aiwaf 0.1.9.1.0__tar.gz → 0.1.9.1.2__tar.gz

{aiwaf-0.1.9.1.0 → aiwaf-0.1.9.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.1.0
+Version: 0.1.9.1.2
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba

{aiwaf-0.1.9.1.0 → aiwaf-0.1.9.1.2}/aiwaf/__init__.py

@@ -1,6 +1,6 @@
 default_app_config = "aiwaf.apps.AiwafConfig"
 
-__version__ = "0.1.9.1.0"
+__version__ = "0.1.9.1.2"
 
 # Note: Middleware classes are available from aiwaf.middleware
 # Import them only when needed to avoid circular imports during Django app loading

{aiwaf-0.1.9.1.0 → aiwaf-0.1.9.1.2}/aiwaf/trainer.py

@@ -15,6 +15,7 @@ from django.apps import apps
 from django.db.models import F
 from .utils import is_exempt_path
 from .storage import get_blacklist_store, get_exemption_store, get_keyword_store
+from .blacklist_manager import BlacklistManager
 
 # ─────────── Configuration ───────────
 LOG_PATH   = getattr(settings, 'AIWAF_ACCESS_LOG', None)
@@ -66,7 +67,7 @@ def remove_exempt_keywords() -> None:
 def _read_all_logs() -> list[str]:
     lines = []
     
-    # First try to read from main access log
+    # First try to read from main access log files
     if LOG_PATH and os.path.exists(LOG_PATH):
         with open(LOG_PATH, "r", errors="ignore") as f:
             lines.extend(f.readlines())
@@ -78,9 +79,45 @@ def _read_all_logs() -> list[str]:
             except OSError:
                 continue
     
+    # If no log files found, fall back to RequestLog model data
+    if not lines:
+        lines = _get_logs_from_model()
+    
     return lines
 
 
+def _get_logs_from_model() -> list[str]:
+    """Get log data from RequestLog model when log files are not available"""
+    try:
+        # Import here to avoid circular imports
+        from .models import RequestLog
+        from datetime import datetime, timedelta
+        
+        # Get logs from the last 30 days
+        cutoff_date = datetime.now() - timedelta(days=30)
+        request_logs = RequestLog.objects.filter(timestamp__gte=cutoff_date).order_by('timestamp')
+        
+        log_lines = []
+        for log in request_logs:
+            # Convert RequestLog to Apache-style log format that _parse() expects
+            # Format: IP - - [timestamp] "METHOD path HTTP/1.1" status content_length "referer" "user_agent" response-time=X.X
+            timestamp_str = log.timestamp.strftime("%d/%b/%Y:%H:%M:%S %z")
+            log_line = (
+                f'{log.ip_address} - - [{timestamp_str}] '
+                f'"{log.method} {log.path} HTTP/1.1" {log.status_code} '
+                f'{log.content_length} "{log.referer}" "{log.user_agent}" '
+                f'response-time={log.response_time}\n'
+            )
+            log_lines.append(log_line)
+        
+        print(f"Loaded {len(log_lines)} log entries from RequestLog model")
+        return log_lines
+        
+    except Exception as e:
+        print(f"Warning: Could not load logs from RequestLog model: {e}")
+        return []
+
+
 def _parse(line: str) -> dict | None:
     m = _LOG_RX.search(line)
     if not m:
@@ -102,13 +139,12 @@ def _parse(line: str) -> dict | None:
 def train() -> None:
     remove_exempt_keywords()
     
-    # Remove any IPs in IPExemption from the blacklist using storage system
+    # Remove any IPs in IPExemption from the blacklist using BlacklistManager
     exemption_store = get_exemption_store()
-    blacklist_store = get_blacklist_store()
     
     exempted_ips = [entry['ip_address'] for entry in exemption_store.get_all()]
     for ip in exempted_ips:
-        blacklist_store.remove_ip(ip)
+        BlacklistManager.unblock(ip)
     
     raw_lines = _read_all_logs()
     if not raw_lines:
@@ -141,8 +177,7 @@ def train() -> None:
             
             # Don't block if majority of 404s are on login paths
             if count > login_404s:  # More non-login 404s than login 404s
-                blacklist_store = get_blacklist_store()
-                blacklist_store.add_ip(ip, f"Excessive 404s (≥6 non-login, {count}/{total_404s})")
+                BlacklistManager.block(ip, f"Excessive 404s (≥6 non-login, {count}/{total_404s})")
 
     feature_dicts = []
     for r in parsed:
@@ -239,7 +274,7 @@ def train() -> None:
                 continue
             
             # Block if it shows clear signs of malicious behavior
-            blacklist_store.add_ip(ip, f"AI anomaly + suspicious patterns (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
+            BlacklistManager.block(ip, f"AI anomaly + suspicious patterns (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
             blocked_count += 1
             print(f"   - {ip}: Blocked for suspicious behavior (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
         

{aiwaf-0.1.9.1.0 → aiwaf-0.1.9.1.2}/aiwaf.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.1.0
+Version: 0.1.9.1.2
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba

{aiwaf-0.1.9.1.0 → aiwaf-0.1.9.1.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "aiwaf"
-version = "0.1.9.1.0"
+version = "0.1.9.1.2"
 description = "AI-powered Web Application Firewall"
 readme = "README.md"
 requires-python = ">=3.8"

{aiwaf-0.1.9.1.0 → aiwaf-0.1.9.1.2}/setup.py

@@ -9,7 +9,7 @@ long_description = (HERE / "README.md").read_text(encoding="utf-8")
 
 setup(
     name="aiwaf",
-    version="0.1.9.1.0",
+    version="0.1.9.1.2",
     description="AI‑driven, self‑learning Web Application Firewall for Django",
     long_description=long_description,
     long_description_content_type="text/markdown",