aiwaf 0.1.7.8__py3-none-any.whl → 0.1.8.2__py3-none-any.whl

aiwaf/management/commands/aiwaf_reset.py

@@ -0,0 +1,84 @@
+from django.core.management.base import BaseCommand
+from aiwaf.models import BlacklistEntry, IPExemption
+
+class Command(BaseCommand):
+    help = 'Reset AI-WAF by clearing all blacklist and exemption (whitelist) entries'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--blacklist-only',
+            action='store_true',
+            help='Clear only blacklist entries, keep exemptions'
+        )
+        parser.add_argument(
+            '--exemptions-only',
+            action='store_true',
+            help='Clear only exemption entries, keep blacklist'
+        )
+        parser.add_argument(
+            '--confirm',
+            action='store_true',
+            help='Skip confirmation prompt'
+        )
+
+    def handle(self, *args, **options):
+        blacklist_only = options['blacklist_only']
+        exemptions_only = options['exemptions_only']
+        confirm = options['confirm']
+        
+        # Count current entries
+        blacklist_count = BlacklistEntry.objects.count()
+        exemption_count = IPExemption.objects.count()
+        
+        if blacklist_only and exemptions_only:
+            self.stdout.write(self.style.ERROR('Cannot use both --blacklist-only and --exemptions-only flags'))
+            return
+        
+        # Determine what to clear
+        if blacklist_only:
+            action = f"Clear {blacklist_count} blacklist entries"
+            clear_blacklist = True
+            clear_exemptions = False
+        elif exemptions_only:
+            action = f"Clear {exemption_count} exemption entries"
+            clear_blacklist = False
+            clear_exemptions = True
+        else:
+            action = f"Clear {blacklist_count} blacklist entries and {exemption_count} exemption entries"
+            clear_blacklist = True
+            clear_exemptions = True
+        
+        # Show what will be cleared
+        self.stdout.write(f"AI-WAF Reset: {action}")
+        
+        if not confirm:
+            response = input("Are you sure you want to proceed? [y/N]: ")
+            if response.lower() not in ['y', 'yes']:
+                self.stdout.write(self.style.WARNING('Operation cancelled'))
+                return
+        
+        # Perform the reset
+        deleted_counts = {'blacklist': 0, 'exemptions': 0}
+        
+        if clear_blacklist:
+            deleted_counts['blacklist'], _ = BlacklistEntry.objects.all().delete()
+        
+        if clear_exemptions:
+            deleted_counts['exemptions'], _ = IPExemption.objects.all().delete()
+        
+        # Report results
+        if clear_blacklist and clear_exemptions:
+            self.stdout.write(
+                self.style.SUCCESS(
+                    f"✅ Reset complete: Deleted {deleted_counts['blacklist']} blacklist entries "
+                    f"and {deleted_counts['exemptions']} exemption entries"
+                )
+            )
+        elif clear_blacklist:
+            self.stdout.write(
+                self.style.SUCCESS(f"✅ Blacklist cleared: Deleted {deleted_counts['blacklist']} entries")
+            )
+        elif clear_exemptions:
+            self.stdout.write(
+                self.style.SUCCESS(f"✅ Exemptions cleared: Deleted {deleted_counts['exemptions']} entries")
+            )

aiwaf/middleware.py

@@ -189,16 +189,37 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         return response
 
 
-class HoneypotMiddleware(MiddlewareMixin):
-    def process_view(self, request, view_func, view_args, view_kwargs):
+class HoneypotTimingMiddleware(MiddlewareMixin):
+    MIN_FORM_TIME = getattr(settings, "AIWAF_MIN_FORM_TIME", 1.0)  # seconds
+    
+    def process_request(self, request):
         if is_exempt_path(request.path):
             return None
-        trap = request.POST.get(getattr(settings, "AIWAF_HONEYPOT_FIELD", "hp_field"), "")
-        if trap:
-            ip = get_ip(request)
-            if not is_ip_exempted(ip):
-                BlacklistManager.block(ip, "HONEYPOT triggered")
-                return JsonResponse({"error": "bot_detected"}, status=403)
+            
+        ip = get_ip(request)
+        if is_ip_exempted(ip):
+            return None
+            
+        if request.method == "GET":
+            # Store timestamp for this IP's GET request
+            cache.set(f"honeypot_get:{ip}", time.time(), timeout=300)  # 5 min timeout
+        
+        elif request.method == "POST":
+            # Check if there was a preceding GET request
+            get_time = cache.get(f"honeypot_get:{ip}")
+            
+            if get_time is None:
+                # No GET request - likely bot posting directly
+                BlacklistManager.block(ip, "Direct POST without GET")
+                return JsonResponse({"error": "blocked"}, status=403)
+            
+            # Check timing
+            time_diff = time.time() - get_time
+            if time_diff < self.MIN_FORM_TIME:
+                # Posted too quickly - likely bot
+                BlacklistManager.block(ip, f"Form submitted too quickly ({time_diff:.2f}s)")
+                return JsonResponse({"error": "blocked"}, status=403)
+        
         return None
 
 

aiwaf/templatetags/aiwaf_tags.py

@@ -6,9 +6,8 @@ register = template.Library()
 
 @register.simple_tag
 def honeypot_field(field_name=None):
-
-    name = field_name or getattr(settings, "AIWAF_HONEYPOT_FIELD", "hp_field")
-    return format_html(
-        '<input type="text" name="{}" hidden autocomplete="off" tabindex="-1" />',
-        name
-    )
+    """
+    Legacy honeypot field - no longer needed with timing-based honeypot.
+    Returns empty string to maintain backward compatibility.
+    """
+    return ""

{aiwaf-0.1.7.8.dist-info → aiwaf-0.1.8.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.7.8
+Version: 0.1.8.2
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -77,8 +77,10 @@ aiwaf/
 - **File‑Extension Probing Detection**  
   Tracks repeated 404s on common extensions (e.g. `.php`, `.asp`) and blocks IPs.
 
-- **Honeypot Field**  
-  Hidden field for bot detection → IP blacklisted on fill.
+- **Timing-Based Honeypot**  
+  Tracks GET→POST timing patterns. Blocks IPs that:
+  - POST directly without a preceding GET request
+  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
 
 - **UUID Tampering Protection**  
   Blocks guessed or invalid UUIDs that don’t resolve to real models.
@@ -107,6 +109,24 @@ Add an IP to the exemption list using the management command:
 python manage.py add_ipexemption <ip-address> --reason "optional reason"
 ```
 
+### Resetting AI-WAF
+
+Clear all blacklist and exemption entries:
+
+```bash
+# Clear everything (with confirmation prompt)
+python manage.py aiwaf_reset
+
+# Clear everything without confirmation
+python manage.py aiwaf_reset --confirm
+
+# Clear only blacklist entries
+python manage.py aiwaf_reset --blacklist-only
+
+# Clear only exemption entries  
+python manage.py aiwaf_reset --exemptions-only
+```
+
 This will ensure the IP is never blocked by AI‑WAF. You can also manage exemptions via the Django admin interface.
 
 - **Daily Retraining**  
@@ -143,7 +163,7 @@ AIWAF_ACCESS_LOG = "/var/log/nginx/access.log"
 
 ```python
 AIWAF_MODEL_PATH         = BASE_DIR / "aiwaf" / "resources" / "model.pkl"
-AIWAF_HONEYPOT_FIELD     = "hp_field"
+AIWAF_MIN_FORM_TIME      = 1.0        # minimum seconds between GET and POST
 AIWAF_RATE_WINDOW        = 10         # seconds
 AIWAF_RATE_MAX           = 20         # max requests per window
 AIWAF_RATE_FLOOD         = 10         # flood threshold
@@ -171,7 +191,7 @@ MIDDLEWARE = [
     "aiwaf.middleware.IPAndKeywordBlockMiddleware",
     "aiwaf.middleware.RateLimitMiddleware",
     "aiwaf.middleware.AIAnomalyMiddleware",
-    "aiwaf.middleware.HoneypotMiddleware",
+    "aiwaf.middleware.HoneypotTimingMiddleware",
     "aiwaf.middleware.UUIDTamperMiddleware",
     # ... other middleware ...
 ]
@@ -179,24 +199,7 @@ MIDDLEWARE = [
 
 ---
 
-## 🕵️ Honeypot Field (in your template)
-
-```django
-{% load aiwaf_tags %}
-
-<form method="post">
-  {% csrf_token %}
-  {% honeypot_field %}
-  <!-- your real fields -->
-</form>
-```
-
-> Renders a hidden `<input name="hp_field" style="display:none">`.  
-> Any non‑empty submission → IP blacklisted.
-
----
-
-## 🔁 Running Detection & Training
+##  Running Detection & Training
 
 ```bash
 python manage.py detect_and_train
@@ -219,7 +222,7 @@ python manage.py detect_and_train
 | IPAndKeywordBlockMiddleware        | Blocks requests from known blacklisted IPs and Keywords         |
 | RateLimitMiddleware                | Enforces burst & flood thresholds                               |
 | AIAnomalyMiddleware                | ML‑driven behavior analysis + block on anomaly                  |
-| HoneypotMiddleware                 | Detects bots filling hidden inputs in forms                     |
+| HoneypotTimingMiddleware           | Detects bots via GET→POST timing analysis                       |
 | UUIDTamperMiddleware               | Blocks guessed/nonexistent UUIDs across all models in an app    |
 
 ---

{aiwaf-0.1.7.8.dist-info → aiwaf-0.1.8.2.dist-info}/RECORD

@@ -1,7 +1,7 @@
 aiwaf/__init__.py,sha256=nQFpJ1YpX48snzLjEQCf8zD2YNh8v0b_kPTrXx8uBYc,46
 aiwaf/apps.py,sha256=nCez-Ptlv2kaEk5HenA8b1pATz1VfhrHP1344gwcY1A,142
 aiwaf/blacklist_manager.py,sha256=sM6uTH7zD6MOPGb0kzqV2aFut2vxKgft_UVeRJr7klw,392
-aiwaf/middleware.py,sha256=8iMoJXGQ86HtvVbmAJa7ykZG-QRdXMIfYmD-hbF8TFg,8456
+aiwaf/middleware.py,sha256=0tmOTErZBy524O6gtKKo4liWYiovAVMgxEk91L-ngZk,9246
 aiwaf/models.py,sha256=XaG1pd_oZu3y-fw66u4wblGlWcUY9gvsTNKGD0kQk7Y,1672
 aiwaf/storage.py,sha256=bxCILzzvA1-q6nwclRE8WrfoRhe25H4VrsQDf0hl_lY,1903
 aiwaf/trainer.py,sha256=Xs_AuA7RCa1oyo5-lJYlnRYUiaq-HY2KXAviAdiGnzU,6217
@@ -9,12 +9,13 @@ aiwaf/utils.py,sha256=RkEUWhhHy6tOk7V0UYv3cN4xhOR_7aBy9bjhwuV2cdA,1436
 aiwaf/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 aiwaf/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 aiwaf/management/commands/add_ipexemption.py,sha256=LWN21_ydqSjU3_hUnkou4Ciyrk_479zLvcKdWm8hkC0,988
+aiwaf/management/commands/aiwaf_reset.py,sha256=dUTYX6Z6_X3Ft3lqF_McXE7OdKADlQFGFWvjdvFVZFI,3245
 aiwaf/management/commands/detect_and_train.py,sha256=-o-LZ7QZ5GeJPCekryox1DGXKMmFEkwwrcDsiM166K0,269
 aiwaf/resources/model.pkl,sha256=5t6h9BX8yoh2xct85MXOO60jdlWyg1APskUOW0jZE1Y,1288265
 aiwaf/templatetags/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-aiwaf/templatetags/aiwaf_tags.py,sha256=1KGqeioYmgKACDUiPkykSqI7DLQ6-Ypy1k00weWj9iY,399
-aiwaf-0.1.7.8.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
-aiwaf-0.1.7.8.dist-info/METADATA,sha256=Hthw0o3R1p6JeLo8qfHYKrVCYHB5RgD9lP1zTWlgA8s,6920
-aiwaf-0.1.7.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-aiwaf-0.1.7.8.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
-aiwaf-0.1.7.8.dist-info/RECORD,,
+aiwaf/templatetags/aiwaf_tags.py,sha256=XXfb7Tl4DjU3Sc40GbqdaqOEtKTUKELBEk58u83wBNw,357
+aiwaf-0.1.8.2.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
+aiwaf-0.1.8.2.dist-info/METADATA,sha256=Q93RjqYRrVZ9PwQCHVF2LNgM5bvY1TZxnIgnbPV29-c,7178
+aiwaf-0.1.8.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+aiwaf-0.1.8.2.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
+aiwaf-0.1.8.2.dist-info/RECORD,,