wagtail-enap-designsystem 1.2.1.138__py3-none-any.whl → 1.2.1.139__py3-none-any.whl

enap_designsystem/templates/enap_designsystem/form_templates/formulario_page.html

@@ -1930,6 +1930,158 @@ function getFileIcon(filename) {
     };
     return icons[ext] || '📎';
 }
+
+
+
+
+// PROTEÇÃO CONTRA CARACTERES ESPECIAIS E COMANDOS SQL
+(function initEnhancedSecurity() {
+    console.log('🛡️ Inicializando proteção avançada...');
+    
+    // Comandos SQL que devem ser bloqueados
+    const sqlCommands = ['SELECT', 'INSERT', 'UPDATE', 'DELETE', 'DROP', 'CREATE'];
+    
+    function containsSqlCommands(text) {
+        if (!text || typeof text !== 'string') return false;
+        
+        const upperText = text.toUpperCase();
+        
+        for (let command of sqlCommands) {
+            // Verificar comando como palavra completa
+            const regex = new RegExp('\\b' + command + '\\b');
+            if (regex.test(upperText)) {
+                return { found: true, command: command };
+            }
+        }
+        
+        return { found: false };
+    }
+    
+    function cleanInput(input, originalValue) {
+        let cleanValue = originalValue;
+        
+        // 1. Primeiro remover caracteres especiais
+        const fieldName = (input.name || input.id || '').toLowerCase();
+        const isEmailField = fieldName.includes('email') || input.type === 'email';
+        
+        if (isEmailField) {
+            cleanValue = originalValue.replace(/[^a-zA-Z0-9@.\-_]/g, '');
+        } else {
+            cleanValue = originalValue.replace(/[^a-zA-Z0-9À-ÿ\s.\-]/g, '');
+        }
+        
+        // 2. Depois verificar comandos SQL
+        const sqlCheck = containsSqlCommands(cleanValue);
+        if (sqlCheck.found) {
+            // Remover a palavra SQL encontrada
+            const regex = new RegExp('\\b' + sqlCheck.command + '\\b', 'gi');
+            cleanValue = cleanValue.replace(regex, '');
+            
+            console.warn(`🚨 Comando SQL removido: ${sqlCheck.command}`);
+        }
+        
+        return cleanValue;
+    }
+    
+    function showSecurityFeedback(input, type = 'chars') {
+        if (type === 'sql') {
+            input.style.backgroundColor = '#ffe6e6';
+            input.style.borderColor = '#dc3545';
+            input.title = 'Comando SQL detectado e removido';
+        } else {
+            input.style.backgroundColor = '#fff3cd';
+            input.style.borderColor = '#ffc107';
+            input.title = 'Caracteres especiais removidos';
+        }
+        
+        setTimeout(() => {
+            input.style.backgroundColor = '';
+            input.style.borderColor = '';
+            input.title = '';
+        }, 3000);
+    }
+    
+    // Event listener principal
+    document.addEventListener('input', function(e) {
+        const input = e.target;
+        
+        const isProtectedField = (
+            input.matches('input[type="text"], input[type="email"], textarea') &&
+            !input.matches('input[type="hidden"], input[readonly]')
+        );
+        
+        if (!isProtectedField) return;
+        
+        const originalValue = input.value;
+        
+        // Verificar comandos SQL antes da limpeza
+        const hadSqlCommand = containsSqlCommands(originalValue).found;
+        
+        const cleanValue = cleanInput(input, originalValue);
+        
+        if (originalValue !== cleanValue) {
+            input.value = cleanValue;
+            
+            // Feedback baseado no tipo de problema
+            const feedbackType = hadSqlCommand ? 'sql' : 'chars';
+            showSecurityFeedback(input, feedbackType);
+            
+            console.log('🔒 Conteúdo limpo:', {
+                campo: input.name || input.id,
+                original: originalValue,
+                limpo: cleanValue,
+                tipo: feedbackType
+            });
+        }
+    }, true);
+    
+    // Proteção no submit
+    document.addEventListener('submit', function(e) {
+        const form = e.target;
+        if (form.id !== 'wagtailForm') return;
+        
+        console.log('🔍 Verificação final de segurança...');
+        
+        const textInputs = form.querySelectorAll('input[type="text"], input[type="email"], textarea');
+        let hasProhibited = false;
+        
+        textInputs.forEach(input => {
+            const value = input.value.trim();
+            if (!value) return;
+            
+            // Verificar caracteres proibidos
+            const prohibitedChars = /['";\\<>]/;
+            const sqlCheck = containsSqlCommands(value);
+            
+            if (prohibitedChars.test(value) || sqlCheck.found) {
+                console.warn('⚠️ Conteúdo proibido:', {
+                    campo: input.name,
+                    valor: value,
+                    sql: sqlCheck.found ? sqlCheck.command : 'não',
+                    caracteres: prohibitedChars.test(value)
+                });
+                
+                hasProhibited = true;
+                input.style.borderColor = 'red';
+                input.style.backgroundColor = '#ffe6e6';
+                
+                if (!hasProhibited) {
+                    input.focus();
+                    input.scrollIntoView({ behavior: 'smooth', block: 'center' });
+                }
+            }
+        });
+        
+        if (hasProhibited) {
+            e.preventDefault();
+            alert('Formulário contém dados não permitidos. Verifique os campos destacados.');
+            return false;
+        }
+    });
+    
+    console.log('✅ Proteção avançada ativada');
+})();
+
 </script>
 
 

{wagtail_enap_designsystem-1.2.1.138.dist-info → wagtail_enap_designsystem-1.2.1.139.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: wagtail-enap-designsystem
-Version: 1.2.1.138
+Version: 1.2.1.139
 Summary: Módulo de componentes utilizado nos portais ENAP, desenvolvido com Wagtail + CodeRedCMS
 Author: Renan Campos
 Author-email: renan.oliveira@enap.gov.br

{wagtail_enap_designsystem-1.2.1.138.dist-info → wagtail_enap_designsystem-1.2.1.139.dist-info}/RECORD

@@ -11,13 +11,15 @@ enap_designsystem/blocks/__init__.py,sha256=uqscsM_LrnSs_WEJqzwAThHQb4SSp2ncm__Y
 enap_designsystem/blocks/base_blocks.py,sha256=ZuqVWn4PEAvD3pKM1ST7wjo4lwv98ooen_rs15rRJbg,10866
 enap_designsystem/blocks/chatbot_blocks.py,sha256=YeCznrXMbFa9MP9vjdTYl53ZhKsywkGOXvFK2bwcqW0,1133
 enap_designsystem/blocks/content_blocks.py,sha256=4oWDtY0zmvC6k7v_WduCTAyGapJuQTsfJ9ij_vJZXxY,16549
-enap_designsystem/blocks/form.py,sha256=PmbeQQ76IlaGdz-jngepy4ubC9sSaHKwDmPqoaHltWw,85744
+enap_designsystem/blocks/form.py,sha256=TnoRExEukCBRqSug_NmA-b4oKBdRQsWOsbuzKANCqTc,88947
 enap_designsystem/blocks/html_blocks.py,sha256=5LE5TFRuQvEf2xcl60D0WJeVq8fnuLT0F2hMWzMDUTI,245293
 enap_designsystem/blocks/layout_blocks.py,sha256=WyVt3nwYxA4Eqr6-MqQY7W-xtjh07ZhstM8aiQaHmLw,23388
+enap_designsystem/blocks/security.py,sha256=QA7lmQ_eQ6iopunatl_DrHkEegAwMZJGwXunRulbCjk,2099
 enap_designsystem/blocks/semana_blocks.py,sha256=j5JDdC1eKb91gU7y-hLvcx5feI1OvcbVh3Imbs5R6jM,70445
 enap_designsystem/blocks/semana_inovacao.py,sha256=ZKjXzvs_RbLzv3nxsnmVxcAWORlpFIr9C7_aMb8rZRs,47037
 enap_designsystem/middleware/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 enap_designsystem/middleware/aluno_sso.py,sha256=baitPngI34eKwHKaku-5JIbDAnXpEHPvRFTs9AY1K6o,542
+enap_designsystem/middleware/filtro_inputs.py,sha256=EE7dKKmqUzjiy79Vni54ntjC2JeN61j_vaZvKbWYoBs,4286
 enap_designsystem/middleware/wagtail_userbar_safe.py,sha256=5A_bmUqL7DtVb2LNs9yyo9BZ4lasQTVVY8fOYnwU8ZI,633
 enap_designsystem/migrations/0001_initial.py,sha256=GmnE8N8hBKLlCNabhOjpzhNMSoHsPqy-ZUsojyCvKO0,154972
 enap_designsystem/migrations/0002_alter_enapformacao_accordion_cursos.py,sha256=3oOLLXyNNRTdM6SJ46W6s8mhCftkd0v1fOJiXeyiTdI,7137
@@ -447,6 +449,7 @@ enap_designsystem/migrations/0408_alter_areaaluno_body_alter_enapcomponentes_bod
 enap_designsystem/migrations/0409_alter_areaaluno_body_alter_enapcomponentes_body_and_more.py,sha256=kdD6gvDpWGClTnoIJAb2ELF0ktsL1EZf2OJMgxYTlhA,2425164
 enap_designsystem/migrations/0410_alter_formulariopage_form_steps.py,sha256=VphZlDbOYAIaw9dLRi1_9mVhdLz2v7x-dZA2SvCNUhA,53854
 enap_designsystem/migrations/0411_alter_formulariopage_form_steps.py,sha256=Z00KTXqEJEAxG12vK7zo4h7iXYsW8YpmF_-rTzCY2n8,53880
+enap_designsystem/migrations/0412_alter_areaaluno_body_alter_concursoinovacao_banner_and_more.py,sha256=oI9MV5r2CKy80j_kfEbRUfpNZVuBbkV_I27hpiPn66A,3075001
 enap_designsystem/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 enap_designsystem/search_backends/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 enap_designsystem/search_backends/custom_elasticsearch.py,sha256=LeQT0_dJmNMTY7l3jOJ_7mJ9-2X0oXVqvxRiXEA0qGY,988
@@ -758,7 +761,7 @@ enap_designsystem/templates/enap_designsystem/blocks/suap/apisuap_courses_block.
 enap_designsystem/templates/enap_designsystem/blocks/suap/suap_courses_block.html,sha256=Jquna6TGWll4-XtRgHFE9tO_kPx8VBLvkXjeVgyJNwA,15838
 enap_designsystem/templates/enap_designsystem/blocks/suap/suap_events_block.html,sha256=mL2DFQeAuDIx_GyCoEURKmME-Mmd-zQ_NZkO7YW9Z2k,20182
 enap_designsystem/templates/enap_designsystem/form_templates/form_report.html,sha256=WXf4HgNQY0M6zZ-tERqf01mHbGflqWXT96RaJYjCxFA,16081
-enap_designsystem/templates/enap_designsystem/form_templates/formulario_page.html,sha256=J37sTegXHzkl4GLs66kPDL7ODe1Os1L5dlVceGSGDJU,54407
+enap_designsystem/templates/enap_designsystem/form_templates/formulario_page.html,sha256=0OkarSj7Mr-_TrmhpfebIvrbbc6TCc9fX_VK2lC25h4,59682
 enap_designsystem/templates/enap_designsystem/form_templates/formulario_page_landing.html,sha256=YsxUFe2U7aQHY8Xb_WeCjwQZWJOpLVlhS8Q3HpCMNug,7670
 enap_designsystem/templates/enap_designsystem/form_templates/formulario_page_success.html,sha256=c4w6PvTR5_g8P5wCxs_Xu235JyHRgLNtM0eD33XcVTI,9435
 enap_designsystem/templates/enap_designsystem/form_templates/home_page.html,sha256=BYV5TV6xp0uY3SWtNsAf8p-aDqPiHfM8j4pWbqTUV2M,42329
@@ -853,8 +856,8 @@ enap_designsystem/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG
 enap_designsystem/utils/decorators.py,sha256=aq6SbLn0LcH2rfE3ZFit8jkD7pSx9fLVBUUwVB747hg,335
 enap_designsystem/utils/services.py,sha256=6dG5jLSbwH49jpZV9ZNpWlaZqI49gTlwlr1vaerxdiU,5824
 enap_designsystem/utils/sso.py,sha256=vjAuoYgoLeQAa_dkkyQ6-LmHvKMaVCxizNFpe5y3iUA,1145
-wagtail_enap_designsystem-1.2.1.138.dist-info/licenses/LICENSE,sha256=Btzdu2kIoMbdSp6OyCLupB1aRgpTCJ_szMimgEnpkkE,1056
-wagtail_enap_designsystem-1.2.1.138.dist-info/METADATA,sha256=yHsN_UlpqwUMwIpyJPM9RDvomYYWa2Jjk0QJxJxZOSs,3651
-wagtail_enap_designsystem-1.2.1.138.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-wagtail_enap_designsystem-1.2.1.138.dist-info/top_level.txt,sha256=RSFgMASxoA-hVftm5i4Qd0rArlX4Dq08lLv5G4sYD-g,18
-wagtail_enap_designsystem-1.2.1.138.dist-info/RECORD,,
+wagtail_enap_designsystem-1.2.1.139.dist-info/licenses/LICENSE,sha256=Btzdu2kIoMbdSp6OyCLupB1aRgpTCJ_szMimgEnpkkE,1056
+wagtail_enap_designsystem-1.2.1.139.dist-info/METADATA,sha256=i3AYqUGv25ktLFpqbHhS9xynFNpco584N2Ja5MS_jrI,3651
+wagtail_enap_designsystem-1.2.1.139.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+wagtail_enap_designsystem-1.2.1.139.dist-info/top_level.txt,sha256=RSFgMASxoA-hVftm5i4Qd0rArlX4Dq08lLv5G4sYD-g,18
+wagtail_enap_designsystem-1.2.1.139.dist-info/RECORD,,