…scripsh

Basic WAF (Web Application Firewall)

Written by

admin

in

from flask import Flask, request, render_template_string
import re

app = Flask(__name__)

# Define common attack patterns to block with tailored messages
BLOCKED_PATTERNS = {
    r"' OR '1'='1'": "Detected SQL Injection attempt: This input could manipulate database queries.",
    r"'(.*?)--": "Detected SQL Injection attempt: This input could terminate a query.",
    r"<script.*?>": "Detected XSS attempt: This input could execute malicious scripts in users' browsers.",
    r"(?i)DROP\s+TABLE": "Detected SQL Injection attempt: This input could delete database tables.",
    r"(?i)SELECT\s+\*": "Detected SQL Injection attempt: This input could retrieve sensitive data from the database.",
    r"(?i)INSERT\s+INTO": "Detected SQL Injection attempt: This input could insert data into the database.",
    r"(?i)DELETE\s+FROM": "Detected SQL Injection attempt: This input could delete data from the database.",
    r"(?i)UPDATE\s+\w+\s+SET": "Detected SQL Injection attempt: This input could update database records.",
    r"(?i)UNION\s+SELECT": "Detected SQL Injection attempt: This input could combine results from multiple queries.",
    r"<iframe.*?>": "Detected XSS attempt: This input could embed malicious content.",
    r"(?i)EXEC\s+": "Detected SQL Injection attempt: This input could execute arbitrary commands.",
}

def check_input(payload):
    for pattern, message in BLOCKED_PATTERNS.items():
        if re.search(pattern, payload):
            return message, False
    return "Input received safely. Thank you!", True

@app.route('/', methods=['GET', 'POST'])
def index():
    payload = request.form.get('input', '')
    message, is_safe = check_input(payload) if payload else (None, False)
    show_refresh = True  # Always show the refresh button
    return render_template_string(render_template(message, payload, show_refresh, is_safe))

def render_template(message, payload, show_refresh, is_safe):
    message_color = "green" if is_safe else "red" if message else "black"
    refresh_button = '<form action="/" method="get"><input type="submit" value="Refresh"></form>' if show_refresh else ''
    return f'''
        <h1>Web Application Firewall</h1>
        <form method="post">
            Input: <input type="text" name="input" value="{payload}">
            <input type="submit" value="Submit">
        </form>
        <h3 style="color: {message_color};">{message if message else ""}</h3>
        {refresh_button}
    '''

if __name__ == "__main__":
    app.run(port=5000)

More posts