetro sensible '{p}' enviado en GET (posible CSRF)")
+        # 6) JSON sospechoso desde dominio externo
+        if "application/json" in content_type:
+            origin = request.META.get("HTTP_ORIGIN") or ""
+            if origin and host_from_header(origin) != (request.META.get("HTTP_HOST") or "").split(":")[0]:
+                descripcion.append("JSON POST desde origen externo (posible CSRF)")
+        # Señales >= umbral => marcar
         if descripcion and len(descripcion) >= CSRF_DEFENSE_MIN_SIGNALS:
             w_csrf = getattr(settings, "CSRF_DEFENSE_WEIGHT", 0.2)
-            intentos_csrf = len(descripcion)
-            s_csrf = w_csrf * intentos_csrf
+            s_csrf = w_csrf * len(descripcion)
             request.csrf_attack_info = {
                 "ip": client_ip,
                 "tipos": ["CSRF"],
@@ -164,40 +185,22 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
                 "payload": payload,
                 "score": s_csrf,
             }
             logger.warning(
                 "CSRF detectado desde IP %s: %s ; path=%s ; Content-Type=%s ; score=%.2f",
                 client_ip, descripcion, request.path, content_type, s_csrf
             )
         else:
-            # debug útil: saber por qué NO se marcó
             if descripcion:
                 logger.debug(f"[CSRFDefense] low-signals ({len(descripcion)}) not marking: {descripcion}")
         return None
 """
-CSRF Defense Middleware
-========================
-Detecta y registra posibles ataques CSRF (Cross-Site Request Forgery).
-Algoritmos relacionados:
-    * Uso de secreto aleatorio criptográfico (generar_token_csrf).
-    * Validación simple por comparación (validar_token_csrf).
-    * Integración con detección XSS/SQL Injection mediante registro unificado.
-Fórmula de amenaza:
-    S_csrf = w_csrf * intentos_csrf
-    S_csrf = 0.2 * 1
-"""
-"""
-Algoritmos relacionados:
-    *Uso de secreto aleatorio criptográfico.
-    *Opcionalmente derivación con PBKDF2 / Argon2 para reforzar token.
-Contribución a fórmula de amenaza S:
-S_csrf = w_csrf * intentos_csrf
-S_csrf = 0.2 * 1
-donde w_csrf es peso asignado a CSRF y intentos_csrf es la cantidad de intentos detectados.
+CSRF Defense Middleware - Reforzado
+===================================
+- Detecta múltiples categorías de CSRF: clásico, login, logout, password change, file/action, JSON API.
+- Escanea payloads POST, GET y JSON.
+- Detecta parámetros sensibles enviados en GET o JSON desde origen externo.
+- Scoring configurable y logging detallado.
+- Fácil integración con auditoría XSS/SQLi.
 """

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.63}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py RENAMED Viewed

@@ -10,6 +10,9 @@ import urllib.parse
 import html
 from typing import List, Tuple, Dict
+# ----------------------------
+# Configuración del logger
+# ----------------------------
 logger = logging.getLogger("sqlidefense")
 logger.setLevel(logging.INFO)
 if not logger.handlers:
@@ -18,7 +21,7 @@ if not logger.handlers:
     logger.addHandler(handler)
 # =====================================================
-# ===        PATRONES DE ATAQUE SQL DEFINIDOS       ===
+# ===        PATRONES DE ATAQUE SQL DEFINIDOS       ===
 # =====================================================
 SQL_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
     # ------------------ In‑Band / Exfiltration (muy alto) ------------------
@@ -50,7 +53,7 @@ SQL_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
     # ------------------ Metadata / Recon (alto) ------------------
     (re.compile(r"\binformation_schema\b", re.I), "INFORMATION_SCHEMA (recon meta‑datos)", 0.92),
     (re.compile(r"\b(information_schema\.tables|information_schema\.columns)\b", re.I), "INFORMATION_SCHEMA.tables/columns", 0.92),
-    (re.compile(r"\b(sys\.tables|sys\.objects|sys\.databases|pg_catalog|pg_tables|pg_user)\b", re.I), "Catalogos del sistema (MSSQL/Postgres)", 0.9),
+    (re.compile(r"\b(sys\.tables|sys\.objects|sys\.databases|pg_catalog|pg_tables|pg_user)\b", re.I), "Catálogos del sistema (MSSQL/Postgres)", 0.9),
     # ------------------ DML/DDL Destructivo (alto) ------------------
     (re.compile(r"\b(drop\s+table|truncate\s+table|drop\s+database|drop\s+schema)\b", re.I), "DROP/TRUNCATE (DDL destructivo)", 0.95),
@@ -107,27 +110,23 @@ SQL_PATTERNS: List[Tuple[re.Pattern, str, float]] = [
     (re.compile(r"\b(or)\b\s+1\s*=\s*1\b", re.I), "OR 1=1 tautology", 0.85),
 ]
 IGNORED_FIELDS = ["password", "csrfmiddlewaretoken", "token", "auth"]
+# ----------------------------
+# Obtener IP real del cliente
+# ----------------------------
 def get_client_ip(request):
-    """
-    Obtiene la IP real del cliente.
-    Primero revisa 'X-Forwarded-For', luego 'REMOTE_ADDR'.
-    """
     x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
     if x_forwarded_for:
-        # Render y otros proxies envían múltiples IPs separados por coma
         ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
         if ips:
-            return ips[0]  # la primera IP es la IP real del cliente
-    # Si no hay X-Forwarded-For, tomar REMOTE_ADDR
+            return ips[0]
     return request.META.get("REMOTE_ADDR", "")
+# ----------------------------
+# Extraer payload de la solicitud
+# ----------------------------
 def extract_payload(request):
-    """Extrae datos útiles de la solicitud para análisis."""
     parts = []
     try:
         if "application/json" in request.META.get("CONTENT_TYPE", ""):
@@ -146,50 +145,29 @@ def extract_payload(request):
     return " ".join(parts)
 # ----------------------------
 # Normalización / preprocesamiento
 # ----------------------------
 def normalize_input(s: str) -> str:
-    """
-    Normaliza la entrada:
-    - decode URL encoding
-    - unescape HTML entities
-    - sustituye escapes de hex (\xNN) por su literal
-    - colapsa múltiples espacios y newlines
-    - lower() opcional (NO se hace porque algunos patrones usan case-insensitive)
-    """
     if not s:
         return ""
     try:
-        # URL decode
         s_dec = urllib.parse.unquote_plus(s)
     except Exception:
         s_dec = s
     try:
-        # Unescape HTML entities
         s_dec = html.unescape(s_dec)
     except Exception:
         pass
-    # Replace \xNN sequences visually (keep raw as text; we don't convert binary)
-    s_dec = re.sub(r"\\x([0-9a-fA-F]{2})", r"\\x\1", s_dec)
-    # Collapse whitespace
+    # Reemplazo seguro de secuencias \xNN
+    s_dec = re.sub(r"\\x([0-9a-fA-F]{2})", r"\\x\g<1>", s_dec)
     s_dec = re.sub(r"\s+", " ", s_dec)
     return s_dec.strip()
 # ----------------------------
-# Detector: retorna score, matches y detalles
+# Detector SQLi
 # ----------------------------
 def detect_sql_injection(text: str) -> Dict:
-    """
-    Detecta coincidencias con SQL_PATTERNS en el texto normalizado.
-    Devuelve:
-      {
-        "score": float,
-        "matches": [("Etiqueta", "regex pattern string", weight), ...],
-        "descriptions": [ "Etiqueta", ... ],
-        "sample": excerpt (primeros 1200 chars)
-      }
-    """
     norm = normalize_input(text or "")
     score = 0.0
     matches = []
@@ -203,17 +181,10 @@ def detect_sql_injection(text: str) -> Dict:
     return {
         "score": round(score, 3),
         "matches": matches,
-        "descriptions": list(dict.fromkeys(descriptions)),  # unique
+        "descriptions": list(dict.fromkeys(descriptions)),
         "sample": norm[:1200],
     }
-# ----------------------------
-# Umbrales sugeridos
-# ----------------------------
-# - >= 1.8 : ALTA (bloquear + registrar)
-# - 1.0 - <1.8 : MEDIA (registrar, desafío/2FA, throttling)
-# - 0.5 - <1.0 : BAJA (registrar, monitorear)
-# - <0.5 : INFORMATIVO (log heurístico)
 DEFAULT_THRESHOLDS = {
     "HIGH": 1.8,
     "MEDIUM": 1.0,
@@ -221,17 +192,9 @@ DEFAULT_THRESHOLDS = {
 }
 # ----------------------------
-# Ejemplo de uso (snippet)
+# Middleware SQLi
 # ----------------------------
-# payload = extract_payload(request)  # tu función actual
-# result = detect_sql_injection(payload)
-# if result["score"] >= DEFAULT_THRESHOLDS["HIGH"]:
-#     bloquear_y_registrar()
-# else:
-#     registrar_solo()
 class SQLIDefenseMiddleware(MiddlewareMixin):
-    """Middleware de detección SQL Injection."""
     def process_request(self, request):
         client_ip = get_client_ip(request)
         trusted_ips = getattr(settings, "SQLI_DEFENSE_TRUSTED_IPS", [])
@@ -246,35 +209,35 @@ class SQLIDefenseMiddleware(MiddlewareMixin):
             return None
         payload = extract_payload(request)
-        score, descripciones = detect_sql_injection(payload)
+        result = detect_sql_injection(payload)
+        score = result["score"]
+        descripciones = result["descriptions"]
         if score == 0:
             return None
-        # Registrar ataque completo
+        # Registrar ataque
         logger.warning(
             f"[SQLiDetect] IP={client_ip} Host={host} Referer={referer} "
             f"Score={score:.2f} Desc={descripciones} Payload={payload[:500]}"
         )
-        # Guardar información del ataque en el request
+        # Guardar info en request
         request.sql_attack_info = {
             "ip": client_ip,
             "tipos": ["SQLi"],
             "descripcion": descripciones,
-            "payload": payload[:1000],  # guardar hasta 1000 caracteres
+            "payload": payload[:1000],
             "score": round(score, 2),
-            "url": request.build_absolute_uri(),  # registrar URL completa
+            "url": request.build_absolute_uri(),
         }
         return None
 # =====================================================
 # ===              INFORMACIÓN EXTRA                ===
 # =====================================================
-"""
+r"""
 Algoritmos relacionados:
     - Se recomienda almacenar logs SQLi cifrados (AES-GCM)
       para proteger evidencia de intentos maliciosos.

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.63}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.61
+Version: 0.1.63
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.63}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.61
+Version: 0.1.63
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.61 → guardianunivalle_benito_yucra-0.1.63}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.61"
+version = "0.1.63"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }