PyPI - GuardianUnivalle-Benito-Yucra - Versions diffs - 0.1.8__tar.gz → 0.1.9__tar.gz - Mend

GuardianUnivalle-Benito-Yucra 0.1.8tar.gz → 0.1.9tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of GuardianUnivalle-Benito-Yucra might be problematic. Click here for more details.

Files changed (25) hide show

{guardianunivalle_benito_yucra-0.1.8 → guardianunivalle_benito_yucra-0.1.9}/GuardianUnivalle_Benito_Yucra/detectores/detector_sql.py RENAMED Viewed

@@ -5,6 +5,8 @@ import logging
 from typing import Tuple
 from django.http import JsonResponse
 from django.utils.deprecation import MiddlewareMixin
+from django.conf import settings
+from django.core.signing import TimestampSigner, BadSignature, SignatureExpired
 # ---------- Configuración de logging ----------
 logger = logging.getLogger("sqlidefense")
@@ -43,6 +45,18 @@ PATTERNS = [
 TEMP_BLOCK = {}  # {ip: timestamp}
 BLOCK_DURATION = 30  # segundos
+# ---------- Configuración para bypass ----------
+BYPASS_MAX_AGE = getattr(settings, "SQLI_BYPASS_MAX_AGE", 30)  # segundos
+BYPASS_HEADER = "HTTP_X_SQLI_BYPASS"
+# --- JWT soporte (si simplejwt está instalado) ---
+try:
+    from rest_framework_simplejwt.backends import TokenBackend
+    SIMPLEJWT_AVAILABLE = True
+except Exception:
+    SIMPLEJWT_AVAILABLE = False
 # ---------- Helpers ----------
 def extract_payload_text(request) -> str:
@@ -90,6 +104,44 @@ def get_client_ip(request):
     return ip
+def is_valid_jwt(request) -> bool:
+    """Valida si la petición trae un JWT válido en Authorization: Bearer <token>"""
+    if not SIMPLEJWT_AVAILABLE:
+        return False
+    auth = request.META.get("HTTP_AUTHORIZATION", "")
+    if not auth or not auth.startswith("Bearer "):
+        return False
+    token = auth.split(" ", 1)[1].strip()
+    try:
+        tb = TokenBackend(
+            algorithm=getattr(settings, "SIMPLE_JWT", {}).get("ALGORITHM", "HS256"),
+            signing_key=getattr(settings, "SIMPLE_JWT", {}).get(
+                "SIGNING_KEY", settings.SECRET_KEY
+            ),
+        )
+        tb.decode(token, verify=True)
+        return True
+    except Exception:
+        return False
+def is_valid_signed_bypass(request) -> bool:
+    """Valida si la petición trae un token firmado válido y no expirado"""
+    signed = request.META.get(BYPASS_HEADER, "")
+    if not signed:
+        return False
+    signer = TimestampSigner(settings.SECRET_KEY)
+    try:
+        signer.unsign(signed, max_age=BYPASS_MAX_AGE)
+        return True
+    except SignatureExpired:
+        logger.info("Bypass token expirado")
+        return False
+    except BadSignature:
+        logger.info("Bypass token inválido")
+        return False
 # ---------- Middleware ----------
 class SQLIDefenseStrongMiddleware(MiddlewareMixin):
     def process_request(self, request):
@@ -109,6 +161,13 @@ class SQLIDefenseStrongMiddleware(MiddlewareMixin):
             else:
                 del TEMP_BLOCK[client_ip]
+        # --- Nuevo: bypass por JWT válido o token firmado válido ---
+        if is_valid_jwt(request):
+            return None
+        if is_valid_signed_bypass(request):
+            return None
+        # --- Detección de SQLi ---
         text = extract_payload_text(request)
         if not text:
             return None
@@ -117,11 +176,9 @@ class SQLIDefenseStrongMiddleware(MiddlewareMixin):
         if flagged:
             # Bloquea temporalmente la IP
             TEMP_BLOCK[client_ip] = time.time()
-            # Logging profesional
             logger.warning(
                 f"Intento de ataque detectado desde IP: {client_ip}, detalles: {matches}, payload: {text}"
             )
             return JsonResponse(
                 {
                     "detail": "Request bloqueado: posible intento de inyección SQL detectado",

{guardianunivalle_benito_yucra-0.1.8 → guardianunivalle_benito_yucra-0.1.9}/GuardianUnivalle_Benito_Yucra.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.8
+Version: 0.1.9
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.8 → guardianunivalle_benito_yucra-0.1.9}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GuardianUnivalle-Benito-Yucra
-Version: 0.1.8
+Version: 0.1.9
 Summary: Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask
 Author-email: Andres Benito Calle Yucra <benitoandrescalle035@gmail.com>
 License: MIT

{guardianunivalle_benito_yucra-0.1.8 → guardianunivalle_benito_yucra-0.1.9}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "GuardianUnivalle-Benito-Yucra"  # usar mayúsculas consistente
-version = "0.1.8"
+version = "0.1.9"
 description = "Middleware y detectores de seguridad (SQLi, XSS, CSRF, DoS, Keylogger) para Django/Flask"
 authors = [
     { name = "Andres Benito Calle Yucra", email = "benitoandrescalle035@gmail.com" }