PyPI - GuardianUnivalle-Benito-Yucra - Versions diffs - 0.1.62__tar.gz → 0.1.63__tar.gz - Mend

GuardianUnivalle-Benito-Yucra 0.1.62tar.gz → 0.1.63tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (25) hide show

{guardianunivalle_benito_yucra-0.1.62 → guardianunivalle_benito_yucra-0.1.63}/GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py RENAMED Viewed

@@ -1,4 +1,4 @@
-# CSRF defense (parche recomendado)
+# CSRF defense (versión reforzada)
 from __future__ import annotations
 import secrets
 import logging
@@ -21,23 +21,24 @@ CSRF_HEADER_NAMES = ("HTTP_X_CSRFTOKEN", "HTTP_X_CSRF_TOKEN")
 CSRF_COOKIE_NAME = getattr(settings, "CSRF_COOKIE_NAME", "csrftoken")
 POST_FIELD_NAME = "csrfmiddlewaretoken"
-# Nota: NO consideramos 'application/json' sospechoso aquí por defecto,
-# porque muchas APIs legítimas usan JSON.
+# Patrón de Content-Type sospechoso
 SUSPICIOUS_CT_PATTERNS = [
     re.compile(r"text/plain", re.I),
     re.compile(r"application/x-www-form-urlencoded", re.I),
     re.compile(r"multipart/form-data", re.I),
 ]
-# Umbral minimo de "señales" para marcar como ataque (configurable)
+# Parámetros sensibles típicos de CSRF
+SENSITIVE_PARAMS = [
+    "password", "csrfmiddlewaretoken", "token", "amount", "transfer", "delete", "update"
+]
 CSRF_DEFENSE_MIN_SIGNALS = getattr(settings, "CSRF_DEFENSE_MIN_SIGNALS", 1)
-# Opción para excluir rutas de API que manejan JSON (cambia según tu proyecto)
 CSRF_DEFENSE_EXCLUDED_API_PREFIXES = getattr(settings, "CSRF_DEFENSE_EXCLUDED_API_PREFIXES", ["/api/"])
 def get_client_ip(request):
     x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
     if x_forwarded_for:
-        # toma la primera IP real
         ips = [ip.strip() for ip in x_forwarded_for.split(",") if ip.strip()]
         if ips:
             return ips[0]
@@ -63,25 +64,22 @@ def origin_matches_host(request) -> bool:
     referer = request.META.get("HTTP_REFERER", "")
     origin_host = host_from_header(origin)
     referer_host = host_from_header(referer)
-    # bloquear obvious javascript: referers
+    # Bloquear obvious javascript: referers
     if any(re.search(r"(javascript:|<script|data:text/html)", h or "", re.I) for h in [origin, referer]):
         return False
     if origin_host and origin_host == host:
         return True
     if referer_host and referer_host == host:
         return True
-    # si no hay origin ni referer, lo consideramos neutral (no marcar)
     if not origin and not referer:
         return True
     return False
 def has_csrf_token(request) -> bool:
-    # busca header, cookie o campo form
     for h in CSRF_HEADER_NAMES:
         if request.META.get(h):
             return True
-    cookie_val = request.COOKIES.get(CSRF_COOKIE_NAME)
-    if cookie_val:
+    if request.COOKIES.get(CSRF_COOKIE_NAME):
         return True
     try:
         if request.method == "POST" and hasattr(request, "POST"):
@@ -106,12 +104,25 @@ def extract_payload_text(request) -> str:
     parts.append(request.META.get("HTTP_REFERER", ""))
     return " ".join([p for p in parts if p])
+def extract_parameters(request) -> List[str]:
+    params = []
+    if hasattr(request, "POST"):
+        params.extend(request.POST.keys())
+    if hasattr(request, "GET"):
+        params.extend(request.GET.keys())
+    try:
+        if request.body and "application/json" in (request.META.get("CONTENT_TYPE") or ""):
+            data = json.loads(request.body)
+            params.extend(data.keys())
+    except Exception:
+        pass
+    return params
 class CSRFDefenseMiddleware(MiddlewareMixin):
     def process_request(self, request):
-        # 1) Excluir APIs JSON si se configuró así
+        # Excluir APIs JSON si se configuró así
         for prefix in CSRF_DEFENSE_EXCLUDED_API_PREFIXES:
             if request.path.startswith(prefix):
-                # debug log opcional
                 logger.debug(f"[CSRFDefense] Skip analysis for API prefix {prefix} path {request.path}")
                 return None
@@ -130,6 +141,7 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
         descripcion: List[str] = []
         payload = extract_payload_text(request)
+        params = extract_parameters(request)
         # 1) Falta token CSRF
         if not has_csrf_token(request):
@@ -139,24 +151,33 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
         if not origin_matches_host(request):
             descripcion.append("Origin/Referer no coinciden con Host (posible cross-site)")
-        # 3) Content-Type sospechoso (solo marcaremos si coincide uno de los patterns)
+        # 3) Content-Type sospechoso
         content_type = (request.META.get("CONTENT_TYPE") or "")
         for patt in SUSPICIOUS_CT_PATTERNS:
             if patt.search(content_type):
                 descripcion.append(f"Content-Type sospechoso: {content_type}")
                 break
-        # 4) Referer ausente y sin header CSRF
+        # 4) Referer ausente y sin token CSRF
         referer = request.META.get("HTTP_REFERER", "")
         if not referer and not any(request.META.get(h) for h in CSRF_HEADER_NAMES):
             descripcion.append("Referer ausente y sin X-CSRFToken")
-        # Si señales >= umbral entonces marcamos para auditoría
+        # 5) Parámetros sensibles en GET/JSON
+        for p in params:
+            if p.lower() in SENSITIVE_PARAMS and method == "GET":
+                descripcion.append(f"Parámetro sensible '{p}' enviado en GET (posible CSRF)")
+        # 6) JSON sospechoso desde dominio externo
+        if "application/json" in content_type:
+            origin = request.META.get("HTTP_ORIGIN") or ""
+            if origin and host_from_header(origin) != (request.META.get("HTTP_HOST") or "").split(":")[0]:
+                descripcion.append("JSON POST desde origen externo (posible CSRF)")
+        # Señales >= umbral => marcar
         if descripcion and len(descripcion) >= CSRF_DEFENSE_MIN_SIGNALS:
             w_csrf = getattr(settings, "CSRF_DEFENSE_WEIGHT", 0.2)
-            intentos_csrf = len(descripcion)
-            s_csrf = w_csrf * intentos_csrf
+            s_csrf = w_csrf * len(descripcion)
             request.csrf_attack_info = {
                 "ip": client_ip,
                 "tipos": ["CSRF"],
@@ -164,40 +185,22 @@ class CSRFDefenseMiddleware(MiddlewareMixin):
                 "payload": payload,
                 "score": s_csrf,
             }
             logger.warning(
                 "CSRF detectado desde IP %s: %s ; path=%s ; Content-Type=%s ; score=%.2f",
                 client_ip, descripcion, request.path, content_type, s_csrf
             )
         else:
-            # debug útil: saber por qué NO se marcó
             if descripcion:
                 logger.debug(f"[CSRFDefense] low-signals ({len(descripcion)}) not marking: {descripcion}")
         return None
 """
-CSRF Defense Middleware
-========================
-Detecta y registra posibles ataques CSRF (Cross-Site Request Forgery).
-Algoritmos relacionados:
-    * Uso de secreto aleatorio criptográfico (generar_token_csrf).
-    * Validación simple por comparación (validar_token_csrf).
-    * Integración con detección XSS/SQL Injection mediante registro unificado.
-Fórmula de amenaza:
-    S_csrf = w_csrf * intentos_csrf
-    S_csrf = 0.2 * 1
-"""
-"""
-Algoritmos relacionados:
-    *Uso de secreto aleatorio criptográfico.
-    *Opcionalmente derivación con PBKDF2 / Argon2 para reforzar token.
-Contribución a fórmula de amenaza S:
-S_csrf = w_csrf * intentos_csrf
-S_csrf = 0.2 * 1
-donde w_csrf es peso asignado a CSRF y intentos_csrf es la cantidad de intentos detectados.
+CSRF Defense Middleware - Reforzado
+===================================
+- Detecta múltiples categorías de CSRF: clásico, login, logout, password change, file/action, JSON API.
+- Escanea payloads POST, GET y JSON.
+- Detecta parámetros sensibles enviados en GET o JSON desde origen externo.
+- Scoring configurable y logging detallado.
+- Fácil integración con auditoría XSS/SQLi.
 """

{guardianunivalle_benito_yucra-0.1.62 → guardianunivalle_benito_yucra-0.1.63}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.62
+Version: 0.1.63
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.62 → guardianunivalle_benito_yucra-0.1.63}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.62
+Version: 0.1.63
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.62 → guardianunivalle_benito_yucra-0.1.63}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.62"
+version = "0.1.63"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }