fastapi-guard 0.1.0__py3-none-any.whl

config/ip2/ip2location_config.py

@@ -0,0 +1,162 @@
+import asyncio
+from datetime import datetime, timezone
+from IP2Location import IP2Location
+import logging
+import os
+import requests
+import zipfile
+
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from guard.models import SecurityConfig
+
+IP2_CONFIG_PATH = "./config/ip2/files"
+DB_FILENAME = "IP2LOCATION-LITE-DB1.IPV6.BIN"
+DOWNLOAD_URL = f"https://download.ip2location.com/lite/{DB_FILENAME}.ZIP"
+VERSION_FILE = f"{IP2_CONFIG_PATH}/ip2location_version.txt"
+
+ip2location_db = None
+
+
+def get_ip2location_database(
+    config: "SecurityConfig"
+) -> IP2Location:
+    """
+    Get the IP2Location database object.
+    """
+    global ip2location_db
+    if ip2location_db is None:
+        db_path = config.ip2location_db_path or os.path.join(
+            IP2_CONFIG_PATH, DB_FILENAME
+        )
+        try:
+            ip2location_db = IP2Location(db_path)
+        except Exception as e:
+            message = "Error loading IP2Location database"
+            reason_message = f"Reason: {str(e)}"
+            logging.error(f"{message} - {reason_message}")
+            ip2location_db = None
+    return ip2location_db
+
+
+def check_for_updates() -> bool:
+    """
+    Check if there's a new version
+    of the IP2Location database available.
+
+    Returns:
+        bool: True if an update is
+        available, False otherwise.
+    """
+    response = requests.head(DOWNLOAD_URL)
+    if response.status_code != 200:
+        message = "Failed to check for updates"
+        reason_message = f"Status code: {response.status_code}"
+        logging.error(f"{message} - {reason_message}")
+        return False
+
+    last_modified = datetime.strptime(
+        response.headers[
+            "Last-Modified"
+        ], "%a, %d %b %Y %H:%M:%S GMT"
+    ).replace(tzinfo=timezone.utc)
+
+    if os.path.exists(VERSION_FILE):
+        with open(VERSION_FILE, "r") as f:
+            current_version = datetime.fromisoformat(
+                f.read().strip()
+            ).replace(
+                tzinfo=timezone.utc
+            )
+
+        if last_modified <= current_version:
+            print("Database is up to date.")
+            return False
+
+    print("New version available. Updating...")
+    return True
+
+
+def download_ip2location_database(
+    config: "SecurityConfig"
+):
+    """
+    Download and extract the latest IP2Location
+    database if an update is available.
+    """
+    if not config.ip2location_auto_download:
+        return
+
+    if not check_for_updates():
+        return
+
+    response = requests.get(DOWNLOAD_URL)
+
+    if response.status_code == 200:
+        zip_path = os.path.join(IP2_CONFIG_PATH, f"{DB_FILENAME}.ZIP")
+        with open(zip_path, "wb") as f:
+            f.write(response.content)
+
+        with zipfile.ZipFile(zip_path, "r") as zip_ref:
+            zip_ref.extractall(IP2_CONFIG_PATH)
+
+        os.remove(zip_path)
+
+        with open(VERSION_FILE, "w") as f:
+            f.write(
+                datetime.now(
+                    timezone.utc
+                ).isoformat()
+            )
+
+        logging.info("IP2Location db downloaded successfully.")
+    else:
+        message = "Failed to download IP2Location database"
+        reason_message = f"Status code: {response.status_code}"
+        logging.error(f"{message} - {reason_message}")
+
+
+async def periodic_update_check(
+    interval_hours: int = 24
+):
+    """
+    Periodically check for updates
+    and download the new database if available.
+    """
+    while True:
+        try:
+            await asyncio.sleep(interval_hours * 3600)
+            if check_for_updates():
+                download_ip2location_database()
+
+                global ip2location_db
+                ip2location_db = None
+        except asyncio.CancelledError:
+            break
+
+
+async def start_periodic_update_check(
+    config: "SecurityConfig"
+):
+    """
+    Start the periodic update
+    check in the background.
+    """
+    if not config.ip2location_auto_update:
+        return None
+
+    task = asyncio.create_task(
+        periodic_update_check(
+            config.ip2location_update_interval
+        )
+    )
+
+    def handle_task_done(future):
+        try:
+            future.result()
+        except asyncio.CancelledError:
+            pass
+
+    task.add_done_callback(handle_task_done)
+    return task

config/sus_patterns.py

@@ -0,0 +1,261 @@
+import re
+from typing import Set, List
+
+
+class SusPatterns:
+    """
+    A singleton class that manages suspicious
+    patterns for security checks.
+
+    This class maintains two sets of patterns:
+    default patterns and custom patterns.
+    It provides methods to add, remove,
+    and retrieve patterns.
+    """
+
+    _instance = None
+
+    custom_patterns: Set[str] = set()
+
+    patterns: List[str] = [
+        # XSS
+        r"<script.*?>.*?</script.*?>",
+        r"javascript:",
+        r"onerror=",
+        r"onload=",
+        r"alert\(",
+        r"document\.cookie",
+        r"document\.write",
+        r"window\.location",
+        # SQL Injection
+        r"SELECT\s+.*\s+FROM\s+.*",
+        r"UNION\s+SELECT\s+.*",
+        r"'.*?OR.*?=.*?'",
+        r"'.*?AND.*?=.*?'",
+        r"INSERT\s+INTO\s+.*",
+        r"UPDATE\s+.*\s+SET\s+.*",
+        r"DELETE\s+FROM\s+.*",
+        r"DROP\s+TABLE\s+.*",
+        r"CREATE\s+TABLE\s+.*",
+        r"ALTER\s+TABLE\s+.*",
+        r"EXEC\s+.*",
+        r"CAST\s*\(.*\s+AS\s+.*\)",
+        r"CONVERT\s*\(.*\s+USING\s+.*\)",
+        # Directory Traversal
+        r"\.\./",
+        r"\.\.\\",
+        r"/etc/passwd",
+        r"/etc/shadow",
+        r"/etc/group",
+        r"/proc/self/environ",
+        r"/windows/win.ini",
+        r"/boot.ini",
+        # Command Injection
+        r"\b(?:ls|cat|rm|mv|cp|chmod|chown|sudo|su)\b",
+        r"\b(?:wget|curl|nc|ncat|telnet|ssh|ftp)\b",
+        r"\b(?:ping|traceroute|nslookup|dig)\b",
+        r"\b(?:ifconfig|ipconfig|netstat)\b",
+        r"\b(?:uname|whoami|id|pwd)\b",
+        # Sensitive File Access
+        r"\b(?:passwd|shadow|group)\b",
+        r"\b(?:\.env|\.git|\.svn|\.hg|\.DS_Store)\b",
+        r"\b(?:phpinfo|setup\.php|config\.php|admin\.php)\b",
+        r"\b(?:sitemap\.xml|robots\.txt|security\.txt)\b",
+        # Common Admin Paths
+        r"\b(?:solr|admin|cgi-bin|wp-admin|wp-login)\b",
+        # Common Query Parameters
+        r"\b(?:query|show|diagnostics|status|action)\b",
+        r"\b(?:format=json|wt=json)\b",
+        # HTTP Method Tampering
+        r"OPTIONS",
+        r"TRACE",
+        r"CONNECT",
+        # Path Traversal
+        r"\.\./",
+        r"\.\.\\",
+        # File Inclusion
+        r"file://",
+        r"php://",
+        r"data://",
+        r"zip://",
+        r"rar://",
+        r"expect://",
+        # LDAP Injection
+        r"\(\|\(.*?\=\*\)\)",
+        r"\(\&\(.*?\=\*\)\)",
+        # XML Injection
+        r"<!DOCTYPE\s+.*?>",
+        r"<\?xml\s+.*?>",
+        r"<!ENTITY\s+.*?>",
+        # SSRF (Server-Side Request Forgery)
+        r"http://localhost",
+        r"http://127\.0\.0\.1",
+        r"http://169\.254\.169\.254",
+        r"http://metadata\.google\.internal",
+        # Open Redirect
+        r"//",
+        r"/\.\./",
+        r"/\.\.\\",
+        # CRLF Injection
+        r"%0d%0a",
+        r"%0d",
+        r"%0a",
+        # Path Manipulation
+        r"\.\./",
+        r"\.\.\\",
+        # Shell Injection
+        r";",
+        r"&",
+        r"\|",
+        r"`",
+        r"\$\(.*?\)",
+        r"\$\{.*?\}",
+        # NoSQL Injection
+        r"\{\s*['\"]?\$.*?['\"]?\s*:\s*.*?\s*\}",
+        # JSON Injection
+        r"\{\s*\"\$.*?\"\s*:\s*.*?\s*\}",
+        # HTTP Header Injection
+        r"\r\n",
+        r"\n",
+        # File Upload
+        r"Content-Disposition: form-data; name=\".*?\"; filename=\".*?\."
+        r"(php|exe|sh|bat)\"",
+        # Other
+        r"eval\(",
+        r"base64_decode\(",
+        r"system\(",
+        r"shell_exec\(",
+        r"exec\(",
+        r"popen\(",
+        r"proc_open\(",
+    ]
+
+    def __new__(cls):
+        """
+        Ensure only one instance of SusPatterns
+        is created (singleton pattern).
+
+        Returns:
+            SusPatterns: The single instance
+            of the SusPatterns class.
+        """
+        if cls._instance is None:
+            cls._instance = super(
+                SusPatterns,
+                cls
+            ).__new__(cls)
+            cls._instance.compiled_patterns = [
+                re.compile(
+                    pattern,
+                    re.IGNORECASE
+                )
+                for pattern in cls.patterns
+            ]
+            cls._instance.compiled_custom_patterns = set()
+        return cls._instance
+
+    @classmethod
+    async def add_pattern(
+        cls,
+        pattern: str,
+        custom: bool = False
+    ) -> None:
+        """
+        Add a new pattern to either the custom or
+        default patterns list.
+
+        Args:
+            pattern (str): The pattern to be added.
+            custom (bool, optional): If True, add
+            to custom patterns; otherwise, add to
+            default patterns. Defaults to False.
+        """
+        compiled_pattern = re.compile(
+            pattern,
+            re.IGNORECASE
+        )
+        if custom:
+            cls._instance.compiled_custom_patterns.add(
+                compiled_pattern
+            )
+            cls._instance.custom_patterns.add(
+                pattern
+            )
+        else:
+            cls._instance.compiled_patterns.append(
+                compiled_pattern
+            )
+            cls._instance.patterns.append(
+                pattern
+            )
+
+    @classmethod
+    async def remove_pattern(
+        cls,
+        pattern: str,
+        custom: bool = False
+    ) -> None:
+        """
+        Remove a pattern from either the
+        custom or default patterns list.
+
+        Args:
+            pattern (str): The pattern to be removed.
+            custom (bool, optional): If True, remove
+            from custom patterns; otherwise, remove
+            from default patterns. Defaults to False.
+        """
+        compiled_pattern = re.compile(
+            pattern,
+            re.IGNORECASE
+        )
+        if custom:
+            cls._instance.compiled_custom_patterns.discard(
+                compiled_pattern
+            )
+            cls._instance.custom_patterns.discard(
+                pattern
+            )
+        else:
+            cls._instance.compiled_patterns = [
+                p
+                for p in cls._instance.compiled_patterns
+                if p.pattern != pattern
+            ]
+            cls._instance.patterns = [
+                p
+                for p in cls._instance.patterns
+                if p != pattern
+            ]
+
+    @classmethod
+    async def get_all_patterns(
+        cls
+    ) -> List[str]:
+        """
+        Retrieve all patterns, including
+        both default and custom patterns.
+
+        Returns:
+            List[str]: A list containing
+            all default and custom patterns.
+        """
+        return cls._instance.patterns + list(
+            cls._instance.custom_patterns
+        )
+
+    @classmethod
+    async def get_all_compiled_patterns(
+        cls
+    ) -> List[re.Pattern]:
+        """
+        Retrieve all compiled patterns,
+        including both default and custom patterns.
+
+        Returns:
+            List[re.Pattern]: A list containing
+            all default and custom compiled patterns.
+        """
+        return cls._instance.compiled_patterns + list(
+            cls._instance.compiled_custom_patterns
+        )

fastapi_guard-0.1.0.dist-info/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Renzo F
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.