Skip to content

pietrocg/waf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

WAF PoC

Install

You can install the package with pip install waf and use the package with import waf. The package adds itself to the Django projects Middleware and apps.

How does it work?

This WAF PoC contains 3 separate injection detection mechanisms:

  • The SQL wrapper function, that monkey patches the original Django.db connection function and the SQL compiler, checking against malicious patterns. This will detect any attempts to manipulate SQl functions through the database connection strings. The code for this is in 'db_query_wrapper.py'.

  • The SQL injection middleware, that intercepts incoming ad outgoing requests, and checks for strings that can be used for injection. You can find the code for this in 'middleware.py'.

  • The rate limiting middleware limits each user to 1000 requests per minute, on a running base.

What's missing?

WSGI threading implementation of stats:

  • Create a queue with queue library
  • Start a thread with thread library
  • Send each event to the queue
  • Take event from queue and write to log file/ logging software
  • Add stats collector to the functions that need to be logged

About

A PoC for a Web Application Firewall

Resources

Stars

0 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages