Skip to content

Commit

Permalink
Merge pull request #2 from noobpk/dev
Browse files Browse the repository at this point in the history
Bump to version 0.1.2
  • Loading branch information
noobpk authored Jul 12, 2023
2 parents 2b70fb5 + bd65216 commit 6517053
Show file tree
Hide file tree
Showing 22 changed files with 894 additions and 328 deletions.
30 changes: 24 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ For more details: [Web-Vuln-Detection-Predict](https://github.com/noobpk/Web-Vul
| Malformed Content Types | |
| HTTP Method Tampering | :white_check_mark: |
| Large Requests | :white_check_mark: |
| Path Traversal | |
| Path Traversal | :white_check_mark: |
| Unvalidated Redirects | :white_check_mark: |

| Injections | Supported |
Expand Down Expand Up @@ -106,17 +106,32 @@ Gemini supports 3 modes and recommends sensitivity levels for the application to
| monitor | 70 |
| block | 50 |

## Support Predict Server
## Public Predict Server

| Address | Version |
| ------- | --------- |
| https://web-vuln-detect.my-app.in | 19-06-2023 |
| Address | Version | License Key |
| ------- | --------- | --------- |
| https://web-vuln-detect.my-app.in | 07-2023 | 988907ce-9803-11ed-a8fc-0242ac120002 |

## License Key

The license key is used for authentication with the API.

Key: `988907ce-9803-11ed-a8fc-0242ac120002`
## Deploy Predict Server with Docker

To deploy predict server using docker, follow these steps -

1. Clone this repository on your local machine or any other system where you have installed Docker. Replace `your-auth-key` with whatever you want. Suggest to use `uuid` or `sha256` for this key.

```
$ wget -O docker-compose.yml https://raw.githubusercontent.com/noobpk/gemini-self-protector/dev/predict-server/docker-compose.yml
```
2. Open terminal in that directory

3. Run following command to run container

```
$ docker-compose up
```

## GUI Features

Expand Down Expand Up @@ -151,6 +166,9 @@ https://appseed.us/product/datta-able/flask/

![image](https://github.com/noobpk/gemini-self-protector/assets/31820707/e5b58af5-fe2a-4f3a-ab03-e25923bd72ee)

### Endpoint
![image](https://github.com/noobpk/gemini-self-protector/assets/31820707/67db7eed-5c12-452d-89ae-80a88b10817a)

## Contributing

Interested in contributing? Check out the contributing guidelines. Please note that this project is released with a Code of Conduct. By contributing to this project, you agree to abide by its terms.
Expand Down
11 changes: 11 additions & 0 deletions gemini-predict-server/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: "3"

services:
gemini-web-vuln-detection:
image: noobpk/gemini-web-vuln-detection
environment:
- AUTH_KEY="your-authen-key"
ports:
- "3000:443"
container_name: gemini-web-vuln-detection
restart: unless-stopped
7 changes: 7 additions & 0 deletions gemini-python/gemini_self_protector/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# Changelog

## v0.1.2 (12/07/2023)

- Update for work with new predict server
- Add feedback page
- Add Endpoint page
- Fix bug

## v0.1.1 (24/06/2023)

- Refactor source code
Expand Down
290 changes: 155 additions & 135 deletions gemini-python/gemini_self_protector/poetry.lock

Large diffs are not rendered by default.

5 changes: 3 additions & 2 deletions gemini-python/gemini_self_protector/pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "gemini_self_protector"
version = "0.1.1"
version = "0.1.2"
description = "Runtime Application Self-Protection"
authors = ["lethanhphuc"]
license = "MIT"
Expand All @@ -9,11 +9,12 @@ readme = "README.md"
[tool.poetry.dependencies]
python = "^3.9"
colorlog = "^6.7.0"
argon2-cffi = "^21.3.0"
flask-sqlalchemy = "^3.0.3"
pyyaml = "^6.0"
pyjwt = "^2.7.0"
cachetools = "^5.3.1"
passlib = "^1.7.4"
requests = "^2.31.0"

[tool.poetry.dev-dependencies]

Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
import os
import yaml
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from ._logger import logger
import json
import csv
from ipaddress import ip_address
from datetime import datetime
from ._model import Base, tb_User, tb_Config, tb_Summary, tb_RequestLog, tb_AccessControlList, tb_Dependency
from ._model import Base, tb_User, tb_Config, tb_Summary, tb_RequestLog, tb_AccessControlList, tb_Dependency, tb_Feedback

class _Config(object):

Expand Down Expand Up @@ -182,6 +182,19 @@ def get_tb_request_log_first(event_id) -> None:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Config.get_tb_config', e))

def update_record_request_log(_event_id) -> None:
try:
session = _Config.get_session()
request_log_record = session.query(tb_RequestLog).filter_by(
event_id=_event_id).first()
if request_log_record:
request_log_record.review = True
session.commit()
session.close()
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Config.update_record_request_log', e))

def get_tb_acl() -> None:
try:
session = _Config.get_session()
Expand Down Expand Up @@ -279,3 +292,44 @@ def store_tb_dependency(package, version, cve_id, severity):
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Config.store_tb_dependency', e))

def get_tb_feedback() -> None:
try:
session = _Config.get_session()
feedback = _Config.get_model_instance_all(session, tb_Feedback)
return feedback
except Exception as e:
logger.error(
"[x_x] Something went wrong, please check your error message.\n Message - {0}".format('_Config.get_tb_dependency', e))

def store_tb_feedback(_sentence, _label):
try:
session = _Config.get_session()
new_record = tb_Feedback(
sentence=_sentence,
label=_label,
)
session.add(new_record)
session.commit()
session.close()
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Config.store_gemini_feedback', e))

def export_tb_feedback() -> str:
try:
session = _Config.get_session()
feedback = _Config.get_model_instance_all(session, tb_Feedback)

gemini_working_directory = _Config.get_tb_config().working_directory
csv_file_path = gemini_working_directory+"/feedback.csv"

with open(csv_file_path, mode='w', newline='') as file:
writer = csv.writer(file)
writer.writerow(['Sentence', 'Label']) # Write header
for row in feedback:
writer.writerow([row.sentence, row.label])

return csv_file_path
except Exception as e:
logger.error("[x_x] Something went wrong, please check your error message.\n Message - {0}".format('_Config.export_tb_feedback', e))
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@

class _Gemini(object):

def init_gemini_database(working_directory):
def init_gemini_database(_working_directory):
try:
_Config(working_directory)
_Config(_working_directory)
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.update_gemini_config', e))
Expand All @@ -28,9 +28,9 @@ def get_gemini_config() -> None:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.get_gemini_config', e))

def update_gemini_config(update_content):
def update_gemini_config(_update_content):
try:
_Config.update_tb_config(update_content)
_Config.update_tb_config(_update_content)
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.update_gemini_config', e))
Expand Down Expand Up @@ -73,22 +73,28 @@ def get_gemini_request_log() -> None:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.get_gemini_summary', e))

def get_gemini_detail_request_log(event_id) -> None:
def get_gemini_detail_request_log(_event_id) -> None:
try:
_gemini_return = _Config.get_tb_request_log_first(event_id)
_gemini_return = _Config.get_tb_request_log_first(_event_id)
return _gemini_return
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.get_gemini_detail_request_log', e))


def store_gemini_request_log(ipaddress, url, request, response, attack_type, predict, event_id, latitude, longitude):
try:
_Config.store_tb_request_log(ipaddress, url, request, response, attack_type, predict, event_id, latitude, longitude)
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.store_gemini_request_log', e))

def update_gemini_request_log(_event_id):
try:
_Config.update_record_request_log(_event_id)
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.update_gemini_request_log', e))

def get_gemini_acl():
try:
_gemini_return = _Config.get_tb_acl()
Expand Down Expand Up @@ -126,33 +132,37 @@ def get_gemini_audit_dependency() -> None:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.get_gemini_audit_dependency', e))

def validator_license_key(license_key):
"""
It takes a license key as an argument and validates it
def get_gemini_feedback() -> None:
try:
_gemini_return = _Config.get_tb_feedback()
return _gemini_return
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.get_gemini_feedback', e))

:param license_key: The license key you received from the license server
"""
def store_gemini_feedback(_sentence, _label):
try:
_gemini_return = _Validator.validate_license_key(license_key)
_Config.store_tb_feedback(_sentence, _label)
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.store_gemini_feedback', e))

def export_gemini_feedback() -> str:
try:
_gemini_return = _Config.export_tb_feedback()
return _gemini_return
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.validator_license_key', e))
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.export_gemini_feedback', e))

def is_valid_license_key() -> None:
"""
This function attempts to validate a license key and logs an error message if an exception
occurs.
:return: the output of the `_Validator.is_valid_license_key()` method, which is not specified in
the code provided. The return type is also not specified, but it is assumed to be a boolean
value since the method name suggests that it is checking if a license key is valid or not.
"""

def validator_key_auth(_key):
try:
_gemini_return = _Validator.is_valid_license_key()
_gemini_return = _Validator.validate_key_auth(_key)
return _gemini_return
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.is_valid_license_key', e))
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.validator_key_auth', e))

def validator_protect_mode(protect_mode) -> None:
"""
Expand Down Expand Up @@ -442,9 +452,9 @@ def health_check_predict_server() -> None:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.check_predict_server', e))

def validator_predict_server(server) -> None:
def validator_predict_server(_server, _key) -> None:
try:
return _Validator.validate_predict_server(server)
return _Validator.validate_predict_server(_server, _key)
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.validator_predict_server', e))
Expand All @@ -454,4 +464,4 @@ def __load_mini_anti_dos__() -> None:
return _Protect.__handle_mini_anti_dos__()
except Exception as e:
logger.error(
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.__load_mini_anti_dos__', e))
"[x_x] Something went wrong at {0}, please check your error message.\n Message - {1}".format('_Gemini.__load_mini_anti_dos__', e))
Loading

0 comments on commit 6517053

Please sign in to comment.