PyPI - aiwaf - Versions diffs - 0.1.0__py3-none-any.whl - Mend

aiwaf 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aiwaf might be problematic. Click here for more details.

Files changed (19) hide show

aiwaf/__init__.py +1 -0
aiwaf/apps.py +5 -0
aiwaf/blacklist_manager.py +14 -0
aiwaf/management/__init__.py +0 -0
aiwaf/management/commands/__init__.py +0 -0
aiwaf/management/commands/detect_and_train.py +10 -0
aiwaf/middleware.py +115 -0
aiwaf/models.py +28 -0
aiwaf/resources/model.pkl +0 -0
aiwaf/storage.py +61 -0
aiwaf/template_tags/__init__.py +0 -0
aiwaf/template_tags/aiwaf_tags.py +14 -0
aiwaf/trainer.py +123 -0
aiwaf/utils.py +50 -0
aiwaf-0.1.0.dist-info/METADATA +13 -0
aiwaf-0.1.0.dist-info/RECORD +19 -0
aiwaf-0.1.0.dist-info/WHEEL +5 -0
aiwaf-0.1.0.dist-info/entry_points.txt +2 -0
aiwaf-0.1.0.dist-info/top_level.txt +1 -0

aiwaf/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ default_app_config = "aiwaf.apps.AiwafConfig"

aiwaf/apps.py ADDED Viewed

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+class AiwafConfig(AppConfig):
+    name = "aiwaf"
+    verbose_name = "AI‑Driven Web Application Firewall"

aiwaf/blacklist_manager.py ADDED Viewed

@@ -0,0 +1,14 @@
+from .models import BlacklistEntry
+class BlacklistManager:
+    @staticmethod
+    def block(ip, reason):
+        BlacklistEntry.objects.get_or_create(ip_address=ip, defaults={"reason": reason})
+    @staticmethod
+    def is_blocked(ip):
+        return BlacklistEntry.objects.filter(ip_address=ip).exists()
+    @staticmethod
+    def all_blocked():
+        return BlacklistEntry.objects.all()

aiwaf/management/__init__.py ADDED Viewed

File without changes

aiwaf/management/commands/__init__.py ADDED Viewed

File without changes

aiwaf/management/commands/detect_and_train.py ADDED Viewed

@@ -0,0 +1,10 @@
+from django.core.management.base import BaseCommand
+from aiwaf.trainer import train
+class Command(BaseCommand):
+    help = "Run AI‑WAF detect & retrain"
+    def handle(self, *args, **options):
+        train()
+        self.stdout.write(self.style.SUCCESS("Done."))

aiwaf/middleware.py ADDED Viewed

@@ -0,0 +1,115 @@
+import time
+import numpy as np
+import joblib
+from collections import defaultdict
+from django.utils.deprecation import MiddlewareMixin
+from django.http import JsonResponse
+from django.conf import settings
+from django.core.cache import cache
+from django.urls import resolve
+from django.apps import apps
+from .blacklist_manager import BlacklistManager
+try:
+    MODEL_PATH = settings.AIWAF_MODEL_PATH
+except AttributeError:
+    import importlib.resources
+    MODEL_PATH = importlib.resources.files("aiwaf").joinpath("resources/model.pkl")
+MODEL = joblib.load(MODEL_PATH)
+def get_ip(request):
+    xff = request.META.get("HTTP_X_FORWARDED_FOR")
+    if xff:
+        return xff.split(",")[0].strip()
+    return request.META.get("REMOTE_ADDR", "")
+class IPBlockMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+    def __call__(self, request):
+        ip = get_ip(request)
+        if BlacklistManager.is_blocked(ip):
+            return JsonResponse({"error": "blocked"}, status=403)
+        return self.get_response(request)
+class RateLimitMiddleware:
+    WINDOW = getattr(settings, "AIWAF_RATE_WINDOW", 10)
+    MAX = getattr(settings, "AIWAF_RATE_MAX", 20)
+    FLOOD = getattr(settings, "AIWAF_RATE_FLOOD", 10)
+    def __init__(self, get_response):
+        self.get_response = get_response
+        self.logs = defaultdict(list)
+    def __call__(self, request):
+        ip = get_ip(request)
+        now = time.time()
+        recs = [t for t in self.logs[ip] if now - t < self.WINDOW]
+        recs.append(now)
+        self.logs[ip] = recs
+        if len(recs) > self.MAX:
+            return JsonResponse({"error": "too_many_requests"}, status=429)
+        if len(recs) > self.FLOOD:
+            BlacklistManager.block(ip, "Flood pattern")
+            return JsonResponse({"error": "blocked"}, status=403)
+        return self.get_response(request)
+class AIAnomalyMiddleware(MiddlewareMixin):
+    WINDOW_SECONDS = getattr(settings, "AIWAF_WINDOW_SECONDS", 60)
+    def process_request(self, request):
+        ip = get_ip(request)
+        if BlacklistManager.is_blocked(ip):
+            return JsonResponse({"error": "blocked"}, status=403)
+        now = time.time()
+        key = f"aiwaf:{ip}"
+        data = cache.get(key, [])
+        data.append((now, request.path, 0, 0.0))
+        data = [d for d in data if now - d[0] < self.WINDOW_SECONDS]
+        cache.set(key, data, timeout=self.WINDOW_SECONDS)
+        if len(data) < 5:
+            return None
+        total = len(data)
+        ratio_404 = sum(1 for (_, _, st, _) in data if st == 404) / total
+        hits = sum(
+            any(k in path.lower() for k in settings.AIWAF_MALICIOUS_KEYWORDS)
+            for (_, path, _, _) in data
+        )
+        avg_rt = np.mean([rt for (_, _, _, rt) in data]) if data else 0.0
+        intervals = [
+            data[i][0] - data[i-1][0] for i in range(1, total)
+        ]
+        avg_iv = np.mean(intervals) if intervals else 0.0
+        X = np.array([[total, ratio_404, hits, avg_rt, avg_iv]], dtype=float)
+        if MODEL.predict(X)[0] == -1:
+            BlacklistManager.block(ip, "AI anomaly")
+            return JsonResponse({"error": "blocked"}, status=403)
+        return None
+class HoneypotMiddleware(MiddlewareMixin):
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        trap = request.POST.get(settings.AIWAF_HONEYPOT_FIELD, "")
+        if trap:
+            ip = get_ip(request)
+            BlacklistManager.block(ip, "HONEYPOT triggered")
+            return JsonResponse({"error": "bot_detected"}, status=403)
+        return None
+class UUIDTamperMiddleware(MiddlewareMixin):
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        uid = view_kwargs.get("uuid")
+        if not uid:
+            return None
+        ip = get_ip(request)
+        app_label = view_kwargs.get("app_label") or view_func.__module__.split('.')[0]
+        app_config = apps.get_app_config(app_label)
+        for Model in app_config.get_models():
+            if Model.objects.filter(pk=uid).exists():
+                return None
+        BlacklistManager.block(ip, "UUID tampering")
+        return JsonResponse({"error": "blocked"}, status=403)

aiwaf/models.py ADDED Viewed

@@ -0,0 +1,28 @@
+from django.db import models
+class FeatureSample(models.Model):
+    ip          = models.GenericIPAddressField(db_index=True)
+    path_len    = models.IntegerField()
+    kw_hits     = models.IntegerField()
+    resp_time   = models.FloatField()
+    status_idx  = models.IntegerField()
+    burst_count = models.IntegerField()
+    total_404   = models.IntegerField()
+    label       = models.CharField(max_length=20, default="unlabeled")
+    created_at  = models.DateTimeField(auto_now_add=True)
+    class Meta:
+        verbose_name = "WAF Feature Sample"
+        verbose_name_plural = "WAF Feature Samples"
+        indexes = [
+            models.Index(fields=["ip"]),
+            models.Index(fields=["created_at"]),
+        ]
+class BlacklistEntry(models.Model):
+    ip_address = models.GenericIPAddressField(unique=True, db_index=True)
+    reason     = models.CharField(max_length=100)
+    created_at = models.DateTimeField(auto_now_add=True)
+    def __str__(self):
+        return f"{self.ip_address} ({self.reason})"

aiwaf/resources/model.pkl ADDED Viewed

Binary file

aiwaf/storage.py ADDED Viewed

@@ -0,0 +1,61 @@
+import os, csv, gzip, glob
+import numpy as np
+import pandas as pd
+from django.conf import settings
+from .models import FeatureSample
+DATA_FILE  = getattr(settings, "AIWAF_CSV_PATH", "access_samples.csv")
+CSV_HEADER = [
+    "ip","path_len","kw_hits","resp_time",
+    "status_idx","burst_count","total_404","label"
+]
+class CsvFeatureStore:
+    @staticmethod
+    def persist_rows(rows):
+        new_file = not os.path.exists(DATA_FILE)
+        with open(DATA_FILE, "a", newline="", encoding="utf-8") as f:
+            w = csv.writer(f)
+            if new_file:
+                w.writerow(CSV_HEADER)
+            w.writerows(rows)
+    @staticmethod
+    def load_matrix():
+        if not os.path.exists(DATA_FILE):
+            return np.empty((0,6))
+        df = pd.read_csv(
+            DATA_FILE,
+            names=CSV_HEADER,
+            skiprows=1,
+            engine="python",
+            on_bad_lines="skip"
+        )
+        feature_cols = CSV_HEADER[1:7]
+        df[feature_cols] = df[feature_cols].apply(pd.to_numeric, errors="coerce").fillna(0)
+        return df[feature_cols].to_numpy()
+class DbFeatureStore:
+    @staticmethod
+    def persist_rows(rows):
+        objs = []
+        for ip,pl,kw,rt,si,bc,t404,label in rows:
+            objs.append(FeatureSample(
+                ip=ip, path_len=pl, kw_hits=kw,
+                resp_time=rt, status_idx=si,
+                burst_count=bc, total_404=t404,
+                label=label
+            ))
+        FeatureSample.objects.bulk_create(objs, ignore_conflicts=True)
+    @staticmethod
+    def load_matrix():
+        qs = FeatureSample.objects.all().values_list(
+            "path_len","kw_hits","resp_time","status_idx","burst_count","total_404"
+        )
+        return np.array(list(qs), dtype=float)
+def get_store():
+    if getattr(settings, "AIWAF_FEATURE_STORE", "csv") == "db":
+        return DbFeatureStore
+    return CsvFeatureStore

aiwaf/template_tags/__init__.py ADDED Viewed

File without changes

aiwaf/template_tags/aiwaf_tags.py ADDED Viewed

@@ -0,0 +1,14 @@
+from django import template
+from django.utils.html import format_html
+from django.conf import settings
+register = template.Library()
+@register.simple_tag
+def honeypot_field(field_name=None):
+    name = field_name or getattr(settings, "AIWAF_HONEYPOT_FIELD", "hp_field")
+    return format_html(
+        '<input type="text" name="{}" hidden autocomplete="off" tabindex="-1" />',
+        name
+    )

aiwaf/trainer.py ADDED Viewed

@@ -0,0 +1,123 @@
+# aiwaf/trainer.py
+import os
+import glob
+import gzip
+import re
+import joblib
+from datetime import datetime
+from collections import defaultdict
+from .models import BlacklistEntry
+import pandas as pd
+from sklearn.ensemble import IsolationForest
+from django.conf import settings
+from django.apps import apps
+LOG_PATH   = settings.AIWAF_ACCESS_LOG
+MODEL_PATH = os.path.join(
+    os.path.dirname(__file__),
+    "resources",
+    "model.pkl"
+)
+MALICIOUS_KEYWORDS = [".php", "xmlrpc", "wp-", ".env", ".git", ".bak", "conflg", "shell", "filemanager"]
+STATUS_CODES       = ["200", "403", "404", "500"]
+_LOG_RX = re.compile(
+    r'(\d+\.\d+\.\d+\.\d+).*\[(.*?)\].*"(?:GET|POST) (.*?) HTTP/.*?" (\d{3}).*?"(.*?)" "(.*?)".*?response-time=(\d+\.\d+)'
+)
+BlacklistedIP = BlacklistEntry.objects.all()
+def _read_all_logs():
+    lines = []
+    if LOG_PATH and os.path.exists(LOG_PATH):
+        with open(LOG_PATH, "r", errors="ignore") as f:
+            lines += f.readlines()
+    for path in sorted(glob.glob(LOG_PATH + ".*")):
+        opener = gzip.open if path.endswith(".gz") else open
+        try:
+            with opener(path, "rt", errors="ignore") as f:
+                lines += f.readlines()
+        except OSError:
+            continue
+    return lines
+def _parse(line):
+    m = _LOG_RX.search(line)
+    if not m:
+        return None
+    ip, ts_str, path, status, ref, ua, rt = m.groups()
+    try:
+        ts = datetime.strptime(ts_str.split()[0], "%d/%b/%Y:%H:%M:%S")
+    except ValueError:
+        return None
+    return {
+        "ip": ip,
+        "timestamp": ts,
+        "path": path,
+        "status": status,
+        "ua": ua,
+        "response_time": float(rt),
+    }
+def train():
+    raw = _read_all_logs()
+    if not raw:
+        print("No log lines found – check AIWAF_ACCESS_LOG")
+        return
+    parsed = []
+    ip_404   = defaultdict(int)
+    ip_times = defaultdict(list)
+    for ln in raw:
+        rec = _parse(ln)
+        if not rec:
+            continue
+        parsed.append(rec)
+        ip_times[rec["ip"]].append(rec["timestamp"])
+        if rec["status"] == "404":
+            ip_404[rec["ip"]] += 1
+    blocked = []
+    for ip, count in ip_404.items():
+        if count >= 6:
+            obj, created = BlacklistEntry.objects.get_or_create(
+                ip_address=ip,
+                defaults={"reason": "Excessive 404s (≥6)"}
+            )
+            if created:
+                blocked.append(ip)
+    if blocked:
+        print(f"Auto‑blocked {len(blocked)} IPs for ≥6 404s: {', '.join(blocked)}")
+    rows = []
+    for r in parsed:
+        ip        = r["ip"]
+        burst     = sum(
+            1 for t in ip_times[ip]
+            if (r["timestamp"] - t).total_seconds() <= 10
+        )
+        total404  = ip_404[ip]
+        kw_hits   = sum(k in r["path"].lower() for k in MALICIOUS_KEYWORDS)
+        status_idx = STATUS_CODES.index(r["status"]) if r["status"] in STATUS_CODES else -1
+        rows.append([
+            len(r["path"]),
+            kw_hits,
+            r["response_time"],
+            status_idx,
+            burst,
+            total404
+        ])
+    if not rows:
+        print("No entries to train on!")
+        return
+    df = pd.DataFrame(
+        rows,
+        columns=[
+            "path_len", "kw_hits", "resp_time",
+            "status_idx", "burst_count", "total_404"
+        ]
+    ).fillna(0).astype(float)
+    clf = IsolationForest(contamination=0.01, random_state=42)
+    clf.fit(df.values)
+    os.makedirs(os.path.dirname(MODEL_PATH), exist_ok=True)
+    joblib.dump(clf, MODEL_PATH)
+    print(f"Model trained on {len(df)} samples and saved to {MODEL_PATH}")

aiwaf/utils.py ADDED Viewed

@@ -0,0 +1,50 @@
+import os
+import re
+import glob
+import gzip
+from datetime import datetime
+_LOG_RX = re.compile(
+    r'(\d+\.\d+\.\d+\.\d+).*\[(.*?)\].*"(GET|POST) (.*?) HTTP/.*?" (\d{3}).*?"(.*?)" "(.*?)"'
+)
+def get_ip(request):
+    xff = request.META.get("HTTP_X_FORWARDED_FOR", "")
+    if xff:
+        return xff.split(",")[0].strip()
+    return request.META.get("REMOTE_ADDR", "")
+def read_rotated_logs(base_path):
+    lines = []
+    if os.path.exists(base_path):
+        with open(base_path, "r", encoding="utf-8", errors="ignore") as f:
+            lines.extend(f.readlines())
+    for path in sorted(glob.glob(base_path + ".*")):
+        opener = gzip.open if path.endswith(".gz") else open
+        try:
+            with opener(path, "rt", encoding="utf-8", errors="ignore") as f:
+                lines.extend(f.readlines())
+        except OSError:
+            continue
+    return lines
+def parse_log_line(line):
+    m = _LOG_RX.search(line)
+    if not m:
+        return None
+    ip, ts_str, _, path, status, ref, ua = m.groups()
+    try:
+        ts = datetime.strptime(ts_str.split()[0], "%d/%b/%Y:%H:%M:%S")
+    except ValueError:
+        return None
+    rt_m = re.search(r'response-time=(\d+\.\d+)', line)
+    rt = float(rt_m.group(1)) if rt_m else 0.0
+    return {
+        "ip": ip,
+        "timestamp": ts,
+        "path": path,
+        "status": status,
+        "referer": ref,
+        "user_agent": ua,
+        "response_time": rt
+    }

aiwaf-0.1.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,13 @@
+Metadata-Version: 2.4
+Name: aiwaf
+Version: 0.1.0
+Summary: AI‑driven pluggable Web Application Firewall for Django (CSV or DB storage)
+Author: Aayush Gauba
+Requires-Dist: django>=3.0
+Requires-Dist: scikit-learn
+Requires-Dist: numpy
+Requires-Dist: pandas
+Requires-Dist: joblib
+Dynamic: author
+Dynamic: requires-dist
+Dynamic: summary

aiwaf-0.1.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,19 @@
+aiwaf/__init__.py,sha256=nQFpJ1YpX48snzLjEQCf8zD2YNh8v0b_kPTrXx8uBYc,46
+aiwaf/apps.py,sha256=nCez-Ptlv2kaEk5HenA8b1pATz1VfhrHP1344gwcY1A,142
+aiwaf/blacklist_manager.py,sha256=sM6uTH7zD6MOPGb0kzqV2aFut2vxKgft_UVeRJr7klw,392
+aiwaf/middleware.py,sha256=WHoXMtKZ_WpueSPylH4XXpKzM9-cqPDunDM0fuklzg0,4220
+aiwaf/models.py,sha256=GTojMOZ3M5pDDNmpU4o353M3w59jEclzHqJgofHzfBA,1021
+aiwaf/storage.py,sha256=bxCILzzvA1-q6nwclRE8WrfoRhe25H4VrsQDf0hl_lY,1903
+aiwaf/trainer.py,sha256=8eLrq3bOmRle4KDRWnzxnc-Gv6oo5IErqoDGO_v_qG4,3629
+aiwaf/utils.py,sha256=RkEUWhhHy6tOk7V0UYv3cN4xhOR_7aBy9bjhwuV2cdA,1436
+aiwaf/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aiwaf/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aiwaf/management/commands/detect_and_train.py,sha256=-o-LZ7QZ5GeJPCekryox1DGXKMmFEkwwrcDsiM166K0,269
+aiwaf/resources/model.pkl,sha256=rCCXH38SJrnaOba2WZrU1LQVzWT34x6bTVkq20XJU-Q,1091129
+aiwaf/template_tags/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aiwaf/template_tags/aiwaf_tags.py,sha256=1KGqeioYmgKACDUiPkykSqI7DLQ6-Ypy1k00weWj9iY,399
+aiwaf-0.1.0.dist-info/METADATA,sha256=NOtlP9C7VA-ElW3ugD0UZ_6NOqRy4fdTiZc1kl99lbE,333
+aiwaf-0.1.0.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
+aiwaf-0.1.0.dist-info/entry_points.txt,sha256=1ruNtKPkJSI3NcwM8pEsO87YjsTbO44-5cK-mD8TdMU,64
+aiwaf-0.1.0.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
+aiwaf-0.1.0.dist-info/RECORD,,

aiwaf-0.1.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (78.1.0)
+Root-Is-Purelib: true
+Tag: py3-none-any

aiwaf-0.1.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ aiwaf-detect = aiwaf.trainer:detect_and_train

aiwaf-0.1.0.dist-info/top_level.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+ aiwaf