wafaHell 0.1.1__tar.gz → 0.2.0__tar.gz

{wafahell-0.1.1 → wafahell-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wafaHell
-Version: 0.1.1
+Version: 0.2.0
 Summary: Middleware WAF to Flask
 Author-email: Yago Martins <yagomartins30@gmail.com>
 License: MIT License
@@ -42,14 +42,14 @@ Middleware WAF for Flask, to detect SQLi and XSS.
 ## Instalation
 
 ```bash
-pip install wafaHell
+pip install wafahell
 ```
 
 ## Usage
 ```python
 from flask import Flask
-from flask_waf import FlaskWAF
+from wafahell import WafaHell
 
 app = Flask(__name__)
-waf = FlaskWAF(app)
+waf = WafaHell(app)
 ```

{wafahell-0.1.1 → wafahell-0.2.0}/README.md

@@ -5,14 +5,14 @@ Middleware WAF for Flask, to detect SQLi and XSS.
 ## Instalation
 
 ```bash
-pip install wafaHell
+pip install wafahell
 ```
 
 ## Usage
 ```python
 from flask import Flask
-from flask_waf import FlaskWAF
+from wafahell import WafaHell
 
 app = Flask(__name__)
-waf = FlaskWAF(app)
+waf = WafaHell(app)
 ```

{wafahell-0.1.1 → wafahell-0.2.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "wafaHell"                 
-version = "0.1.1"                  
+version = "0.2.0"                  
 description = "Middleware WAF to Flask"
 readme = "README.md"
 authors = [

wafahell-0.2.0/wafaHell/__init__.py

@@ -0,0 +1,3 @@
+from .middleware import WafaHell
+
+__all__ = ["WafaHell"]

wafahell-0.2.0/wafaHell/logger.py

@@ -0,0 +1,45 @@
+import logging
+
+class Logger:
+    def __init__(self, name="WAF", log_file="waf.log", level=logging.INFO):
+        # Cria logger com nome
+        self.logger = logging.getLogger(name)
+        self.logger.setLevel(level)
+
+        # Evita handlers duplicados ao reinicializar
+        if not self.logger.handlers:
+            # Handler para console
+            console_handler = logging.StreamHandler()
+            console_handler.setLevel(level)
+
+            # Handler para arquivo
+            file_handler = logging.FileHandler(log_file)
+            file_handler.setLevel(level)
+
+            # Formato
+            formatter = logging.Formatter(
+                "[%(asctime)s] [%(name)s] [%(levelname)s] %(message)s",
+                datefmt="%H:%M:%S - %d/%m/%Y"
+            )
+
+            console_handler.setFormatter(formatter)
+            file_handler.setFormatter(formatter)
+
+            # Adiciona handlers
+            self.logger.addHandler(console_handler)
+            self.logger.addHandler(file_handler)
+
+    def info(self, msg):
+        self.logger.info(msg)
+
+    def warning(self, msg):
+        self.logger.warning(msg)
+
+    def error(self, msg):
+        self.logger.error(msg)
+
+    def critical(self, msg):
+        self.logger.critical(msg)
+
+    def debug(self, msg):
+        self.logger.debug(msg)

wafahell-0.2.0/wafaHell/middleware.py

@@ -0,0 +1,151 @@
+import re
+from flask import request as req, abort
+from urllib.parse import unquote
+from model import Blocked, get_session
+from logger import Logger
+from utils import is_block_expired
+from rateLimiter import RateLimiter
+from sqlalchemy.exc import OperationalError
+
+# Inicializa o RateLimiter
+limiter = RateLimiter(limit=100, window=60)
+
+class WafaHell:
+    def __init__(self, app=None, block_code=403, log_func=None, monitor_mode=False, block_ip=False, rate_limit=False):
+        self.app = app
+        self.block_code = block_code
+        self.log = log_func or Logger()
+        self.monitor_mode = monitor_mode
+        self.block_ip = block_ip
+        self.rate_limit = rate_limit
+
+        self.rules = [
+            r"(\bUNION\b|\bSELECT\b|\bINSERT\b|\bDROP\b)",  
+            r"' OR '1'='1",                                
+            r"<script.*?>.*?</script>",                    
+            r"javascript:",                                
+        ]
+
+        if app is not None:
+            self.init_app(app)
+
+    def init_app(self, app):
+        # Configura a sessão para cada requisição
+        @app.before_request
+        def create_session():
+            try:
+                req.session = get_session()  # Cria uma nova sessão usando get_session
+            except Exception as e:
+                self.log.error(f"Erro ao criar sessão para requisição: {e}")
+                abort(self.block_code)  # Retorna erro 500 se não conseguir criar a sessão
+
+        # Fecha a sessão após cada requisição
+        @app.teardown_request
+        def close_session(exc=None):
+            if hasattr(req, 'session'):
+                try:
+                    req.session.close()  # Fecha a sessão para liberar a conexão
+                except Exception as e:
+                    self.log.error(f"Erro ao fechar sessão: {e}")
+
+        @app.before_request
+        def waf_check():
+            self.verify_client_blocked(req)
+            self.verify_rate_limit(req)
+            is_malicious, attack_local, payload = self.is_malicious(req)
+            
+            if not is_malicious:
+                return
+            
+            if not self.monitor_mode:
+                self.log.warning(self.parse_req(req, payload,attack_local))
+                self.block_ip_address(req.remote_addr, req.headers.get("User-Agent", "unknown"))
+            else:
+                self.log.info(self.parse_req(req, payload, attack_local))
+
+    def detect_attack(self, data: str) -> bool:
+        for pattern in self.rules:
+            if re.search(pattern, data, re.IGNORECASE):
+                return True
+        return False
+
+    def is_malicious(self, req) -> tuple[bool, str | None, str | None]:
+        
+        if self.detect_attack(req.base_url):
+            return True, "URL", req.base_url
+
+        for key, value in req.args.items():
+            if self.detect_attack(value):
+                return True, f"QUERY '{key}'", value
+
+        for key, value in req.headers.items():
+            if self.detect_attack(value):
+                return True, f"HEADER '{key}'", value
+
+        if req.data:
+            body_content = req.data.decode(errors="ignore")
+            if self.detect_attack(body_content):
+                return True, "BODY", body_content
+            
+        if req.is_json:
+            json_data = req.get_json(silent=True)
+            if json_data:
+                import json
+                json_str = json.dumps(json_data)
+                if self.detect_attack(json_str):
+                    return True, "JSON BODY", json_str
+
+        return False, None, None
+
+    def verify_client_blocked(self, req) -> None:
+        session = req.session
+        try:
+            client_blocked = session.query(Blocked).filter_by(
+                ip=req.remote_addr, user_agent=req.headers.get("User-Agent")
+            ).first()
+            if client_blocked:
+                if is_block_expired(client_blocked.blocked_at):
+                    session.delete(client_blocked)
+                    session.commit()
+                    self.log.info(f"[UNBLOCKED] IP {req.remote_addr} desbloqueado apos expiracao do bloqueio.")
+                else:
+                    abort(self.block_code)
+        except OperationalError as e:
+            session.rollback()
+            abort(self.block_code)
+            
+
+    def block_ip_address(self, ip, user_agent=None):
+        if self.block_ip:
+            try:
+                session = req.session
+                blocked_client = Blocked(ip=ip, user_agent=user_agent)
+                session.add(blocked_client)
+                session.commit()
+                self.log.warning(f"[BLOCKED] IP: {ip}, User-Agent: {user_agent}")
+            except OperationalError as e:
+                self.log.error(f"Erro de banco de dados ao bloquear IP {ip}: {e}")
+                session.rollback()
+                abort(self.block_code)
+            except Exception as e:
+                self.log.error(f"Erro ao bloquear IP {ip}: {e}")
+                session.rollback()
+
+    def verify_rate_limit(self, req) -> None:
+        if self.rate_limit:
+            ip = req.remote_addr
+            ua = req.headers.get("User-Agent", "unknown")
+            if limiter.is_rate_limited(ip, ua):
+                self.log.warning(f"[RATE LIMIT] IP: {ip}, User-Agent: {ua} excedeu o limite de requisições.")
+                if self.block_ip:
+                    self.block_ip_address(ip, ua)
+                abort(self.block_code)
+
+    def parse_req(self, req, payload, attack_local=None) -> str:
+        ip = req.remote_addr
+        user_agent = req.headers.get("User-Agent", "unknown")
+        path = req.path
+        method = req.method
+        attack_local = attack_local or "unknown"
+        msg = f"""[ATTACK] IP: {ip}, User-Agent: {user_agent}, Path: {path}, Method: {method}, Payload: {unquote(payload)}, attack_local: {attack_local}"""
+        return msg

wafahell-0.2.0/wafaHell/model.py

@@ -0,0 +1,23 @@
+from datetime import datetime
+from sqlalchemy import create_engine, Column, Integer, String
+from sqlalchemy.orm import declarative_base, sessionmaker, scoped_session
+
+Base = declarative_base()
+
+class Blocked(Base):
+    __tablename__ = "blocks"
+    
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    ip = Column(String, nullable=True)
+    user_agent = Column(String, nullable=True)
+    blocked_at = Column(String, nullable=False, default=lambda: datetime.now().strftime("%H:%M:%S"))
+
+    def __repr__(self):
+        return f"<Blocked(ip='{self.ip}', user_agent='{self.user_agent}', blocked_at='{self.blocked_at}')>"
+
+def get_session(db_url="sqlite:///wafaHell.db"):
+    engine = create_engine(db_url, echo=False)
+    Base.metadata.create_all(engine)
+    session_factory = sessionmaker(bind=engine)
+    Session = scoped_session(session_factory)
+    return Session

wafahell-0.2.0/wafaHell/rateLimiter.py

@@ -0,0 +1,21 @@
+
+from collections import defaultdict, deque
+from datetime import datetime, timedelta
+
+class RateLimiter:
+    def __init__(self, limit=100, window=60):
+        self.limit = limit
+        self.window = window
+        self.requests_log = defaultdict(lambda: deque())
+
+    def is_rate_limited(self, ip, ua):
+        key = (ip, ua)
+        now = datetime.now()
+        window_start = now - timedelta(seconds=self.window)
+
+        while self.requests_log[key] and self.requests_log[key][0] < window_start:
+            self.requests_log[key].popleft()
+
+        self.requests_log[key].append(now)
+
+        return len(self.requests_log[key]) >= self.limit

wafahell-0.2.0/wafaHell/teste.py

@@ -0,0 +1,16 @@
+from middleware import WafaHell
+from flask import Flask
+import logging
+
+app = Flask(__name__)
+waf = WafaHell(app, monitor_mode=True, block_ip=True, rate_limit=True)
+
+# log = logging.getLogger('werkzeug')
+# log.setLevel(logging.ERROR) 
+
+@app.route('/')
+def home():
+    return "Bem-vindo ao site seguro!"
+
+if __name__ == '__main__':
+    app.run(host='0.0.0.0', port=5000, debug=False)

wafahell-0.2.0/wafaHell/utils.py

@@ -0,0 +1,10 @@
+from datetime import datetime, timedelta
+
+def is_block_expired(blocked_time_str: str) -> bool:
+    blocked_time = datetime.strptime(blocked_time_str, "%H:%M:%S")
+    now = datetime.now()
+    blocked_time = blocked_time.replace(year=now.year, month=now.month, day=now.day)
+
+    diff = now - blocked_time
+    return diff >= timedelta(minutes=1)
+

{wafahell-0.1.1 → wafahell-0.2.0}/wafaHell.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wafaHell
-Version: 0.1.1
+Version: 0.2.0
 Summary: Middleware WAF to Flask
 Author-email: Yago Martins <yagomartins30@gmail.com>
 License: MIT License
@@ -42,14 +42,14 @@ Middleware WAF for Flask, to detect SQLi and XSS.
 ## Instalation
 
 ```bash
-pip install wafaHell
+pip install wafahell
 ```
 
 ## Usage
 ```python
 from flask import Flask
-from flask_waf import FlaskWAF
+from wafahell import WafaHell
 
 app = Flask(__name__)
-waf = FlaskWAF(app)
+waf = WafaHell(app)
 ```

{wafahell-0.1.1 → wafahell-0.2.0}/wafaHell.egg-info/SOURCES.txt

@@ -2,7 +2,12 @@ LICENSE
 README.md
 pyproject.toml
 wafaHell/__init__.py
+wafaHell/logger.py
 wafaHell/middleware.py
+wafaHell/model.py
+wafaHell/rateLimiter.py
+wafaHell/teste.py
+wafaHell/utils.py
 wafaHell.egg-info/PKG-INFO
 wafaHell.egg-info/SOURCES.txt
 wafaHell.egg-info/dependency_links.txt

wafahell-0.1.1/wafaHell/__init__.py

@@ -1,3 +0,0 @@
-from .middleware import WafaHell
-
-# agora a classe está disponível diretamente ao importar o pacote

wafahell-0.1.1/wafaHell/middleware.py

@@ -1,65 +0,0 @@
-import re
-from flask import request, abort
-from urllib.parse import unquote
-
-class WafaHell:
-    def __init__(self, app=None, block_code=403, log_func=None, monitor_mode=False):
-        self.app = app
-        self.block_code = block_code
-        self.log_func = log_func or (lambda msg: print(f"[WAF] {msg}"))
-        self.monitor_mode = monitor_mode
-        # Regras básicas
-        self.rules = [
-            r"(\bUNION\b|\bSELECT\b|\bINSERT\b|\bDROP\b)",  
-            r"' OR '1'='1",                                
-            r"<script.*?>.*?</script>",                    
-            r"javascript:",                                
-        ]
-
-        if app is not None:
-            self.init_app(app)
-
-    def init_app(self, app):
-        @app.before_request
-        def waf_check():
-            if self.is_malicious(request):
-                self.log_attack(request)
-                if not self.monitor_mode:
-                    abort(self.block_code)
-
-    def detect_attack(self, data: str) -> bool:
-        for pattern in self.rules:
-            if re.search(pattern, data, re.IGNORECASE):
-                return True
-        return False
-
-    def is_malicious(self, req) -> bool:
-        # URL + Query Params
-        if self.detect_attack(req.url) or any(self.detect_attack(v) for v in req.args.values()):
-            return True
-
-        # Headers
-        for _, value in req.headers.items():
-            if self.detect_attack(value):
-                return True
-
-        # Body
-        if req.data and self.detect_attack(req.data.decode(errors="ignore")):
-            return True
-
-        return False
-
-    def log_attack(self, req):
-        ip = req.remote_addr
-        user_agent = req.headers.get("User-Agent", "unknown")
-        path = req.path
-        query = req.query_string.decode(errors="ignore") if req.query_string else ""
-        
-        msg = (
-            f"Ataque detectado\n",
-            f"IP: {ip}\n"
-            f"User-Agent: {user_agent}\n"
-            f"Rota: {path}\n"
-            f"Query: {unquote(query)}\n"
-        )
-        self.log_func(msg)