aiwaf 0.1.9.3.1__py3-none-any.whl → 0.1.9.3.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aiwaf might be problematic. Click here for more details.

Files changed (7) hide show
  1. aiwaf/__init__.py +1 -1
  2. aiwaf/middleware.py +2 -14
  3. {aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/METADATA +1 -2
  4. {aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/RECORD +7 -7
  5. {aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/WHEEL +0 -0
  6. {aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/licenses/LICENSE +0 -0
  7. {aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/top_level.txt +0 -0
aiwaf/__init__.py CHANGED
@@ -1,6 +1,6 @@
1
1
  default_app_config = "aiwaf.apps.AiwafConfig"
2
2
 
3
- __version__ = "0.1.9.3.1"
3
+ __version__ = "0.1.9.3.2"
4
4
 
5
5
  # Note: Middleware classes are available from aiwaf.middleware
6
6
  # Import them only when needed to avoid circular imports during Django app loading
aiwaf/middleware.py CHANGED
@@ -786,22 +786,10 @@ class HoneypotTimingMiddleware(MiddlewareMixin):
786
786
  "message": f"POST not allowed for {request.path}"
787
787
  }, status=405) # Method Not Allowed
788
788
 
789
- # Check if there was a preceding GET request
789
+ # Check if there was a preceding GET request for timing validation
790
790
  get_time = cache.get(f"honeypot_get:{ip}")
791
791
 
792
- if get_time is None:
793
- # No GET request - likely bot posting directly
794
- # But be more lenient for login paths since users might bookmark them
795
- if not any(request.path.lower().startswith(login_path) for login_path in [
796
- "/admin/login/", "/login/", "/accounts/login/", "/auth/login/", "/signin/"
797
- ]):
798
- # Double-check exemption before blocking
799
- if not exemption_store.is_exempted(ip):
800
- BlacklistManager.block(ip, "Direct POST without GET")
801
- # Check if actually blocked (exempted IPs won't be blocked)
802
- if BlacklistManager.is_blocked(ip):
803
- return JsonResponse({"error": "blocked"}, status=403)
804
- else:
792
+ if get_time is not None:
805
793
  # Check timing - be more lenient for login paths
806
794
  time_diff = time.time() - get_time
807
795
  min_time = self.MIN_FORM_TIME
{aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: aiwaf
3
- Version: 0.1.9.3.1
3
+ Version: 0.1.9.3.2
4
4
  Summary: AI-powered Web Application Firewall
5
5
  Home-page: https://github.com/aayushgauba/aiwaf
6
6
  Author: Aayush Gauba
@@ -115,7 +115,6 @@ aiwaf/
115
115
 
116
116
  - **Enhanced Timing-Based Honeypot**
117
117
  Advanced GET→POST timing analysis with comprehensive HTTP method validation:
118
- - POST directly without a preceding GET request
119
118
  - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
120
119
  - **🆕 Smart HTTP Method Validation** - Comprehensive protection against method misuse:
121
120
  - Blocks GET requests to POST-only views (form endpoints, API creates)
{aiwaf-0.1.9.3.1.dist-info → aiwaf-0.1.9.3.2.dist-info}/RECORD RENAMED
@@ -1,8 +1,8 @@
1
- aiwaf/__init__.py,sha256=VlFbI8uqJmi1V0hsKasasV1BFglekVX0R5jvEOwXGzE,220
1
+ aiwaf/__init__.py,sha256=fq7wKNHdppvinnY5O4ZO5Tuh4nMAb55g0UzRWT5OMDY,220
2
2
  aiwaf/apps.py,sha256=nCez-Ptlv2kaEk5HenA8b1pATz1VfhrHP1344gwcY1A,142
3
3
  aiwaf/blacklist_manager.py,sha256=LYCeKFB-7e_C6Bg2WeFJWFIIQlrfRMPuGp30ivrnhQY,1196
4
4
  aiwaf/decorators.py,sha256=IUKOdM_gdroffImRZep1g1wT6gNqD10zGwcp28hsJCs,825
5
- aiwaf/middleware.py,sha256=BnVdA4g2YTDo5g_H1Q8EE-ctVR4JF_yV3PaLHMgYZ-E,40804
5
+ aiwaf/middleware.py,sha256=yvnJyMCBPoWZX4MMi5q6bg77HnJyusRPxEyKPb5sRDE,40032
6
6
  aiwaf/middleware_logger.py,sha256=LWZVDAnjh6CGESirA8eMbhGgJKB7lVDGRQqVroH95Lo,4742
7
7
  aiwaf/models.py,sha256=vQxgY19BDVMjoO903UNrTZC1pNoLltMU6wbyWPoAEns,2719
8
8
  aiwaf/storage.py,sha256=pUXE3bm7aRrABh_B6jTOBUQOYK67oQmHaR9EqyOasis,14038
@@ -29,8 +29,8 @@ aiwaf/management/commands/test_exemption_fix.py,sha256=ngyGaHUCmQQ6y--6j4q1viZJt
29
29
  aiwaf/resources/model.pkl,sha256=5t6h9BX8yoh2xct85MXOO60jdlWyg1APskUOW0jZE1Y,1288265
30
30
  aiwaf/templatetags/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
31
31
  aiwaf/templatetags/aiwaf_tags.py,sha256=XXfb7Tl4DjU3Sc40GbqdaqOEtKTUKELBEk58u83wBNw,357
32
- aiwaf-0.1.9.3.1.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
33
- aiwaf-0.1.9.3.1.dist-info/METADATA,sha256=TQO1y9t5sRQY7zBNyJc6dvTfJ1JXC1vBTf1RjH8O8m0,29037
34
- aiwaf-0.1.9.3.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
35
- aiwaf-0.1.9.3.1.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
36
- aiwaf-0.1.9.3.1.dist-info/RECORD,,
32
+ aiwaf-0.1.9.3.2.dist-info/licenses/LICENSE,sha256=Ir8PX4dxgAcdB0wqNPIkw84fzIIRKE75NoUil9RX0QU,1069
33
+ aiwaf-0.1.9.3.2.dist-info/METADATA,sha256=9RO4jqkSoRP3p-xZN4Zsofbwg8GEG2LlfOVMqMWhYrQ,28987
34
+ aiwaf-0.1.9.3.2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
35
+ aiwaf-0.1.9.3.2.dist-info/top_level.txt,sha256=kU6EyjobT6UPCxuWpI_BvcHDG0I2tMgKaPlWzVxe2xI,6
36
+ aiwaf-0.1.9.3.2.dist-info/RECORD,,