aiwaf 0.1.9.1.6__py3-none-any.whl → 0.1.9.1.8__py3-none-any.whl

aiwaf/__init__.py

@@ -1,6 +1,6 @@
 default_app_config = "aiwaf.apps.AiwafConfig"
 
-__version__ = "0.1.9.1.6"
+__version__ = "0.1.9.1.8"
 
 # Note: Middleware classes are available from aiwaf.middleware
 # Import them only when needed to avoid circular imports during Django app loading

aiwaf/management/commands/aiwaf_reset.py

@@ -1,5 +1,6 @@
 from django.core.management.base import BaseCommand
 from aiwaf.storage import get_blacklist_store, get_exemption_store
+import sys
 
 class Command(BaseCommand):
     help = 'Reset AI-WAF by clearing all blacklist and exemption (whitelist) entries'
@@ -26,12 +27,29 @@ class Command(BaseCommand):
         exemptions_only = options['exemptions_only']
         confirm = options['confirm']
         
-        blacklist_store = get_blacklist_store()
-        exemption_store = get_exemption_store()
+        try:
+            blacklist_store = get_blacklist_store()
+            exemption_store = get_exemption_store()
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f'Error initializing stores: {e}'))
+            return
         
-        # Count current entries
-        blacklist_count = len(blacklist_store.get_all())
-        exemption_count = len(exemption_store.get_all())
+        # Count current entries safely
+        try:
+            blacklist_entries = blacklist_store.get_all()
+            blacklist_count = len(blacklist_entries)
+        except Exception as e:
+            self.stdout.write(self.style.WARNING(f'Warning: Could not count blacklist entries: {e}'))
+            blacklist_count = 0
+            blacklist_entries = []
+        
+        try:
+            exemption_entries = exemption_store.get_all()
+            exemption_count = len(exemption_entries)
+        except Exception as e:
+            self.stdout.write(self.style.WARNING(f'Warning: Could not count exemption entries: {e}'))
+            exemption_count = 0
+            exemption_entries = []
         
         if blacklist_only and exemptions_only:
             self.stdout.write(self.style.ERROR('Cannot use both --blacklist-only and --exemptions-only flags'))
@@ -55,29 +73,47 @@ class Command(BaseCommand):
         self.stdout.write(f"AI-WAF Reset: {action}")
         
         if not confirm:
-            response = input("Are you sure you want to proceed? [y/N]: ")
-            if response.lower() not in ['y', 'yes']:
-                self.stdout.write(self.style.WARNING('Operation cancelled'))
+            try:
+                response = input("Are you sure you want to proceed? [y/N]: ")
+                if response.lower() not in ['y', 'yes']:
+                    self.stdout.write(self.style.WARNING('Operation cancelled'))
+                    return
+            except (EOFError, KeyboardInterrupt):
+                self.stdout.write(self.style.WARNING('\nOperation cancelled'))
                 return
         
         # Perform the reset
-        deleted_counts = {'blacklist': 0, 'exemptions': 0}
+        deleted_counts = {'blacklist': 0, 'exemptions': 0, 'errors': []}
         
         if clear_blacklist:
             # Clear blacklist entries
-            blacklist_entries = blacklist_store.get_all()
-            for entry in blacklist_entries:
-                blacklist_store.remove_ip(entry['ip_address'])
-            deleted_counts['blacklist'] = len(blacklist_entries)
+            try:
+                for entry in blacklist_entries:
+                    try:
+                        blacklist_store.remove_ip(entry['ip_address'])
+                        deleted_counts['blacklist'] += 1
+                    except Exception as e:
+                        deleted_counts['errors'].append(f"Error removing blacklist IP {entry.get('ip_address', 'unknown')}: {e}")
+            except Exception as e:
+                deleted_counts['errors'].append(f"Error clearing blacklist: {e}")
         
         if clear_exemptions:
             # Clear exemption entries
-            exemption_entries = exemption_store.get_all()
-            for entry in exemption_entries:
-                exemption_store.remove_ip(entry['ip_address'])
-            deleted_counts['exemptions'] = len(exemption_entries)
+            try:
+                for entry in exemption_entries:
+                    try:
+                        exemption_store.remove_ip(entry['ip_address'])
+                        deleted_counts['exemptions'] += 1
+                    except Exception as e:
+                        deleted_counts['errors'].append(f"Error removing exemption IP {entry.get('ip_address', 'unknown')}: {e}")
+            except Exception as e:
+                deleted_counts['errors'].append(f"Error clearing exemptions: {e}")
         
         # Report results
+        if deleted_counts['errors']:
+            for error in deleted_counts['errors']:
+                self.stdout.write(self.style.WARNING(f"⚠️  {error}"))
+        
         if clear_blacklist and clear_exemptions:
             self.stdout.write(
                 self.style.SUCCESS(
@@ -93,3 +129,8 @@ class Command(BaseCommand):
             self.stdout.write(
                 self.style.SUCCESS(f"✅ Exemptions cleared: Deleted {deleted_counts['exemptions']} entries")
             )
+        
+        if deleted_counts['errors']:
+            self.stdout.write(
+                self.style.WARNING(f"⚠️  Completed with {len(deleted_counts['errors'])} errors (see above)")
+            )

aiwaf/management/commands/clear_blacklist.py

@@ -0,0 +1,66 @@
+from django.core.management.base import BaseCommand
+from aiwaf.storage import get_blacklist_store
+
+class Command(BaseCommand):
+    help = 'Clear all blacklist entries (fast method)'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--confirm',
+            action='store_true',
+            help='Skip confirmation prompt'
+        )
+
+    def handle(self, *args, **options):
+        confirm = options['confirm']
+        
+        try:
+            blacklist_store = get_blacklist_store()
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f'Error initializing blacklist store: {e}'))
+            return
+        
+        # Count current entries safely
+        try:
+            blacklist_entries = blacklist_store.get_all()
+            blacklist_count = len(blacklist_entries)
+        except Exception as e:
+            self.stdout.write(self.style.WARNING(f'Warning: Could not count blacklist entries: {e}'))
+            # Try to get count using clear_all method which returns count
+            blacklist_count = "unknown number of"
+        
+        # Show what will be cleared
+        self.stdout.write(f"Clear Blacklist: Will remove {blacklist_count} blacklist entries")
+        
+        if not confirm:
+            try:
+                response = input("Are you sure you want to proceed? [y/N]: ")
+                if response.lower() not in ['y', 'yes']:
+                    self.stdout.write(self.style.WARNING('Operation cancelled'))
+                    return
+            except (EOFError, KeyboardInterrupt):
+                self.stdout.write(self.style.WARNING('\nOperation cancelled'))
+                return
+        
+        # Perform the reset using clear_all for better performance
+        try:
+            if hasattr(blacklist_store, 'clear_all'):
+                deleted_count = blacklist_store.clear_all()
+                self.stdout.write(
+                    self.style.SUCCESS(f"✅ Blacklist cleared: Deleted {deleted_count} entries")
+                )
+            else:
+                # Fallback to individual deletion
+                deleted_count = 0
+                for entry in blacklist_entries:
+                    try:
+                        blacklist_store.remove_ip(entry['ip_address'])
+                        deleted_count += 1
+                    except Exception as e:
+                        self.stdout.write(self.style.WARNING(f"⚠️  Error removing IP {entry.get('ip_address', 'unknown')}: {e}"))
+                
+                self.stdout.write(
+                    self.style.SUCCESS(f"✅ Blacklist cleared: Deleted {deleted_count} entries")
+                )
+        except Exception as e:
+            self.stdout.write(self.style.ERROR(f'Error clearing blacklist: {e}'))

aiwaf/middleware.py

@@ -17,7 +17,7 @@ from django.urls import get_resolver
 from .trainer import STATIC_KW, STATUS_IDX, path_exists_in_django
 from .blacklist_manager import BlacklistManager
 from .models import IPExemption
-from .utils import is_exempt, get_ip, is_ip_exempted
+from .utils import is_exempt, get_ip, is_ip_exempted, is_exempt_path
 from .storage import get_keyword_store
 
 MODEL_PATH = getattr(
@@ -191,10 +191,12 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         key = f"aiwaf:{ip}"
         data = cache.get(key, [])
         path_len = len(request.path)
-        if not path_exists_in_django(request.path) and not is_exempt(request):
+        
+        # Use the same scoring logic as trainer.py
+        known_path = path_exists_in_django(request.path)
+        kw_hits = 0
+        if not known_path and not is_exempt_path(request.path):
             kw_hits = sum(1 for kw in STATIC_KW if kw in request.path.lower())
-        else:
-            kw_hits = 0
 
         resp_time = now - getattr(request, "_start_time", now)
         status_code = str(response.status_code)
@@ -206,11 +208,60 @@ class AIAnomalyMiddleware(MiddlewareMixin):
         
         # Only use AI model if it's available
         if self.model is not None and self.model.predict(X)[0] == -1:
-            # BlacklistManager.block() now checks exemptions internally
-            BlacklistManager.block(ip, "AI anomaly")
-            # Check if actually blocked (exempted IPs won't be blocked)
-            if BlacklistManager.is_blocked(ip):
-                return JsonResponse({"error": "blocked"}, status=403)
+            # AI detected anomaly - but analyze patterns before blocking (like trainer.py)
+            
+            # Get recent behavior data for this IP to make intelligent blocking decision
+            recent_data = [d for d in data if now - d[0] <= 300]  # Last 5 minutes
+            
+            if recent_data:
+                # Calculate behavior metrics similar to trainer.py
+                recent_kw_hits = []
+                recent_404s = 0
+                recent_burst_counts = []
+                
+                for entry_time, entry_path, entry_status, entry_resp_time in recent_data:
+                    # Calculate keyword hits for this entry
+                    entry_known_path = path_exists_in_django(entry_path)
+                    entry_kw_hits = 0
+                    if not entry_known_path and not is_exempt_path(entry_path):
+                        entry_kw_hits = sum(1 for kw in STATIC_KW if kw in entry_path.lower())
+                    recent_kw_hits.append(entry_kw_hits)
+                    
+                    # Count 404s
+                    if entry_status == 404:
+                        recent_404s += 1
+                    
+                    # Calculate burst for this entry (requests within 10 seconds)
+                    entry_burst = sum(1 for (t, _, _, _) in recent_data if abs(entry_time - t) <= 10)
+                    recent_burst_counts.append(entry_burst)
+                
+                # Calculate averages and maximums
+                avg_kw_hits = sum(recent_kw_hits) / len(recent_kw_hits) if recent_kw_hits else 0
+                max_404s = recent_404s
+                avg_burst = sum(recent_burst_counts) / len(recent_burst_counts) if recent_burst_counts else 0
+                total_requests = len(recent_data)
+                
+                # Don't block if it looks like legitimate behavior (same thresholds as trainer.py):
+                if (
+                    avg_kw_hits < 2 and           # Not hitting many malicious keywords
+                    max_404s < 10 and            # Not excessive 404s
+                    avg_burst < 15 and           # Not excessive burst activity
+                    total_requests < 100         # Not excessive total requests
+                ):
+                    # Anomalous but looks legitimate - don't block
+                    pass
+                else:
+                    # Block if it shows clear signs of malicious behavior
+                    BlacklistManager.block(ip, f"AI anomaly + suspicious patterns (kw:{avg_kw_hits:.1f}, 404s:{max_404s}, burst:{avg_burst:.1f})")
+                    # Check if actually blocked (exempted IPs won't be blocked)
+                    if BlacklistManager.is_blocked(ip):
+                        return JsonResponse({"error": "blocked"}, status=403)
+            else:
+                # No recent data to analyze - be more conservative, only block on very suspicious current request
+                if kw_hits >= 2 or status_idx == STATUS_IDX.index("404"):
+                    BlacklistManager.block(ip, "AI anomaly + immediate suspicious behavior")
+                    if BlacklistManager.is_blocked(ip):
+                        return JsonResponse({"error": "blocked"}, status=403)
 
         data.append((now, request.path, response.status_code, resp_time))
         data = [d for d in data if now - d[0] < self.WINDOW]

aiwaf/storage.py

@@ -132,6 +132,31 @@ class ModelBlacklistStore:
         except Exception:
             return []
 
+    @staticmethod
+    def get_all():
+        """Get all blacklist entries as dictionaries"""
+        _import_models()
+        if BlacklistEntry is None:
+            return []
+        try:
+            return list(BlacklistEntry.objects.values('ip_address', 'reason', 'created_at'))
+        except Exception:
+            return []
+
+    @staticmethod
+    def clear_all():
+        """Clear all blacklist entries"""
+        _import_models()
+        if BlacklistEntry is None:
+            return 0
+        try:
+            count = BlacklistEntry.objects.count()
+            BlacklistEntry.objects.all().delete()
+            return count
+        except Exception as e:
+            print(f"Error clearing all blacklist entries: {e}")
+            return 0
+
 class ModelExemptionStore:
     @staticmethod
     def is_exempted(ip):
@@ -192,6 +217,20 @@ class ModelExemptionStore:
         except Exception:
             return []
 
+    @staticmethod
+    def clear_all():
+        """Clear all exemption entries"""
+        _import_models()
+        if IPExemption is None:
+            return 0
+        try:
+            count = IPExemption.objects.count()
+            IPExemption.objects.all().delete()
+            return count
+        except Exception as e:
+            print(f"Error clearing all exemption entries: {e}")
+            return 0
+
 class ModelKeywordStore:
     @staticmethod
     def add_keyword(keyword, count=1):

{aiwaf-0.1.9.1.6.dist-info → aiwaf-0.1.9.1.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.1.6
+Version: 0.1.9.1.8
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba

{aiwaf-0.1.9.1.6.dist-info → aiwaf-0.1.9.1.8.dist-info}/RECORD

@@ -1,11 +1,11 @@
-aiwaf/__init__.py,sha256=a8AUvwMuCDX-PCu3FtSH2GKroDDvM1zG6q6KbYyuo6k,220
+aiwaf/__init__.py,sha256=6Skp_JeKxRpqn9klnS2qAtRKuXdwAMCdNd6OVq8AKyk,220
 aiwaf/apps.py,sha256=nCez-Ptlv2kaEk5HenA8b1pATz1VfhrHP1344gwcY1A,142
 aiwaf/blacklist_manager.py,sha256=LYCeKFB-7e_C6Bg2WeFJWFIIQlrfRMPuGp30ivrnhQY,1196
 aiwaf/decorators.py,sha256=IUKOdM_gdroffImRZep1g1wT6gNqD10zGwcp28hsJCs,825
-aiwaf/middleware.py,sha256=4Ox0pUdB7rMT1Sw5XHO6-udQrfqyF9VGdkkkgLioRJ0,12470
+aiwaf/middleware.py,sha256=EMAQA_Gnz0jv4nevlognT921ZeBEro13J_DSv_mQ3Dw,15482
 aiwaf/middleware_logger.py,sha256=LWZVDAnjh6CGESirA8eMbhGgJKB7lVDGRQqVroH95Lo,4742
 aiwaf/models.py,sha256=vQxgY19BDVMjoO903UNrTZC1pNoLltMU6wbyWPoAEns,2719
-aiwaf/storage.py,sha256=HYSnis7S8ETsos_NxWkd05OoiHXMhIWQy8FcFTqO4vk,8408
+aiwaf/storage.py,sha256=UlCk-j0xtiEPlC7RFHGz811Dh-GP-Ce5ZSuKQp_GY2k,9565
 aiwaf/trainer.py,sha256=1RPjWVOdGQ3qSrjFopw8HKu7THVTMvF4nNYouij6i_A,10685
 aiwaf/utils.py,sha256=BJk5vJCYdGPl_4QQiknjhCbkzv5HZCXgFcBJDMJpHok,3390
 aiwaf/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -14,8 +14,9 @@ aiwaf/management/commands/add_exemption.py,sha256=U_ByfJw1EstAZ8DaSoRb97IGwYzXs0
 aiwaf/management/commands/add_ipexemption.py,sha256=sSf3d9hGK9RqqlBYkCrnrd8KZWGT-derSpoWnEY4H60,952
 aiwaf/management/commands/aiwaf_diagnose.py,sha256=nXFRhq66N4QC3e4scYJ2sUngJce-0yDxtBO3R2BllRM,6134
 aiwaf/management/commands/aiwaf_logging.py,sha256=FCIqULn2tii2vD9VxL7vk3PV4k4vr7kaA00KyaCExYY,7692
-aiwaf/management/commands/aiwaf_reset.py,sha256=0FIBqpZS8xgFFvAKJ-0zAC_-QNQwRkOHpXb8N-OdFr8,3740
+aiwaf/management/commands/aiwaf_reset.py,sha256=wG7EcdPqkxmjF2ivQOmZ7swuvHVJ_OVLgOEijGLvmFs,5586
 aiwaf/management/commands/check_dependencies.py,sha256=GOZl00pDwW2cJjDvIaCeB3yWxmeYcJDRTIpmOTLvy2c,37204
+aiwaf/management/commands/clear_blacklist.py,sha256=Tisedg0EVlc3E01mA3hBZQorwMzc5j1cns-oYshja0g,2770
 aiwaf/management/commands/clear_cache.py,sha256=cdnuTgxkhKLqT_6k6yTcEBlREovNRQxAE51ceXlGYMA,647
 aiwaf/management/commands/debug_csv.py,sha256=Lddqp37mIn0zdvHf4GbuNTWYyJ5h8bumDcGmFSAioi0,6801
 aiwaf/management/commands/detect_and_train.py,sha256=-o-LZ7QZ5GeJPCekryox1DGXKMmFEkwwrcDsiM166K0,269
@@ -27,8 +28,8 @@ aiwaf/management/commands/test_exemption_fix.py,sha256=ngyGaHUCmQQ6y--6j4q1viZJt
 aiwaf/resources/model.pkl,sha256=5t6h9BX8yoh2xct85MXOO60jdlWyg1APskUOW0jZE1Y,1288265
 aiwaf/templatetags/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 aiwaf/templatetags/aiwaf_tags.py,sha256=XXfb7Tl4DjU3Sc40GbqdaqOEtKTUKELBEk58u83wBNw,357
-aiwaf-0.1.9.1.6.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
-aiwaf-0.1.9.1.6.dist-info/METADATA,sha256=d9OfrFnIC8H5G1l8_hASPjqdF4Fe3nRk9I6YEBN5RnI,22145
-aiwaf-0.1.9.1.6.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-aiwaf-0.1.9.1.6.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
-aiwaf-0.1.9.1.6.dist-info/RECORD,,
+aiwaf-0.1.9.1.8.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
+aiwaf-0.1.9.1.8.dist-info/METADATA,sha256=MaHb3s4la_-tR6UZ5ht5-jbdvu6PO8mZavNYktvGVMM,22145
+aiwaf-0.1.9.1.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+aiwaf-0.1.9.1.8.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
+aiwaf-0.1.9.1.8.dist-info/RECORD,,