237899745/zsglpt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
46253337ebe96169eae4577a2c0fb3bc58f164df
zsglpt/security/constants.py
yuyx 46253337eb feat: 实现完整安全防护系统 
Phase 1 - 威胁检测引擎:
- security/threat_detector.py: JNDI/SQL/XSS/路径遍历/命令注入检测
- security/constants.py: 威胁检测规则和评分常量
- 数据库表: threat_events, ip_risk_scores, user_risk_scores, ip_blacklist

Phase 2 - 风险评分与黑名单:
- security/risk_scorer.py: IP/用户风险评分引擎,支持分数衰减
- security/blacklist.py: 黑名单管理,自动封禁规则

Phase 3 - 响应策略:
- security/honeypot.py: 蜜罐响应生成器
- security/response_handler.py: 渐进式响应策略

Phase 4 - 集成:
- security/middleware.py: Flask安全中间件
- routes/admin_api/security.py: 管理后台安全仪表板API
- 36个测试用例全部通过

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-27 01:28:38 +08:00

98 lines
3.0 KiB
Python
Raw Blame History

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from __future__ import annotations
import re
# ==================== Threat Types ====================
THREAT_TYPE_JNDI_INJECTION = "jndi_injection"
THREAT_TYPE_NESTED_EXPRESSION = "nested_expression"
THREAT_TYPE_SQL_INJECTION = "sql_injection"
THREAT_TYPE_XSS = "xss"
THREAT_TYPE_PATH_TRAVERSAL = "path_traversal"
THREAT_TYPE_COMMAND_INJECTION = "command_injection"
# ==================== Scores ====================
SCORE_JNDI_DIRECT = 100
SCORE_JNDI_OBFUSCATED = 100
SCORE_NESTED_EXPRESSION = 80
SCORE_SQL_INJECTION = 90
SCORE_XSS = 70
SCORE_PATH_TRAVERSAL = 60
SCORE_COMMAND_INJECTION = 85
# ==================== JNDI (Log4j) ====================
#
# - Direct: ${jndi:ldap://...} / ${jndi:rmi://...} => 100
# - Obfuscated: ${${xxx:-j}${xxx:-n}...:ldap://...} => detect
# - Nested expression: ${${...}} => 80
JNDI_DIRECT_PATTERN = r"\$\{\s*jndi\s*:\s*(?:ldap|rmi)\s*://"
# Common Log4j "default value" obfuscation variants:
# ${${::-j}${::-n}${::-d}${::-i}:ldap://...}
# ${${foo:-j}${bar:-n}${baz:-d}${qux:-i}:rmi://...}
JNDI_OBFUSCATED_PATTERN = (
r"\$\{\s*"
r"(?:\$\{[^{}]{0,50}:-j\}|\$\{::-[jJ]\})\s*"
r"(?:\$\{[^{}]{0,50}:-n\}|\$\{::-[nN]\})\s*"
r"(?:\$\{[^{}]{0,50}:-d\}|\$\{::-[dD]\})\s*"
r"(?:\$\{[^{}]{0,50}:-i\}|\$\{::-[iI]\})\s*"
r":\s*(?:ldap|rmi)\s*://"
)
NESTED_EXPRESSION_PATTERN = r"\$\{\s*\$\{"
# ==================== SQL Injection ====================
SQLI_UNION_SELECT_PATTERN = r"\bunion\b\s+(?:all\s+)?\bselect\b"
SQLI_OR_1_EQ_1_PATTERN = r"\bor\b\s+1\s*=\s*1\b"
# ==================== XSS ====================
XSS_SCRIPT_TAG_PATTERN = r"<\s*script\b"
XSS_JS_PROTOCOL_PATTERN = r"javascript\s*:"
XSS_INLINE_EVENT_HANDLER_PATTERN = r"\bon\w+\s*="
# ==================== Path Traversal ====================
PATH_TRAVERSAL_PATTERN = r"(?:\.\./|\.\.\\)+"
# ==================== Command Injection ====================
CMD_INJECTION_OPERATOR_WITH_CMD_PATTERN = (
r"(?:;|&&|\|\||\|)\s*"
r"(?:bash|sh|zsh|cmd|powershell|pwsh|curl|wget|nc|netcat|python|perl|ruby|php|node|cat|ls|id|whoami|uname|rm)\b"
)
CMD_INJECTION_SUBSHELL_PATTERN = r"(?:`[^`]{1,200}`|\$\([^)]{1,200}\))"
# ==================== Compiled Regex ====================
_FLAGS = re.IGNORECASE | re.MULTILINE
JNDI_DIRECT_RE = re.compile(JNDI_DIRECT_PATTERN, _FLAGS)
JNDI_OBFUSCATED_RE = re.compile(JNDI_OBFUSCATED_PATTERN, _FLAGS)
NESTED_EXPRESSION_RE = re.compile(NESTED_EXPRESSION_PATTERN, _FLAGS)
SQLI_UNION_SELECT_RE = re.compile(SQLI_UNION_SELECT_PATTERN, _FLAGS)
SQLI_OR_1_EQ_1_RE = re.compile(SQLI_OR_1_EQ_1_PATTERN, _FLAGS)
XSS_SCRIPT_TAG_RE = re.compile(XSS_SCRIPT_TAG_PATTERN, _FLAGS)
XSS_JS_PROTOCOL_RE = re.compile(XSS_JS_PROTOCOL_PATTERN, _FLAGS)
XSS_INLINE_EVENT_HANDLER_RE = re.compile(XSS_INLINE_EVENT_HANDLER_PATTERN, _FLAGS)
PATH_TRAVERSAL_RE = re.compile(PATH_TRAVERSAL_PATTERN, _FLAGS)
CMD_INJECTION_OPERATOR_WITH_CMD_RE = re.compile(CMD_INJECTION_OPERATOR_WITH_CMD_PATTERN, _FLAGS)
CMD_INJECTION_SUBSHELL_RE = re.compile(CMD_INJECTION_SUBSHELL_PATTERN, _FLAGS)
Reference in New Issue View Git Blame Copy Permalink