PyPI - wafaHell - Versions diffs - 0.2.0__py3-none-any.whl → 1.1.0__py3-none-any.whl - Mend

wafaHell 0.2.0py3-none-any.whl → 1.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

wafaHell/app.py +31 -0
wafaHell/globals.py +5 -0
wafaHell/logger.py +102 -14
wafaHell/middleware.py +398 -81
wafaHell/mock.py +53 -0
wafaHell/model.py +98 -10
wafaHell/panel.py +406 -0
wafaHell/rateLimiter.py +0 -1
wafaHell/utils.py +413 -7
{wafahell-0.2.0.dist-info → wafahell-1.1.0.dist-info}/METADATA +5 -1
wafahell-1.1.0.dist-info/RECORD +15 -0
{wafahell-0.2.0.dist-info → wafahell-1.1.0.dist-info}/WHEEL +1 -1
wafaHell/teste.py +0 -16
wafahell-0.2.0.dist-info/RECORD +0 -12
{wafahell-0.2.0.dist-info → wafahell-1.1.0.dist-info}/licenses/LICENSE +0 -0
{wafahell-0.2.0.dist-info → wafahell-1.1.0.dist-info}/top_level.txt +0 -0

wafaHell/model.py CHANGED Viewed

@@ -1,23 +1,111 @@
 from datetime import datetime
-from sqlalchemy import create_engine, Column, Integer, String
+from sqlalchemy import (
+    DateTime, Text, create_engine,
+    Column, Integer, String, UniqueConstraint
+)
 from sqlalchemy.orm import declarative_base, sessionmaker, scoped_session
+# =========================
+# CONFIGURAÇÃO GLOBAL
+# =========================
+DATABASE_URL = "sqlite:///wafaHell.db"
+engine = create_engine(
+    DATABASE_URL,
+    echo=False,
+    future=True
+)
+SessionLocal = scoped_session(
+    sessionmaker(
+        bind=engine,
+        autocommit=False,
+        autoflush=False
+    )
+)
 Base = declarative_base()
+# =========================
+# MODELS
+# =========================
 class Blocked(Base):
     __tablename__ = "blocks"
     id = Column(Integer, primary_key=True, autoincrement=True)
     ip = Column(String, nullable=True)
     user_agent = Column(String, nullable=True)
-    blocked_at = Column(String, nullable=False, default=lambda: datetime.now().strftime("%H:%M:%S"))
+    blocked_at = Column(
+        String,
+        nullable=False,
+        default=lambda: datetime.now().strftime("%H:%M:%S")
+    )
+    blocked_until = Column(DateTime, nullable=False)
     def __repr__(self):
-        return f"<Blocked(ip='{self.ip}', user_agent='{self.user_agent}', blocked_at='{self.blocked_at}')>"
-def get_session(db_url="sqlite:///wafaHell.db"):
-    engine = create_engine(db_url, echo=False)
-    Base.metadata.create_all(engine)
-    session_factory = sessionmaker(bind=engine)
-    Session = scoped_session(session_factory)
-    return Session
+        return (
+            f"<Blocked(ip='{self.ip}', "
+            f"user_agent='{self.user_agent}', "
+            f"blocked_at='{self.blocked_at}', "
+            f"blocked_until='{self.blocked_until}')>"
+        )
+class Whitelist(Base):
+    __tablename__ = "whitelist"
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    ip = Column(String, nullable=False, unique=True)
+    added_at = Column(
+        String,
+        nullable=False,
+        default=lambda: datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+    )
+    def __repr__(self):
+        return f"<Whitelist(ip='{self.ip}', added_at='{self.added_at}')>"
+class WafLog(Base):
+    __tablename__ = "waf_logs"
+    id = Column(Integer, primary_key=True)
+    timestamp = Column(DateTime, default=datetime.utcnow)
+    time_bucket = Column(String(20), index=True)
+    attack_type = Column(String(50))
+    ip = Column(String(50))
+    path = Column(String(200))
+    method = Column(String(10))
+    payload = Column(Text)
+    attack_local = Column(String(50))
+    level = Column(String(20))
+    __table_args__ = (
+        UniqueConstraint('ip', 'attack_type', 'time_bucket', name='uix_ip_attack_time'),
+    )
+class AdminUser(Base):
+    __tablename__ = "admin_user"
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    login = Column(String(50), nullable=False, unique=True)
+    password = Column(String(255), nullable=False)
+    def __repr__(self):
+        return f"<AdminUser(login='{self.login}')>"
+# =========================
+# DB INIT / SESSION
+# =========================
+def init_db():
+    """Cria as tabelas uma única vez"""
+    Base.metadata.create_all(bind=engine)
+def get_session():
+    """Retorna uma sessão reutilizável"""
+    return SessionLocal()

wafaHell/panel.py ADDED Viewed

@@ -0,0 +1,406 @@
+from .model import AdminUser, WafLog, Whitelist, get_session, Blocked
+from .globals import waf_cache
+from .utils import Dashboard, admin
+from datetime import datetime, timedelta, timezone
+import re
+from flask import request, jsonify, make_response, flash, session, redirect, render_template
+from sqlalchemy import func
+import csv
+import io
+from werkzeug.security import check_password_hash
+dashboard = Dashboard()
+def get_logs_and_stats(ip_filter=None, type_filter=None, limit=100):
+    session = get_session()
+    try:
+        log_query = session.query(WafLog).order_by(WafLog.id.desc())
+        stat_query = session.query(func.count(WafLog.id))
+        if ip_filter:
+            log_query = log_query.filter(WafLog.ip == ip_filter)
+            stat_query = stat_query.filter(WafLog.ip == ip_filter)
+        if type_filter:
+            log_query = log_query.filter(WafLog.attack_type == type_filter)
+            stat_query = stat_query.filter(WafLog.attack_type == type_filter)
+        db_logs = log_query.limit(limit).all()
+        # Estatísticas Dinâmicas
+        stats = {
+            "total": stat_query.scalar() or 0,
+            # Agora attacks conta tudo que não é 'Info' ou 'System'
+            "attacks": stat_query.filter(WafLog.attack_type.in_(['SQLI', 'XSS', 'RATE LIMIT'])).scalar() or 0,
+            "sqli": stat_query.filter(WafLog.attack_type == 'SQLI').scalar() or 0,
+            "xss": stat_query.filter(WafLog.attack_type == 'XSS').scalar() or 0,
+            "rate_limit": stat_query.filter(WafLog.attack_type == 'RATE LIMIT').scalar() or 0,
+            "blocks": stat_query.filter(WafLog.attack_type == 'IP BLOCK').scalar() or 0
+            }
+        formatted_logs = []
+        for log in db_logs:
+            # Determinamos o "Tipo" visual para o HTML
+            display_type = "INFO"
+            if log.attack_type in ['SQLI', 'XSS', 'RATE LIMIT']:
+                display_type = "ATTACK"
+            elif log.attack_type == 'IP BLOCK':
+                display_type = "BLOCKED" # Mudança aqui para o dashboard
+            formatted_logs.append({
+                "timestamp": log.timestamp.strftime("%H:%M:%S - %d/%m/%Y"),
+                "type": display_type,
+                "details": {
+                    "attack_type": log.attack_type,
+                    "ip": log.ip or "---",
+                    "path": log.path or "---",
+                    "method": log.method or "---",
+                    "payload": log.payload or "---",
+                    "attack_local": log.attack_local or "---"
+                }
+            })
+        return formatted_logs, stats
+    finally:
+        session.close()
+def setup_dashboard(app, custom_path=None):
+    target_path = custom_path or '/admin/dashboard'
+    @app.route(target_path + "/login", methods=["GET", "POST"])
+    def login():
+        if request.method == "POST":
+            username = request.form.get("user")
+            password = request.form.get("password")
+            db_session = get_session()
+            try:
+                admin = db_session.query(AdminUser).filter(AdminUser.login == username).first()
+                # 3. Valida (Aqui você deveria usar hash, mas vamos focar na lógica)
+                if admin and check_password_hash(admin.password, password):
+                    session["logged_in"] = True
+                    next_page = request.args.get("next", target_path)
+                    return redirect(next_page)
+                else:
+                    flash("Acesso Negado: Credenciais Inválidas", "error")
+                    return redirect(request.url)
+            finally:
+                db_session.close()
+        return render_template("login.html")
+    @app.route(target_path + '/data')
+    @admin
+    def wafahell_data():
+        ip_f = request.args.get('ip')
+        type_f = request.args.get('type')
+        logs, stats = get_logs_and_stats(ip_filter=ip_f, type_filter=type_f)
+        return jsonify({"logs": logs, "stats": stats})
+    # Rota 2: Retorna o HTML inicial
+    @app.route(target_path)
+    @admin
+    def wafahell_dashboard():
+        ip_f = request.args.get('ip')
+        type_f = request.args.get('type')
+        logs, stats = get_logs_and_stats(ip_filter=ip_f, type_filter=type_f)
+        return render_template('dashboard.html', logs=logs, stats=stats, filters={'ip': ip_f, 'type': type_f})
+    @app.route(target_path + '/export/csv')
+    @admin
+    def export_csv():
+        try:
+            ip_filter = request.args.get('ip')
+            type_filter = request.args.get('type')
+            session = get_session()
+            query = session.query(WafLog)
+            if ip_filter:
+                query = query.filter(WafLog.ip == ip_filter)
+            if type_filter:
+                query = query.filter(WafLog.attack_type == type_filter)
+            logs = query.order_by(WafLog.timestamp.desc()).all()
+            session.close()
+            # Criamos o CSV em memória
+            output = io.StringIO()
+            writer = csv.writer(output)
+            # Cabeçalho
+            writer.writerow(['Data/Hora', 'Tipo', 'IP', 'Endpoint', 'Metodo', 'Payload'])
+            for log in logs:
+                writer.writerow([
+                    log.timestamp,
+                    log.attack_type,
+                    log.ip,
+                    log.path,
+                    log.method,
+                    log.payload
+                ])
+            response = make_response(output.getvalue())
+            response.headers["Content-Disposition"] = f"attachment; filename=waf_logs_{datetime.now().strftime('%Y%m%d_%H%M')}.csv"
+            response.headers["Content-type"] = "text/csv"
+            return response
+        except Exception as e:
+            session.rollback()
+            return jsonify({"status": "error", "message": str(e)}), 500
+        finally:
+            session.close()
+    @app.route(target_path + '/block_ip', methods=['POST'])
+    @admin
+    def block_ip() -> bool:
+        data = request.get_json()
+        ip = data.get('ip')
+        block_time = data.get('block_time_minutes', 5) # Pega do JSON ou assume 5
+        if not ip:
+            return jsonify({"status": "error", "message": "IP ausente"}), 400
+        session = get_session()
+        try:
+            exists = session.query(Blocked).filter_by(ip=ip, user_agent="MANUAL_BLOCK").first()
+            if exists:
+                exists.blocked_until = datetime.now(timezone.utc) + timedelta(minutes=int(block_time))
+                session.commit()
+                return jsonify({"status": "success", "message": "Tempo de bloqueio atualizado"})
+            now = datetime.now(timezone.utc)
+            until = now + timedelta(minutes=int(block_time))
+            new_block = Blocked(
+                ip=ip,
+                user_agent="MANUAL_BLOCK",
+                blocked_until=until
+            )
+            session.add(new_block)
+            session.commit()
+            return jsonify({"status": "success", "message": "IP bloqueado com sucesso"})
+        except Exception as e:
+            session.rollback()
+            return jsonify({"status": "error", "message": str(e)}), 500
+        finally:
+            session.close()
+    @app.route(target_path + '/blocked_list', methods=['GET'])
+    @admin
+    def get_blocked_list():
+        session = get_session()
+        try:
+            # Pega todos os IPs bloqueados que ainda não expiraram
+            now = datetime.now(timezone.utc)
+            blocks = session.query(Blocked).filter(Blocked.blocked_until > now).all()
+            data = []
+            for b in blocks:
+                # Calcula tempo restante
+                remaining = b.blocked_until.replace(tzinfo=timezone.utc) - now
+                mins, secs = divmod(remaining.total_seconds(), 60)
+                data.append({
+                    "ip": b.ip,
+                    "user_agent": b.user_agent[:30] + '...' if len(b.user_agent) > 30 else b.user_agent,
+                    "expires_in": f"{int(mins)}m {int(secs)}s"
+                })
+            return jsonify(data)
+        finally:
+            session.close()
+    @app.route(target_path + '/unblock_ip', methods=['POST'])
+    @admin
+    def manual_unblock():
+        data = request.get_json()
+        ip = data.get('ip')
+        session = get_session()
+        try:
+            # Remove da tabela
+            session.query(Blocked).filter(Blocked.ip == ip).delete()
+            session.commit()
+            return jsonify({"status": "success"})
+        except Exception as e:
+            return jsonify({"error": str(e)}), 500
+        finally:
+            session.close()
+    @app.route(target_path + '/graphs', methods=['GET'])
+    @admin
+    def graphs():
+        return render_template('graphs.html')
+    @app.route(target_path + '/stats', methods=['GET'])
+    @admin
+    def api_stats():
+        return jsonify(dashboard.dashboard_setup())
+    @app.route(target_path + '/vars', methods=['GET'])
+    @admin
+    def get_vars():
+        from middleware import Wafahell
+        waf = Wafahell()
+        output = {}
+        allowed_types = (str, int, float, bool, list, dict)
+        blacklisted_keys = {'app', 'log', 'recent_blocks_cache', '_instance', 'initialized', 'dashboard_path', 'rules_sqli', 'rules_xss'}
+        for key, value in vars(waf).items():
+            if key not in blacklisted_keys and isinstance(value, allowed_types):
+                output[key] = value
+        return output
+    @app.route(target_path + '/vars/change', methods=['POST'])
+    @admin
+    def vars_change():
+        data = request.json
+        key = data.get('key')
+        value = data.get('value')
+        from middleware import Wafahell
+        waf = Wafahell()
+        if hasattr(waf, key):
+            setattr(waf, key, value)
+            print(f" * [WafaHell] Variable '{key}' changed to: {value}")
+            return {"status": "success", "message": f"{key} updated", "newValue": value}
+        return {"status": "error", "message": "Invalid variable"}, 400
+    @app.route(target_path + '/import_blacklist', methods=['POST'])
+    @admin
+    def import_blacklist():
+        data = request.get_json()
+        raw_ips = data.get('ips', [])
+        if not raw_ips:
+            return jsonify({"status": "error", "message": "Nenhum IP fornecido."}), 400
+        # 1. Validação e Limpeza (Regex IPv4)
+        # Usamos set() para remover duplicatas enviadas no mesmo arquivo
+        ip_regex = re.compile(r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
+        valid_ips = set(ip for ip in raw_ips if ip_regex.match(ip))
+        if not valid_ips:
+            return jsonify({"status": "error", "message": "Nenhum IP válido encontrado."}), 400
+        session = get_session()
+        try:
+            # 2. Filtragem de Duplicatas no Banco
+            # Descobre quais desses IPs já estão bloqueados para não dar erro de Unique Key
+            existing_query = session.query(Blocked.ip).filter(Blocked.ip.in_(valid_ips)).all()
+            existing_ips = {row.ip for row in existing_query}
+            # Apenas os novos IPs
+            ips_to_insert = valid_ips - existing_ips
+            if not ips_to_insert:
+                return jsonify({"status": "success", "message": "Todos os IPs já estavam na blacklist."})
+            # 3. Preparação dos Dados (Bulk)
+            # Definimos um tempo padrão de 30 dias para importações manuais de lista
+            now = datetime.now(timezone.utc)
+            until = now + timedelta(days=3600)
+            bulk_data = []
+            for ip in ips_to_insert:
+                bulk_data.append({
+                    "ip": ip,
+                    "user_agent": "MANUAL_IMPORT_LIST",
+                    # Mantendo o formato string que você usa no Model
+                    "blocked_at": now.strftime("%H:%M:%S"),
+                    "blocked_until": until
+                })
+                # 4. Atualização IMEDIATA do Cache (Fast Path)
+                # Isso garante que o bloqueio funcione no milissegundo seguinte,
+                # sem precisar esperar a próxima query no banco.
+                waf_cache.set(f"blocked_{ip}", True, expire=60)
+            # 5. Inserção em Massa (Muito Rápido)
+            session.bulk_insert_mappings(Blocked, bulk_data)
+            session.commit()
+            count = len(ips_to_insert)
+            print(f" * [WafaHell] Blacklist importada: {count} novos IPs.")
+            return jsonify({
+                "status": "success",
+                "message": f"Sucesso! {count} novos IPs adicionados à Blacklist."
+            })
+        except Exception as e:
+            session.rollback()
+            print(f"Erro na importação: {e}")
+            return jsonify({"status": "error", "message": str(e)}), 500
+        finally:
+            session.close()
+    @app.route(target_path + '/import_whitelist', methods=['POST'])
+    @admin
+    def import_whitelist():
+        data = request.get_json()
+        raw_ips = data.get('ips', [])
+        if not raw_ips:
+            return jsonify({"status": "error", "message": "Nenhum IP fornecido."}), 400
+        # 1. Validação (Regex)
+        ip_regex = re.compile(r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
+        valid_ips = set(ip for ip in raw_ips if ip_regex.match(ip))
+        if not valid_ips:
+            return jsonify({"status": "error", "message": "Nenhum IP válido encontrado."}), 400
+        session = get_session()
+        try:
+            # 2. Verifica Duplicatas no Banco
+            # Como sua coluna 'ip' é unique=True, precisamos filtrar o que já existe
+            existing_query = session.query(Whitelist.ip).filter(Whitelist.ip.in_(valid_ips)).all()
+            existing_ips = {row.ip for row in existing_query}
+            ips_to_insert = valid_ips - existing_ips
+            if not ips_to_insert:
+                return jsonify({"status": "success", "message": "Todos os IPs já estavam na whitelist."})
+            # 3. Prepara Bulk Insert e Cache
+            now_str = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+            bulk_data = []
+            for ip in ips_to_insert:
+                bulk_data.append({
+                    "ip": ip,
+                    "added_at": now_str
+                })
+                # Cache Warm-up: Marca o IP como "VIP" no cache por 1 hora
+                # Isso evita consulta ao banco quando este IP acessar
+                waf_cache.set(f"whitelist_{ip}", True, expire=3600)
+            # 4. Grava no Banco
+            session.bulk_insert_mappings(Whitelist, bulk_data)
+            session.commit()
+            count = len(ips_to_insert)
+            print(f" * [WafaHell] Whitelist importada: {count} novos IPs.")
+            return jsonify({
+                "status": "success",
+                "message": f"Sucesso! {count} IPs adicionados à Whitelist."
+            })
+        except Exception as e:
+            session.rollback()
+            print(f"Erro whitelist: {e}")
+            return jsonify({"status": "error", "message": str(e)}), 500
+        finally:
+            session.close()
+    print(f" * [WafaHell] Dashboard e API de dados prontos em: {target_path}")

wafaHell/rateLimiter.py CHANGED Viewed

@@ -17,5 +17,4 @@ class RateLimiter:
             self.requests_log[key].popleft()
         self.requests_log[key].append(now)
         return len(self.requests_log[key]) >= self.limit

wafaHell 0.2.0__py3-none-any.whl → 1.1.0__py3-none-any.whl

wafaHell 0.2.0py3-none-any.whl → 1.1.0py3-none-any.whl