aiwaf 0.1.5__py3-none-any.whl → 0.1.7__py3-none-any.whl

aiwaf/middleware.py

@@ -5,7 +5,7 @@ import re
 import os
 import numpy as np
 import joblib
-
+from django.db.models import UUIDField
 from collections import defaultdict
 from django.utils.deprecation import MiddlewareMixin
 from django.http import JsonResponse
@@ -43,25 +43,29 @@ def get_ip(request):
 class IPAndKeywordBlockMiddleware:
     def __init__(self, get_response):
         self.get_response = get_response
-        self.url_patterns = self._collect_view_paths()
+        self.safe_prefixes = self._collect_safe_prefixes()
 
-    def _collect_view_paths(self):
+    def _collect_safe_prefixes(self):
         resolver = get_resolver()
-        patterns = set()
+        prefixes = set()
 
         def extract(patterns_list, prefix=""):
             for p in patterns_list:
-                if hasattr(p, "url_patterns"):
+                if hasattr(p, "url_patterns"):  # include()
+                    full_prefix = (prefix + str(p.pattern)).strip("^/").split("/")[0]
+                    prefixes.add(full_prefix)
                     extract(p.url_patterns, prefix + str(p.pattern))
                 else:
                     pat = (prefix + str(p.pattern)).strip("^$")
-                    patterns.add(pat)
+                    path_parts = pat.strip("/").split("/")
+                    if path_parts:
+                        prefixes.add(path_parts[0])
         extract(resolver.url_patterns)
-        return patterns
+        return prefixes
 
     def __call__(self, request):
         ip = get_ip(request)
-        path = request.path.lower()
+        path = request.path.lower().lstrip("/")
         if BlacklistManager.is_blocked(ip):
             return JsonResponse({"error": "blocked"}, status=403)
         segments = [seg for seg in re.split(r"\W+", path) if len(seg) > 3]
@@ -74,8 +78,10 @@ class IPAndKeywordBlockMiddleware:
             .values_list("keyword", flat=True)[: getattr(settings, "AIWAF_DYNAMIC_TOP_N", 10)]
         )
         all_kw = set(STATIC_KW) | set(dynamic_top)
-        safe_kw = {kw for kw in all_kw if any(kw in pat for pat in self.url_patterns)}
-        suspicious_kw = all_kw - safe_kw
+        suspicious_kw = {
+            kw for kw in all_kw
+            if not any(path.startswith(prefix) for prefix in self.safe_prefixes if prefix)
+        }
         for seg in segments:
             if seg in suspicious_kw:
                 BlacklistManager.block(ip, f"Keyword block: {seg}")
@@ -120,12 +126,9 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         now = time.time()
         key = f"aiwaf:{ip}"
         data = cache.get(key, [])
-        # TODO: you may want to capture real status & response_time in process_response
         data.append((now, request.path, 0, 0.0))
         data = [d for d in data if now - d[0] < self.WINDOW]
         cache.set(key, data, timeout=self.WINDOW)
-
-        # update dynamic‐keyword counts
         for seg in re.split(r"\W+", request.path.lower()):
             if len(seg) > 3:
                 obj, _ = DynamicKeyword.objects.get_or_create(keyword=seg)
@@ -133,8 +136,6 @@ class AIAnomalyMiddleware(MiddlewareMixin):
 
         if len(data) < 5:
             return None
-
-        # pull top‐N dynamic tokens
         top_dynamic = list(
             DynamicKeyword.objects
             .order_by("-count")
@@ -177,8 +178,12 @@ class UUIDTamperMiddleware(MiddlewareMixin):
         app_label = view_func.__module__.split(".")[0]
         app_cfg   = apps.get_app_config(app_label)
         for Model in app_cfg.get_models():
-            if Model.objects.filter(pk=uid).exists():
-                return None
+            if isinstance(Model._meta.pk, UUIDField):
+                try:
+                    if Model.objects.filter(pk=uid).exists():
+                        return None
+                except (ValueError, TypeError):
+                    continue
 
         BlacklistManager.block(ip, "UUID tampering")
         return JsonResponse({"error": "blocked"}, status=403)

aiwaf/trainer.py

@@ -12,6 +12,9 @@ import joblib
 from django.conf import settings
 from django.apps import apps
 from django.db.models import F
+from django.urls import get_resolver
+
+# ─── CONFIG ────────────────────────────────────────────────────────────────
 
 LOG_PATH = settings.AIWAF_ACCESS_LOG
 MODEL_PATH = os.path.join(os.path.dirname(__file__), "resources", "model.pkl")
@@ -28,6 +31,27 @@ BlacklistEntry = apps.get_model("aiwaf", "BlacklistEntry")
 DynamicKeyword = apps.get_model("aiwaf", "DynamicKeyword")
 
 
+
+def path_exists_in_django(path):
+    from django.urls import get_resolver
+    from django.urls.resolvers import URLPattern, URLResolver
+
+    path = path.split("?")[0].lstrip("/")
+    try:
+        get_resolver().resolve(f"/{path}")
+        return True
+    except:
+        pass
+    parts = path.split("/")
+    root_resolver = get_resolver()
+    for pattern in root_resolver.url_patterns:
+        if isinstance(pattern, URLResolver):
+            prefix = pattern.pattern.describe().strip("^/")
+            if prefix and path.startswith(prefix):
+                return True
+    return False
+
+
 def _read_all_logs():
     lines = []
     if LOG_PATH and os.path.exists(LOG_PATH):
@@ -62,10 +86,11 @@ def _parse(line):
     }
 
 
+
 def train():
     raw_lines = _read_all_logs()
     if not raw_lines:
-        print(" No log lines found – check AIWAF_ACCESS_LOG setting.")
+        print("No log lines found – check AIWAF_ACCESS_LOG setting.")
         return
     parsed = []
     ip_404 = defaultdict(int)
@@ -89,6 +114,7 @@ def train():
                 blocked_404.append(ip)
     if blocked_404:
         print(f"Blocked {len(blocked_404)} IPs for 404 flood: {blocked_404}")
+
     feature_dicts = []
     for r in parsed:
         ip = r["ip"]
@@ -97,7 +123,10 @@ def train():
             if (r["timestamp"] - t).total_seconds() <= 10
         )
         total404 = ip_404[ip]
-        kw_hits = sum(k in r["path"].lower() for k in STATIC_KW)
+        is_known_path = path_exists_in_django(r["path"])
+        kw_hits = 0
+        if not is_known_path:
+            kw_hits = sum(k in r["path"].lower() for k in STATIC_KW)
         status_idx = STATUS_IDX.index(r["status"]) if r["status"] in STATUS_IDX else -1
         feature_dicts.append({
             "ip": ip,
@@ -112,7 +141,6 @@ def train():
     if not feature_dicts:
         print("⚠️ Nothing to train on – no valid log entries.")
         return
-
     df = pd.DataFrame(feature_dicts)
     feature_cols = [c for c in df.columns if c != "ip"]
     X = df[feature_cols].astype(float).values
@@ -120,8 +148,8 @@ def train():
     model.fit(X)
     os.makedirs(os.path.dirname(MODEL_PATH), exist_ok=True)
     joblib.dump(model, MODEL_PATH)
-    print(f"✅ Model trained on {len(X)} samples → {MODEL_PATH}")
-    preds = model.predict(X)  # -1 for outliers
+    print(f"Model trained on {len(X)} samples → {MODEL_PATH}")
+    preds = model.predict(X)
     anomalous_ips = set(df.loc[preds == -1, 'ip'])
     blocked_anom = []
     for ip in anomalous_ips:
@@ -132,19 +160,21 @@ def train():
         if created:
             blocked_anom.append(ip)
     if blocked_anom:
-        print(f" Blocked {len(blocked_anom)} anomalous IPs: {blocked_anom}")
-
+        print(f"🚫 Blocked {len(blocked_anom)} anomalous IPs: {blocked_anom}")
     tokens = Counter()
     for r in parsed:
-        if r["status"].startswith(("4", "5")):
+        if r["status"].startswith(("4", "5")) and not path_exists_in_django(r["path"]):
             for seg in re.split(r"\W+", r["path"].lower()):
                 if len(seg) > 3 and seg not in STATIC_KW:
                     tokens[seg] += 1
+
     top_tokens = tokens.most_common(10)
     for kw, cnt in top_tokens:
         obj, _ = DynamicKeyword.objects.get_or_create(keyword=kw)
         DynamicKeyword.objects.filter(pk=obj.pk).update(count=F("count") + cnt)
-    print(f"DynamicKeyword DB updated with top tokens: {[kw for kw, _ in top_tokens]}")
+
+    print(f" DynamicKeyword DB updated with top tokens: {[kw for kw, _ in top_tokens]}")
+
 
 
 if __name__ == "__main__":

{aiwaf-0.1.5.dist-info → aiwaf-0.1.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.5
+Version: 0.1.7
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -128,7 +128,7 @@ Add in **this** order to your `MIDDLEWARE` list:
 
 ```python
 MIDDLEWARE = [
-    "aiwaf.middleware.IPBlockMiddleware",
+    "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
     "aiwaf.middleware.HoneypotMiddleware",
@@ -180,7 +180,6 @@ python manage.py detect_and_train
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
 | HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
-
 ---
 
 ## License

{aiwaf-0.1.5.dist-info → aiwaf-0.1.7.dist-info}/RECORD

@@ -1,10 +1,10 @@
 aiwaf/__init__.py,sha256=nQFpJ1YpX48snzLjEQCf8zD2YNh8v0b_kPTrXx8uBYc,46
 aiwaf/apps.py,sha256=nCez-Ptlv2kaEk5HenA8b1pATz1VfhrHP1344gwcY1A,142
 aiwaf/blacklist_manager.py,sha256=sM6uTH7zD6MOPGb0kzqV2aFut2vxKgft_UVeRJr7klw,392
-aiwaf/middleware.py,sha256=04AbNgkwLMaYSiuEtw59A-O02tt4cqaKmP7XDNlkIG0,6359
+aiwaf/middleware.py,sha256=2sNCqDULvuASo6dlbvrGpLzwhgHtHXwgVR8u3IhvrDI,6698
 aiwaf/models.py,sha256=8au1umopgCo0lthztTTRrYRJQUM7uX8eAeXgs3z45K4,1282
 aiwaf/storage.py,sha256=bxCILzzvA1-q6nwclRE8WrfoRhe25H4VrsQDf0hl_lY,1903
-aiwaf/trainer.py,sha256=TKWJZzWTg892vdoSGWdCA0i-dKof2b29buWqJUrkr6k,4820
+aiwaf/trainer.py,sha256=IwL-BHbjGunOLX2HuGE12-W_PB0aDwbiZ62izPpfOEo,5796
 aiwaf/utils.py,sha256=RkEUWhhHy6tOk7V0UYv3cN4xhOR_7aBy9bjhwuV2cdA,1436
 aiwaf/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 aiwaf/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -12,8 +12,8 @@ aiwaf/management/commands/detect_and_train.py,sha256=-o-LZ7QZ5GeJPCekryox1DGXKMm
 aiwaf/resources/model.pkl,sha256=rCCXH38SJrnaOba2WZrU1LQVzWT34x6bTVkq20XJU-Q,1091129
 aiwaf/template_tags/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 aiwaf/template_tags/aiwaf_tags.py,sha256=1KGqeioYmgKACDUiPkykSqI7DLQ6-Ypy1k00weWj9iY,399
-aiwaf-0.1.5.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
-aiwaf-0.1.5.dist-info/METADATA,sha256=g1hwdQBSJX1JBBnBim_TFtzjVMI5Ixl0WVrPPlnQCPg,5405
-aiwaf-0.1.5.dist-info/WHEEL,sha256=CmyFI0kx5cdEMTLiONQRbGQwjIoR1aIYB7eCAQ4KPJ0,91
-aiwaf-0.1.5.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
-aiwaf-0.1.5.dist-info/RECORD,,
+aiwaf-0.1.7.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
+aiwaf-0.1.7.dist-info/METADATA,sha256=uyKj5eHph-ufrCwZWOtGWxMZD1OtQOXu_6JXz0SRB2Q,5414
+aiwaf-0.1.7.dist-info/WHEEL,sha256=pxyMxgL8-pra_rKaQ4drOZAegBVuX-G_4nRHjjgWbmo,91
+aiwaf-0.1.7.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
+aiwaf-0.1.7.dist-info/RECORD,,

{aiwaf-0.1.5.dist-info → aiwaf-0.1.7.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (78.1.0)
+Generator: setuptools (79.0.0)
 Root-Is-Purelib: true
 Tag: py3-none-any