inject-bender 0.3.0__tar.gz

inject_bender-0.3.0/.gitignore

@@ -0,0 +1,74 @@
+# Secrets & env
+.env
+*.env
+*.secret
+
+# Keys & certs
+*.key
+*.pem
+certs/
+secrets/
+
+# Databases & dumps
+*.db
+*.sqlite
+*.sql
+dump_*/
+
+# EXCEPT: Allow database schemas (needed for server rebuild)
+!database-schemas/*.sql
+
+# Logs & runtime data
+logs/
+*.log
+__pycache__/
+*.pyc
+venv/
+.venv/
+**/venv/
+**/.venv/
+
+# Configs met secrets (we gebruiken straks templates)
+config/
+brain_api/provisioning.local.json
+brain_api/provisioning.json
+
+# Landing pages (privé - niet open source)
+landing-pages/
+humotica.com/
+jtel.nl/
+
+# Social media posts (strategie - niet open source)
+SOCIAL-MEDIA-POSTS.md
+HN-POST-UNDER-4000.md
+STRATO-DEPLOY-HUMOTICA.md
+
+# Endorsement outreach (privaat contact)
+ARXIV-ENDORSEMENT-OUTREACH.md
+
+# Deployment secrets
+DEPLOYMENT-GUIDE.md
+
+# R Project files (Dirty Data Challenge)
+.Rproj.user
+.Rhistory
+.RData
+.Ruserdata
+*.zip
+.mural_tokens.json
+auth.json
+gen-lang-client*.json
+*.credentials.json
+
+# Rust build artifacts
+**/target/
+*.whl
+
+# Compiled binaries (build locally)
+jis-router/jis-router
+sentinel-rs/sentinel-rs
+
+# Build distribution
+sandbox/ai/codex/dist/
+sandbox_backup/
+did-jis-core

inject_bender-0.3.0/PKG-INFO

@@ -0,0 +1,132 @@
+Metadata-Version: 2.4
+Name: inject-bender
+Version: 0.3.0
+Summary: Security input validation with dual response modes: legal deterrence (NIS2/GDPR compliant audit trail) or comedy (hiking boots for hackers). TIBET provenance. OWASP aware.
+Project-URL: Homepage, https://humotica.com
+Project-URL: Repository, https://github.com/jaspertvdm/inject-bender
+Project-URL: Documentation, https://humotica.com/docs/inject-bender
+Project-URL: Bug Tracker, https://github.com/jaspertvdm/inject-bender/issues
+Project-URL: OWASP Top 10, https://owasp.org/www-project-top-ten/
+Project-URL: NIS2 Directive, https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
+Author-email: "J. van de Meent" <jasper@humotica.com>, "R. AI" <root_idd@humotica.nl>
+Maintainer-email: Humotica AI Lab <ai@humotica.nl>
+License: MIT
+Keywords: audit,compliance,detection,deterrence,gdpr,injection,input-validation,legal,nis2,owasp,prompt-injection,provenance,security,sql-injection,tibet,waf,xss
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
+Classifier: Topic :: Security
+Classifier: Topic :: System :: Logging
+Requires-Python: >=3.10
+Provides-Extra: ai
+Requires-Dist: httpx>=0.24.0; extra == 'ai'
+Provides-Extra: api
+Requires-Dist: fastapi>=0.100.0; extra == 'api'
+Requires-Dist: httpx>=0.24.0; extra == 'api'
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Requires-Dist: ruff>=0.1.0; extra == 'dev'
+Provides-Extra: full
+Requires-Dist: fastapi>=0.100.0; extra == 'full'
+Requires-Dist: httpx>=0.24.0; extra == 'full'
+Requires-Dist: tibet-core>=0.2.0; extra == 'full'
+Provides-Extra: tibet
+Requires-Dist: tibet-core>=0.2.0; extra == 'tibet'
+Description-Content-Type: text/markdown
+
+# inject-bender
+
+Security input validation with dual response modes: **legal deterrence** (NIS2/GDPR compliant audit trail) or **comedy** (hiking boots for hackers).
+
+Every detected attack is logged with [TIBET](https://pypi.org/project/tibet-core/) provenance tokens.
+
+## Install
+
+```bash
+pip install inject-bender
+```
+
+With TIBET audit trail:
+```bash
+pip install inject-bender[tibet]
+```
+
+With FastAPI middleware:
+```bash
+pip install inject-bender[api]
+```
+
+## Quick Start
+
+```python
+from inject_bender import InjectBender
+
+bender = InjectBender(mode="legal")  # or "comedy"
+result = bender.bend("'; DROP TABLE users; --")
+
+if result["was_attack"]:
+    print(result["formatted"])
+    print(f"Incident: {result['incident_id']}")
+```
+
+## Detection Only
+
+```python
+from inject_bender import detect
+
+is_attack, attack_type = detect("SELECT * FROM users WHERE 1=1")
+# (True, "sql_injection")
+```
+
+## Modes
+
+| Mode | Response | Use Case |
+|------|----------|----------|
+| `legal` | Law citations, NIS2 audit trail, incident reports | Production, enterprise |
+| `comedy` | Hiking boot ads (Skippie & Odin) | Development, demos, honeypots |
+| `silent` | Detect and log only | Monitoring, WAF integration |
+| `custom` | Your own response function | Any |
+
+## ASGI Middleware
+
+```python
+from fastapi import FastAPI
+from inject_bender.middleware import InjectBenderMiddleware
+
+app = FastAPI()
+app.add_middleware(InjectBenderMiddleware, mode="legal")
+```
+
+## CLI
+
+```bash
+inject-bender check "'; DROP TABLE users; --"
+inject-bender bend --mode comedy "<script>alert('xss')</script>"
+inject-bender laws
+inject-bender demo
+```
+
+## Attack Types Detected
+
+SQL Injection, XSS, Command Injection, Path Traversal, Prompt Injection, LDAP Injection, XML/XXE, Header Injection, Template Injection (SSTI).
+
+## NIS2 Compliance
+
+- Automatic incident detection and logging
+- Immutable TIBET audit trail
+- Report generation: NIS2, AP (Autoriteit Persoonsgegevens), Politie
+- 24-hour deadline tracking
+
+## Legal Mapping
+
+Dutch/EU criminal law per attack type: Sr art. 138ab (computervredebreuk), Sr art. 350a (gegevensvernieling), AVG/GDPR art. 32/33/34, EU AI Act, EU 2013/40.
+
+## License
+
+MIT — Humotica AI Lab 2025-2026

inject_bender-0.3.0/README.md

@@ -0,0 +1,90 @@
+# inject-bender
+
+Security input validation with dual response modes: **legal deterrence** (NIS2/GDPR compliant audit trail) or **comedy** (hiking boots for hackers).
+
+Every detected attack is logged with [TIBET](https://pypi.org/project/tibet-core/) provenance tokens.
+
+## Install
+
+```bash
+pip install inject-bender
+```
+
+With TIBET audit trail:
+```bash
+pip install inject-bender[tibet]
+```
+
+With FastAPI middleware:
+```bash
+pip install inject-bender[api]
+```
+
+## Quick Start
+
+```python
+from inject_bender import InjectBender
+
+bender = InjectBender(mode="legal")  # or "comedy"
+result = bender.bend("'; DROP TABLE users; --")
+
+if result["was_attack"]:
+    print(result["formatted"])
+    print(f"Incident: {result['incident_id']}")
+```
+
+## Detection Only
+
+```python
+from inject_bender import detect
+
+is_attack, attack_type = detect("SELECT * FROM users WHERE 1=1")
+# (True, "sql_injection")
+```
+
+## Modes
+
+| Mode | Response | Use Case |
+|------|----------|----------|
+| `legal` | Law citations, NIS2 audit trail, incident reports | Production, enterprise |
+| `comedy` | Hiking boot ads (Skippie & Odin) | Development, demos, honeypots |
+| `silent` | Detect and log only | Monitoring, WAF integration |
+| `custom` | Your own response function | Any |
+
+## ASGI Middleware
+
+```python
+from fastapi import FastAPI
+from inject_bender.middleware import InjectBenderMiddleware
+
+app = FastAPI()
+app.add_middleware(InjectBenderMiddleware, mode="legal")
+```
+
+## CLI
+
+```bash
+inject-bender check "'; DROP TABLE users; --"
+inject-bender bend --mode comedy "<script>alert('xss')</script>"
+inject-bender laws
+inject-bender demo
+```
+
+## Attack Types Detected
+
+SQL Injection, XSS, Command Injection, Path Traversal, Prompt Injection, LDAP Injection, XML/XXE, Header Injection, Template Injection (SSTI).
+
+## NIS2 Compliance
+
+- Automatic incident detection and logging
+- Immutable TIBET audit trail
+- Report generation: NIS2, AP (Autoriteit Persoonsgegevens), Politie
+- 24-hour deadline tracking
+
+## Legal Mapping
+
+Dutch/EU criminal law per attack type: Sr art. 138ab (computervredebreuk), Sr art. 350a (gegevensvernieling), AVG/GDPR art. 32/33/34, EU AI Act, EU 2013/40.
+
+## License
+
+MIT — Humotica AI Lab 2025-2026

inject_bender-0.3.0/pyproject.toml

@@ -0,0 +1,55 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "inject-bender"
+version = "0.3.0"
+description = "Security input validation with dual response modes: legal deterrence (NIS2/GDPR compliant audit trail) or comedy (hiking boots for hackers). TIBET provenance. OWASP aware."
+readme = "README.md"
+license = { text = "MIT" }
+requires-python = ">=3.10"
+authors = [
+    { name = "J. van de Meent", email = "jasper@humotica.com" },
+    { name = "R. AI", email = "root_idd@humotica.nl" },
+]
+maintainers = [
+    { name = "Humotica AI Lab", email = "ai@humotica.nl" },
+]
+keywords = [
+    "security", "injection", "detection", "owasp", "nis2", "gdpr",
+    "audit", "tibet", "provenance", "compliance", "waf", "input-validation",
+    "sql-injection", "xss", "prompt-injection", "legal", "deterrence",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
+    "Topic :: System :: Logging",
+]
+dependencies = []
+
+[project.optional-dependencies]
+tibet = ["tibet-core>=0.2.0"]
+api = ["fastapi>=0.100.0", "httpx>=0.24.0"]
+ai = ["httpx>=0.24.0"]
+full = ["tibet-core>=0.2.0", "fastapi>=0.100.0", "httpx>=0.24.0"]
+dev = ["pytest>=7.0", "ruff>=0.1.0"]
+
+[project.scripts]
+inject-bender = "inject_bender.cli:main"
+
+[project.urls]
+Homepage = "https://humotica.com"
+Repository = "https://github.com/jaspertvdm/inject-bender"
+Documentation = "https://humotica.com/docs/inject-bender"
+"Bug Tracker" = "https://github.com/jaspertvdm/inject-bender/issues"
+"OWASP Top 10" = "https://owasp.org/www-project-top-ten/"
+"NIS2 Directive" = "https://digital-strategy.ec.europa.eu/en/policies/nis2-directive"

inject_bender-0.3.0/src/inject_bender/__init__.py

@@ -0,0 +1,84 @@
+"""
+inject-bender — Security Input Validation with Dual Response Modes
+===================================================================
+
+Legal deterrence (NIS2/GDPR compliant) or comedy (hiking boots for hackers).
+Every attack is logged with TIBET provenance tokens.
+
+Quick start — one line::
+
+    from inject_bender import InjectBender
+
+    bender = InjectBender(mode="legal")  # or "comedy"
+    result = bender.bend("'; DROP TABLE users; --")
+
+    if result["was_attack"]:
+        print(result["formatted"])
+
+Detection only::
+
+    from inject_bender import detect
+
+    is_attack, attack_type = detect("SELECT * FROM users")
+
+ASGI middleware::
+
+    from inject_bender.middleware import InjectBenderMiddleware
+
+    app = FastAPI()
+    app.add_middleware(InjectBenderMiddleware, mode="legal")
+
+Modes:
+- **legal**: Law citations (Sr 138ab, AVG, AI Act), NIS2 incident reports,
+  court-admissible TIBET audit trail. Default mode.
+- **comedy**: Hiking boot advertisements (Skippie & Odin guardians).
+  Because nothing confuses hackers more than getting boots for their injection.
+- **silent**: Detect and log only, no response formatting.
+- **custom**: Provide your own response_fn(attack_type, input) -> dict.
+
+NIS2 Compliance:
+- Automatic incident detection and logging
+- Immutable TIBET audit trail per incident
+- Report generation: NIS2, AP (datalek), Politie (aangifte)
+- 24-hour deadline tracking
+
+Authors: J. van de Meent & R. AI (Root AI)
+License: MIT — Humotica AI Lab 2025-2026
+"""
+
+from .bender import InjectBender
+from .detector import detect, detect_all, get_attack_name
+from .legal import (
+    get_legal_info,
+    generate_legal_response,
+    format_legal_response,
+    IncidentStore,
+    generate_nis2_report,
+    generate_ap_report,
+    generate_police_report,
+    LEGAL_MAPPING,
+)
+from .comedy import get_comedy_response, format_comedy_response
+
+__version__ = "0.3.0"
+
+__all__ = [
+    # Main class
+    "InjectBender",
+    # Detection
+    "detect",
+    "detect_all",
+    "get_attack_name",
+    # Legal
+    "get_legal_info",
+    "generate_legal_response",
+    "format_legal_response",
+    "IncidentStore",
+    "generate_nis2_report",
+    "generate_ap_report",
+    "generate_police_report",
+    "LEGAL_MAPPING",
+    # Comedy
+    "get_comedy_response",
+    "format_comedy_response",
+]

inject_bender-0.3.0/src/inject_bender/bender.py

@@ -0,0 +1,200 @@
+"""
+inject_bender.bender — Core Bender Engine
+==========================================
+
+The main InjectBender class that ties detection, legal, and comedy together.
+
+Usage::
+
+    from inject_bender import InjectBender
+
+    bender = InjectBender(mode="legal")  # or "comedy"
+    result = bender.bend("'; DROP TABLE users; --")
+
+    if result["was_attack"]:
+        print(result["formatted"])
+        print(f"Incident: {result['incident_id']}")
+"""
+
+import hashlib
+from datetime import datetime
+from typing import Optional, Dict, Any
+
+from . import detector
+from . import legal
+from . import comedy
+
+
+class InjectBender:
+    """
+    Security input validation with dual response modes.
+
+    Modes:
+    - "legal": Law citations, NIS2 audit trail, court-admissible records
+    - "comedy": Hiking boot ads (Skippie & Odin)
+    - "silent": Detect only, no response formatting
+    - "custom": Use your own response_fn(attack_type, input) -> dict
+
+    All modes create an audit record. Legal mode is the default.
+    """
+
+    def __init__(
+        self,
+        mode: str = "legal",
+        response_fn=None,
+        tibet_logger=None,
+    ):
+        self.mode = mode
+        self.response_fn = response_fn
+        self.tibet_logger = tibet_logger
+        self.incidents = legal.IncidentStore()
+        self._attack_count = 0
+        self._stats: Dict[str, int] = {}
+
+    def bend(
+        self,
+        input_string: str,
+        client_ip: str = "",
+        mode: Optional[str] = None,
+    ) -> dict:
+        """
+        Analyze input and generate appropriate response.
+
+        Args:
+            input_string: The user input to check
+            client_ip: Optional client IP for incident logging
+            mode: Override instance mode for this call
+
+        Returns:
+            Dict with was_attack, attack_type, formatted response, incident_id, etc.
+        """
+        active_mode = mode or self.mode
+
+        # Detect
+        is_attack, attack_type = detector.detect(input_string)
+
+        if not is_attack:
+            return {
+                "was_attack": False,
+                "mode": active_mode,
+                "message": "Clean input - no attack detected.",
+            }
+
+        # Attack found
+        self._attack_count += 1
+        self._stats[attack_type] = self._stats.get(attack_type, 0) + 1
+
+        # Create TIBET token if available
+        token_id = self._create_tibet_token(attack_type, input_string)
+
+        # Store incident
+        incident = self.incidents.store(
+            attack_type=attack_type,
+            client_ip=client_ip,
+            token_id=token_id,
+        )
+
+        # Build response based on mode
+        if active_mode == "legal":
+            legal_resp = legal.generate_legal_response(
+                attack_type=attack_type,
+                token_id=token_id,
+                incident_id=incident["incident_id"],
+                timestamp=incident["timestamp"],
+            )
+            return {
+                "was_attack": True,
+                "mode": "legal",
+                "attack_type": attack_type,
+                "attack_name": detector.get_attack_name(attack_type),
+                "legal_response": legal_resp,
+                "formatted": legal.format_legal_response(legal_resp),
+                "tibet_token_id": token_id,
+                "incident_id": incident["incident_id"],
+            }
+
+        elif active_mode == "comedy":
+            comedy_resp = comedy.get_comedy_response(attack_type)
+            return {
+                "was_attack": True,
+                "mode": "comedy",
+                "attack_type": attack_type,
+                "attack_name": detector.get_attack_name(attack_type),
+                "comedy_response": comedy_resp,
+                "formatted": comedy.format_comedy_response(comedy_resp),
+                "tibet_token_id": token_id,
+                "incident_id": incident["incident_id"],
+            }
+
+        elif active_mode == "custom" and self.response_fn:
+            custom_resp = self.response_fn(attack_type, input_string)
+            return {
+                "was_attack": True,
+                "mode": "custom",
+                "attack_type": attack_type,
+                "attack_name": detector.get_attack_name(attack_type),
+                "custom_response": custom_resp,
+                "tibet_token_id": token_id,
+                "incident_id": incident["incident_id"],
+            }
+
+        else:
+            # silent mode
+            return {
+                "was_attack": True,
+                "mode": "silent",
+                "attack_type": attack_type,
+                "attack_name": detector.get_attack_name(attack_type),
+                "tibet_token_id": token_id,
+                "incident_id": incident["incident_id"],
+            }
+
+    def check(self, input_string: str) -> dict:
+        """Check input without generating a response. Lightweight detection only."""
+        is_attack, attack_type = detector.detect(input_string)
+        return {
+            "is_attack": is_attack,
+            "attack_type": attack_type,
+            "attack_name": detector.get_attack_name(attack_type) if attack_type else None,
+        }
+
+    def check_all(self, input_string: str) -> dict:
+        """Detect ALL attack types present in input."""
+        found = detector.detect_all(input_string)
+        return {
+            "is_attack": len(found) > 0,
+            "attack_types": found,
+            "attack_names": [detector.get_attack_name(t) for t in found],
+            "count": len(found),
+        }
+
+    def get_stats(self) -> dict:
+        """Get bending statistics."""
+        return {
+            "total_attacks_detected": self._attack_count,
+            "attack_types": dict(self._stats),
+            "incidents_stored": self.incidents.count,
+            "mode": self.mode,
+        }
+
+    def _create_tibet_token(self, attack_type: str, input_string: str) -> str:
+        """Create a TIBET token for the incident."""
+        # Try tibet-core integration
+        if self.tibet_logger:
+            try:
+                token = self.tibet_logger.create_token(
+                    token_type="security_incident",
+                    intent=f"detect_{attack_type}",
+                    reason=f"Detected {detector.get_attack_name(attack_type)}",
+                    source="inject_bender",
+                )
+                if hasattr(token, "token_id"):
+                    return token.token_id
+            except Exception:
+                pass
+
+        # Fallback: generate local token ID
+        token_id = hashlib.sha256(
+            f"{datetime.now().isoformat()}{input_string}{attack_type}".encode()
+        ).hexdigest()[:16]
+        return f"BENT_{token_id}"