GuardianUnivalle-Benito-Yucra 0.1.7__tar.gz → 0.1.8__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (25) hide show
  1. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py +20 -9
  2. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO +1 -1
  3. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/PKG-INFO +1 -1
  4. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/pyproject.toml +1 -1
  5. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/__init__.py +0 -0
  6. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/auditoria/registro_auditoria.py +0 -0
  7. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/criptografia/cifrado_aead.py +0 -0
  8. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/criptografia/intercambio_claves.py +0 -0
  9. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/criptografia/kdf.py +0 -0
  10. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/detectores/detector_csrf.py +0 -0
  11. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/detectores/detector_dos.py +0 -0
  12. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/detectores/detector_keylogger.py +0 -0
  13. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/detectores/detector_xss.py +0 -0
  14. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/middleware_web/middleware_web.py +0 -0
  15. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/mitigacion/limitador_peticion.py +0 -0
  16. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/mitigacion/lista_bloqueo.py +0 -0
  17. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/puntuacion/puntuacion_amenaza.py +0 -0
  18. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/utilidades.py +0 -0
  19. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra.egg-info/SOURCES.txt +0 -0
  20. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra.egg-info/dependency_links.txt +0 -0
  21. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra.egg-info/requires.txt +0 -0
  22. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra.egg-info/top_level.txt +0 -0
  23. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/LICENSE +0 -0
  24. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/README.md +0 -0
  25. {guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/setup.cfg +0 -0
{guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py RENAMED
@@ -1,10 +1,19 @@
1
1
  import re
2
2
  import json
3
3
  import time
4
+ import logging
4
5
  from typing import Tuple
5
6
  from django.http import JsonResponse
6
7
  from django.utils.deprecation import MiddlewareMixin
7
8
 
9
+ # ---------- Configuración de logging ----------
10
+ logger = logging.getLogger("sqlidefense")
11
+ logger.setLevel(logging.INFO)
12
+ handler = logging.StreamHandler() # Por consola; en producción puede ser FileHandler
13
+ formatter = logging.Formatter("%(asctime)s - %(levelname)s - %(message)s")
14
+ handler.setFormatter(formatter)
15
+ logger.addHandler(handler)
16
+
8
17
  # ---------- Patrones de ataques SQL ----------
9
18
  PATTERNS = [
10
19
  (
@@ -39,9 +48,11 @@ BLOCK_DURATION = 30 # segundos
39
48
  def extract_payload_text(request) -> str:
40
49
  """Extrae todo el contenido que podría contener inyecciones"""
41
50
  parts = []
51
+
42
52
  # Query params
43
53
  if request.META.get("QUERY_STRING"):
44
54
  parts.append(request.META.get("QUERY_STRING"))
55
+
45
56
  # Body
46
57
  try:
47
58
  content_type = request.META.get("CONTENT_TYPE", "")
@@ -52,9 +63,11 @@ def extract_payload_text(request) -> str:
52
63
  parts.append(request.body.decode("utf-8", errors="ignore"))
53
64
  except Exception:
54
65
  pass
66
+
55
67
  # Headers
56
68
  parts.append(request.META.get("HTTP_USER_AGENT", ""))
57
69
  parts.append(request.META.get("HTTP_REFERER", ""))
70
+
58
71
  return " ".join([p for p in parts if p])
59
72
 
60
73
 
@@ -71,9 +84,9 @@ def get_client_ip(request):
71
84
  """Obtiene la IP del cliente"""
72
85
  x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
73
86
  if x_forwarded_for:
74
- ip = x_forwarded_for.split(",")[0]
87
+ ip = x_forwarded_for.split(",")[0].strip()
75
88
  else:
76
- ip = request.META.get("REMOTE_ADDR")
89
+ ip = request.META.get("REMOTE_ADDR", "0.0.0.0")
77
90
  return ip
78
91
 
79
92
 
@@ -85,6 +98,7 @@ class SQLIDefenseStrongMiddleware(MiddlewareMixin):
85
98
  # Revisa si la IP está temporalmente bloqueada
86
99
  if client_ip in TEMP_BLOCK:
87
100
  if time.time() - TEMP_BLOCK[client_ip] < BLOCK_DURATION:
101
+ logger.warning(f"IP bloqueada temporalmente: {client_ip}")
88
102
  return JsonResponse(
89
103
  {
90
104
  "detail": "Acceso temporalmente bloqueado por actividad sospechosa",
@@ -103,15 +117,11 @@ class SQLIDefenseStrongMiddleware(MiddlewareMixin):
103
117
  if flagged:
104
118
  # Bloquea temporalmente la IP
105
119
  TEMP_BLOCK[client_ip] = time.time()
106
- # <-- Aquí puedes agregar la impresión o el log -->
107
- print("IP detectada:", client_ip)
108
- # O usando logging
109
- import logging
110
-
111
- logger = logging.getLogger(__name__)
120
+ # Logging profesional
112
121
  logger.warning(
113
- f"Intento de ataque detectado desde IP: {client_ip}, detalles: {matches}"
122
+ f"Intento de ataque detectado desde IP: {client_ip}, detalles: {matches}, payload: {text}"
114
123
  )
124
+
115
125
  return JsonResponse(
116
126
  {
117
127
  "detail": "Request bloqueado: posible intento de inyección SQL detectado",
@@ -119,4 +129,5 @@ class SQLIDefenseStrongMiddleware(MiddlewareMixin):
119
129
  },
120
130
  status=403,
121
131
  )
132
+
122
133
  return None
{guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: GuardianUnivalle-Benito-Yucra
3
- Version: 0.1.7
3
+ Version: 0.1.8
4
4
  Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
5
5
  Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
6
6
  License: MIT
{guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: GuardianUnivalle-Benito-Yucra
3
- Version: 0.1.7
3
+ Version: 0.1.8
4
4
  Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
5
5
  Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
6
6
  License: MIT
{guardianunivalle_benito_yucra-0.1.7 → guardianunivalle_benito_yucra-0.1.8}/pyproject.toml RENAMED
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "GuardianUnivalle-Benito-Yucra" # usar mayúsculas consistente
7
- version = "0.1.7"
7
+ version = "0.1.8"
8
8
  description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
9
9
  authors = [
10
10
  { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }