wafaHell 0.1.1__py3-none-any.whl → 0.2.0__py3-none-any.whl

wafaHell/__init__.py

@@ -1,3 +1,3 @@
 from .middleware import WafaHell
 
-# agora a classe está disponível diretamente ao importar o pacote
+__all__ = ["WafaHell"]

wafaHell/logger.py

@@ -0,0 +1,45 @@
+import logging
+
+class Logger:
+    def __init__(self, name="WAF", log_file="waf.log", level=logging.INFO):
+        # Cria logger com nome
+        self.logger = logging.getLogger(name)
+        self.logger.setLevel(level)
+
+        # Evita handlers duplicados ao reinicializar
+        if not self.logger.handlers:
+            # Handler para console
+            console_handler = logging.StreamHandler()
+            console_handler.setLevel(level)
+
+            # Handler para arquivo
+            file_handler = logging.FileHandler(log_file)
+            file_handler.setLevel(level)
+
+            # Formato
+            formatter = logging.Formatter(
+                "[%(asctime)s] [%(name)s] [%(levelname)s] %(message)s",
+                datefmt="%H:%M:%S - %d/%m/%Y"
+            )
+
+            console_handler.setFormatter(formatter)
+            file_handler.setFormatter(formatter)
+
+            # Adiciona handlers
+            self.logger.addHandler(console_handler)
+            self.logger.addHandler(file_handler)
+
+    def info(self, msg):
+        self.logger.info(msg)
+
+    def warning(self, msg):
+        self.logger.warning(msg)
+
+    def error(self, msg):
+        self.logger.error(msg)
+
+    def critical(self, msg):
+        self.logger.critical(msg)
+
+    def debug(self, msg):
+        self.logger.debug(msg)

wafaHell/middleware.py

@@ -1,14 +1,24 @@
 import re
-from flask import request, abort
+from flask import request as req, abort
 from urllib.parse import unquote
+from model import Blocked, get_session
+from logger import Logger
+from utils import is_block_expired
+from rateLimiter import RateLimiter
+from sqlalchemy.exc import OperationalError
+
+# Inicializa o RateLimiter
+limiter = RateLimiter(limit=100, window=60)
 
 class WafaHell:
-    def __init__(self, app=None, block_code=403, log_func=None, monitor_mode=False):
+    def __init__(self, app=None, block_code=403, log_func=None, monitor_mode=False, block_ip=False, rate_limit=False):
         self.app = app
         self.block_code = block_code
-        self.log_func = log_func or (lambda msg: print(f"[WAF] {msg}"))
+        self.log = log_func or Logger()
         self.monitor_mode = monitor_mode
-        # Regras básicas
+        self.block_ip = block_ip
+        self.rate_limit = rate_limit
+
         self.rules = [
             r"(\bUNION\b|\bSELECT\b|\bINSERT\b|\bDROP\b)",  
             r"' OR '1'='1",                                
@@ -20,12 +30,38 @@ class WafaHell:
             self.init_app(app)
 
     def init_app(self, app):
+        # Configura a sessão para cada requisição
+        @app.before_request
+        def create_session():
+            try:
+                req.session = get_session()  # Cria uma nova sessão usando get_session
+            except Exception as e:
+                self.log.error(f"Erro ao criar sessão para requisição: {e}")
+                abort(self.block_code)  # Retorna erro 500 se não conseguir criar a sessão
+
+        # Fecha a sessão após cada requisição
+        @app.teardown_request
+        def close_session(exc=None):
+            if hasattr(req, 'session'):
+                try:
+                    req.session.close()  # Fecha a sessão para liberar a conexão
+                except Exception as e:
+                    self.log.error(f"Erro ao fechar sessão: {e}")
+
         @app.before_request
         def waf_check():
-            if self.is_malicious(request):
-                self.log_attack(request)
-                if not self.monitor_mode:
-                    abort(self.block_code)
+            self.verify_client_blocked(req)
+            self.verify_rate_limit(req)
+            is_malicious, attack_local, payload = self.is_malicious(req)
+            
+            if not is_malicious:
+                return
+            
+            if not self.monitor_mode:
+                self.log.warning(self.parse_req(req, payload,attack_local))
+                self.block_ip_address(req.remote_addr, req.headers.get("User-Agent", "unknown"))
+            else:
+                self.log.info(self.parse_req(req, payload, attack_local))
 
     def detect_attack(self, data: str) -> bool:
         for pattern in self.rules:
@@ -33,33 +69,83 @@ class WafaHell:
                 return True
         return False
 
-    def is_malicious(self, req) -> bool:
-        # URL + Query Params
-        if self.detect_attack(req.url) or any(self.detect_attack(v) for v in req.args.values()):
-            return True
+    def is_malicious(self, req) -> tuple[bool, str | None, str | None]:
+        
+        if self.detect_attack(req.base_url):
+            return True, "URL", req.base_url
 
-        # Headers
-        for _, value in req.headers.items():
+        for key, value in req.args.items():
             if self.detect_attack(value):
-                return True
+                return True, f"QUERY '{key}'", value
 
-        # Body
-        if req.data and self.detect_attack(req.data.decode(errors="ignore")):
-            return True
+        for key, value in req.headers.items():
+            if self.detect_attack(value):
+                return True, f"HEADER '{key}'", value
 
-        return False
+        if req.data:
+            body_content = req.data.decode(errors="ignore")
+            if self.detect_attack(body_content):
+                return True, "BODY", body_content
+            
+        if req.is_json:
+            json_data = req.get_json(silent=True)
+            if json_data:
+                import json
+                json_str = json.dumps(json_data)
+                if self.detect_attack(json_str):
+                    return True, "JSON BODY", json_str
+
+        return False, None, None
+
+    def verify_client_blocked(self, req) -> None:
+        session = req.session
+        try:
+            client_blocked = session.query(Blocked).filter_by(
+                ip=req.remote_addr, user_agent=req.headers.get("User-Agent")
+            ).first()
+            if client_blocked:
+                if is_block_expired(client_blocked.blocked_at):
+                    session.delete(client_blocked)
+                    session.commit()
+                    self.log.info(f"[UNBLOCKED] IP {req.remote_addr} desbloqueado apos expiracao do bloqueio.")
+                else:
+                    abort(self.block_code)
+        except OperationalError as e:
+            session.rollback()
+            abort(self.block_code)
+            
+
+    def block_ip_address(self, ip, user_agent=None):
+        if self.block_ip:
+            try:
+                session = req.session
+                blocked_client = Blocked(ip=ip, user_agent=user_agent)
+                session.add(blocked_client)
+                session.commit()
+                self.log.warning(f"[BLOCKED] IP: {ip}, User-Agent: {user_agent}")
+            except OperationalError as e:
+                self.log.error(f"Erro de banco de dados ao bloquear IP {ip}: {e}")
+                session.rollback()
+                abort(self.block_code)
+            except Exception as e:
+                self.log.error(f"Erro ao bloquear IP {ip}: {e}")
+                session.rollback()
 
-    def log_attack(self, req):
+    def verify_rate_limit(self, req) -> None:
+        if self.rate_limit:
+            ip = req.remote_addr
+            ua = req.headers.get("User-Agent", "unknown")
+            if limiter.is_rate_limited(ip, ua):
+                self.log.warning(f"[RATE LIMIT] IP: {ip}, User-Agent: {ua} excedeu o limite de requisições.")
+                if self.block_ip:
+                    self.block_ip_address(ip, ua)
+                abort(self.block_code)
+
+    def parse_req(self, req, payload, attack_local=None) -> str:
         ip = req.remote_addr
         user_agent = req.headers.get("User-Agent", "unknown")
         path = req.path
-        query = req.query_string.decode(errors="ignore") if req.query_string else ""
-        
-        msg = (
-            f"Ataque detectado\n",
-            f"IP: {ip}\n"
-            f"User-Agent: {user_agent}\n"
-            f"Rota: {path}\n"
-            f"Query: {unquote(query)}\n"
-        )
-        self.log_func(msg)
+        method = req.method
+        attack_local = attack_local or "unknown"
+        msg = f"""[ATTACK] IP: {ip}, User-Agent: {user_agent}, Path: {path}, Method: {method}, Payload: {unquote(payload)}, attack_local: {attack_local}"""
+        return msg

wafaHell/model.py

@@ -0,0 +1,23 @@
+from datetime import datetime
+from sqlalchemy import create_engine, Column, Integer, String
+from sqlalchemy.orm import declarative_base, sessionmaker, scoped_session
+
+Base = declarative_base()
+
+class Blocked(Base):
+    __tablename__ = "blocks"
+    
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    ip = Column(String, nullable=True)
+    user_agent = Column(String, nullable=True)
+    blocked_at = Column(String, nullable=False, default=lambda: datetime.now().strftime("%H:%M:%S"))
+
+    def __repr__(self):
+        return f"<Blocked(ip='{self.ip}', user_agent='{self.user_agent}', blocked_at='{self.blocked_at}')>"
+
+def get_session(db_url="sqlite:///wafaHell.db"):
+    engine = create_engine(db_url, echo=False)
+    Base.metadata.create_all(engine)
+    session_factory = sessionmaker(bind=engine)
+    Session = scoped_session(session_factory)
+    return Session

wafaHell/rateLimiter.py

@@ -0,0 +1,21 @@
+
+from collections import defaultdict, deque
+from datetime import datetime, timedelta
+
+class RateLimiter:
+    def __init__(self, limit=100, window=60):
+        self.limit = limit
+        self.window = window
+        self.requests_log = defaultdict(lambda: deque())
+
+    def is_rate_limited(self, ip, ua):
+        key = (ip, ua)
+        now = datetime.now()
+        window_start = now - timedelta(seconds=self.window)
+
+        while self.requests_log[key] and self.requests_log[key][0] < window_start:
+            self.requests_log[key].popleft()
+
+        self.requests_log[key].append(now)
+
+        return len(self.requests_log[key]) >= self.limit

wafaHell/teste.py

@@ -0,0 +1,16 @@
+from middleware import WafaHell
+from flask import Flask
+import logging
+
+app = Flask(__name__)
+waf = WafaHell(app, monitor_mode=True, block_ip=True, rate_limit=True)
+
+# log = logging.getLogger('werkzeug')
+# log.setLevel(logging.ERROR) 
+
+@app.route('/')
+def home():
+    return "Bem-vindo ao site seguro!"
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000, debug=False)

wafaHell/utils.py

@@ -0,0 +1,10 @@
+from datetime import datetime, timedelta
+
+def is_block_expired(blocked_time_str: str) -> bool:
+    blocked_time = datetime.strptime(blocked_time_str, "%H:%M:%S")
+    now = datetime.now()
+    blocked_time = blocked_time.replace(year=now.year, month=now.month, day=now.day)
+
+    diff = now - blocked_time
+    return diff >= timedelta(minutes=1)
+

{wafahell-0.1.1.dist-info → wafahell-0.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wafaHell
-Version: 0.1.1
+Version: 0.2.0
 Summary: Middleware WAF to Flask
 Author-email: Yago Martins <yagomartins30@gmail.com>
 License: MIT License
@@ -42,14 +42,14 @@ Middleware WAF for Flask, to detect SQLi and XSS.
 ## Instalation
 
 ```bash
-pip install wafaHell
+pip install wafahell
 ```
 
 ## Usage
 ```python
 from flask import Flask
-from flask_waf import FlaskWAF
+from wafahell import WafaHell
 
 app = Flask(__name__)
-waf = FlaskWAF(app)
+waf = WafaHell(app)
 ```

wafahell-0.2.0.dist-info/RECORD

@@ -0,0 +1,12 @@
+wafaHell/__init__.py,sha256=bdafr3LRK7_frr-V6umEJZUqt8RMrOiLJy72DSQfs2o,60
+wafaHell/logger.py,sha256=yMEz5FY6RdNOzQ9RacAiKpfmwtGjnNVha5umeeSotAM,1354
+wafaHell/middleware.py,sha256=nFhfrvoU3yNaS-_yKjAGbP7egdgG9gYwz5pxtFhVmTw,6052
+wafaHell/model.py,sha256=QnnOOgsEvqs0tHWLN6SkxQlnWR6r4KYiutyMxQl1nDo,902
+wafaHell/rateLimiter.py,sha256=_aU3ZORwpH2CCNpRWF44FyVM5slE3QvLyEgqWRcELr4,666
+wafaHell/teste.py,sha256=rnO3lyYQ-d-fJvlX7EQ-qo2T3DkAM6VS_z897Hht77E,399
+wafaHell/utils.py,sha256=htvGKGKY4VLsN8fcDOSQKDYqkTXbq8f3X29MQWq08P0,354
+wafahell-0.2.0.dist-info/licenses/LICENSE,sha256=6bv9v4HamenV3rqm3mhaGOecwGFrgxtVTW7JPfFDmeY,1086
+wafahell-0.2.0.dist-info/METADATA,sha256=v5yAr069OcRN4c3BxogmtQEAA-KKWr96a9ujgjuzbAc,1979
+wafahell-0.2.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+wafahell-0.2.0.dist-info/top_level.txt,sha256=VGBo2g3pOeTH2qIXfZDJCSblJgijemMHUHmI0bBgrls,9
+wafahell-0.2.0.dist-info/RECORD,,

wafahell-0.1.1.dist-info/RECORD

@@ -1,7 +0,0 @@
-wafaHell/__init__.py,sha256=enTIAbStl7o_cDo93-s8nq86BsN3OEGYu9AbtESQVXQ,105
-wafaHell/middleware.py,sha256=UQ5TPcuz6UDyy5FjyUNXSAZqv2IjnOoc3ze2M8He7Tw,2151
-wafahell-0.1.1.dist-info/licenses/LICENSE,sha256=6bv9v4HamenV3rqm3mhaGOecwGFrgxtVTW7JPfFDmeY,1086
-wafahell-0.1.1.dist-info/METADATA,sha256=DKx0AS6ZJ82ATAkBJetN_AG8doVO00xxMI7PwBdcBzQ,1980
-wafahell-0.1.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-wafahell-0.1.1.dist-info/top_level.txt,sha256=VGBo2g3pOeTH2qIXfZDJCSblJgijemMHUHmI0bBgrls,9
-wafahell-0.1.1.dist-info/RECORD,,