PyPI - aiwaf - Versions diffs - 0.1.9.3.1__tar.gz → 0.1.9.3.2__tar.gz - Mend

aiwaf 0.1.9.3.1tar.gz → 0.1.9.3.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aiwaf might be problematic. Click here for more details.

Files changed (42) hide show

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.3.1
+Version: 0.1.9.3.2
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -115,7 +115,6 @@ aiwaf/
 - **Enhanced Timing-Based Honeypot**
   Advanced GET→POST timing analysis with comprehensive HTTP method validation:
-  - POST directly without a preceding GET request
   - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
   - **🆕 Smart HTTP Method Validation** - Comprehensive protection against method misuse:
     - Blocks GET requests to POST-only views (form endpoints, API creates)

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/README.md RENAMED Viewed

@@ -92,7 +92,6 @@ aiwaf/
 - **Enhanced Timing-Based Honeypot**
   Advanced GET→POST timing analysis with comprehensive HTTP method validation:
-  - POST directly without a preceding GET request
   - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
   - **🆕 Smart HTTP Method Validation** - Comprehensive protection against method misuse:
     - Blocks GET requests to POST-only views (form endpoints, API creates)

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/aiwaf/__init__.py RENAMED Viewed

@@ -1,6 +1,6 @@
 default_app_config = "aiwaf.apps.AiwafConfig"
-__version__ = "0.1.9.3.1"
+__version__ = "0.1.9.3.2"
 # Note: Middleware classes are available from aiwaf.middleware
 # Import them only when needed to avoid circular imports during Django app loading

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/aiwaf/middleware.py RENAMED Viewed

@@ -786,22 +786,10 @@ class HoneypotTimingMiddleware(MiddlewareMixin):
                             "message": f"POST not allowed for {request.path}"
                         }, status=405)  # Method Not Allowed
-            # Check if there was a preceding GET request
+            # Check if there was a preceding GET request for timing validation
             get_time = cache.get(f"honeypot_get:{ip}")
-            if get_time is None:
-                # No GET request - likely bot posting directly
-                # But be more lenient for login paths since users might bookmark them
-                if not any(request.path.lower().startswith(login_path) for login_path in [
-                    "/admin/login/", "/login/", "/accounts/login/", "/auth/login/", "/signin/"
-                ]):
-                    # Double-check exemption before blocking
-                    if not exemption_store.is_exempted(ip):
-                        BlacklistManager.block(ip, "Direct POST without GET")
-                        # Check if actually blocked (exempted IPs won't be blocked)
-                        if BlacklistManager.is_blocked(ip):
-                            return JsonResponse({"error": "blocked"}, status=403)
-            else:
+            if get_time is not None:
                 # Check timing - be more lenient for login paths
                 time_diff = time.time() - get_time
                 min_time = self.MIN_FORM_TIME

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/aiwaf.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aiwaf
-Version: 0.1.9.3.1
+Version: 0.1.9.3.2
 Summary: AI-powered Web Application Firewall
 Home-page: https://github.com/aayushgauba/aiwaf
 Author: Aayush Gauba
@@ -115,7 +115,6 @@ aiwaf/
 - **Enhanced Timing-Based Honeypot**
   Advanced GET→POST timing analysis with comprehensive HTTP method validation:
-  - POST directly without a preceding GET request
   - Submit forms faster than `AIWAF_MIN_FORM_TIME` seconds (default: 1 second)
   - **🆕 Smart HTTP Method Validation** - Comprehensive protection against method misuse:
     - Blocks GET requests to POST-only views (form endpoints, API creates)

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "aiwaf"
-version = "0.1.9.3.1"
+version = "0.1.9.3.2"
 description = "AI-powered Web Application Firewall"
 readme = "README.md"
 requires-python = ">=3.8"

{aiwaf-0.1.9.3.1 → aiwaf-0.1.9.3.2}/setup.py RENAMED Viewed

@@ -9,7 +9,7 @@ long_description = (HERE / "README.md").read_text(encoding="utf-8")
 setup(
     name="aiwaf",
-    version="0.1.9.3.1",
+    version="0.1.9.3.2",
     description="AI‑driven, self‑learning Web Application Firewall for Django",
     long_description=long_description,
     long_description_content_type="text/markdown",