Runtime Application Self-Protection
Project description
gemini_self_protector
Gemini - The Runtime Application Self Protection (RASP) Solution Combined With Deep Learning
Installation
$ pip install gemini_self_protector
Protect Mode & Sensitive
Gemini supports 3 modes and recommends sensitivity levels for the application to operate at its best state.
| Mode | Sensitive |
|---|---|
| off | N/A |
| monitor | 70 |
| block | 50 |
License Key
The license key is used for authentication with the API.
Key: 988907ce-9803-11ed-a8fc-0242ac120002
Init Gemini self-protector
CLI Mode
from flask import Flask, request
from gemini_self_protector import GeminiManager
app = Flask(__name__)
gemini = GeminiManager()
GUI Mode
from flask import Flask, request
from gemini_self_protector import GeminiManager
app = Flask(__name__)
gemini = GeminiManager(app)
Basic Usage
With the basic usage, Gemini runs in the default mode of "monitoring" and allows a sensitivity level of under 50, above which requests will be stored for monitoring purposes.
from flask import Flask, request, jsonify
from gemini_self_protector import GeminiManager
app = Flask(__name__)
gemini = GeminiManager(app)
@app.route('/api/login', methods=['POST'])
@gemini.flask_protect_extended() <--- Declare gemini below flask route and without option
def login():
username = request.json['username']
password = request.json['password']
if username == "test" and password == "test":
response = jsonify({
"status": "Success",
"message": "Login successful",
"access_token": access_token
})
return response
else:
return jsonify({
"status": "Fail",
"message": "Incorrect Username or Password"
}), 401
if __name__ == "__main__":
app.run()
Advance Usage
The advanced usage of Gemini allows for deeper customization. Specifically, it is possible to specify individual modes for each router and have a dashboard to monitor the activity of the application. The running mode and sensitivity can be adjusted directly on the dashboard, and additional features are currently being developed.
from flask import Flask
from flask import jsonify
from flask import request
from gemini_self_protector import GeminiManager
app = Flask(__name__)
gemini = GeminiManager(app)
@app.route('/api/login', methods=['POST'])
@gemini.flask_protect_extended(protect_mode='block') <--- Declare gemini below flask route with protect mode option
def login():
username = request.json['username']
password = request.json['password']
if username == "test" and password == "test":
response = jsonify({
"status": "Success",
"message": "Login successful",
"access_token": access_token
})
return response
else:
return jsonify({
"status": "Fail",
"message": "Incorrect Username or Password"
}), 401
if __name__ == "__main__":
app.run()
Gemini Protect Against
| Attacks | Supported |
|---|---|
| Malformed Content Types | |
| HTTP Method Tampering | :white_check_mark: |
| Large Requests | :white_check_mark: |
| Path Traversal | |
| Unvalidated Redirects | :white_check_mark: |
| Injections | Supported |
|---|---|
| Command Injection | :white_check_mark: |
| Cross-Site Scripting | :white_check_mark: |
| Cross-Site Request Forgery | |
| CSS & HTML Injection | |
| JSON & XML Injection | |
| SQL Injection | :white_check_mark: |
| Weaknesses | Supported |
|---|---|
| Insecure Cookies & Transport | |
| Weak Browser Caching | :white_check_mark: |
| Vulnerable Dependencies | :white_check_mark: |
| Weak Cryptography | |
| HTTP Response Headers | :white_check_mark: |
| API Rate Limit | :white_check_mark: |
Gemini Security Response Headers
| HTTP Response Headers | Default configuration |
|---|---|
| X-Frame-Options | SAMEORIGIN |
| X-XSS-Protection | 1; mode=block |
| X-Content-Type-Options | nosniff |
| Referrer-Policy | no-referrer-when-downgrade |
| Content-Type | N/A |
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
| Expect-CT | enforce; max-age=31536000 |
| Content-Security-Policy | N/A |
| X-Permitted-Cross-Domain-Policies | none |
| Feature-Policy | fullscreen 'self' |
| Cache-Control | no-cache, no-store, must-revalidate |
| Pragma | no-cache |
| Expires | 0 |
| X-UA-Compatible | IE=Edge,chrome=1 |
| Access-Control-Allow-Origin | * |
| Access-Control-Allow-Methods | * |
| Access-Control-Allow-Headers | * |
| Access-Control-Allow-Credentials | true |
| Cross-Origin-Opener-Policy | N/A |
| Cross-Origin-Embedder-Policy | N/A |
| Cross-Origin-Resource-Policy | N/A |
| Permissions-Policy | N/A |
| FLoC | N/A |
| Server | gemini |
| X-Powered-By | N/A |
| X-AspNet-Version | N/A |
| X-AspNetMvc-Version | N/A |
| X-DNS-Prefetch-Control | N/A |
Contributing
Interested in contributing? Check out the contributing guidelines. Please note that this project is released with a Code of Conduct. By contributing to this project, you agree to abide by its terms.
License
gemini_self_protector was created by lethanhphuc. It is licensed under the terms of the MIT license.
Credits
gemini_self_protector was created with cookiecutter and the py-pkgs-cookiecutter template.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for gemini_self_protector-0.1.6.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a8016fdad7c4ee72101a32b52beb799f14018c4c5ab7c68181b70b4c8deed9a0 |
|
| MD5 | 164d973b92d58a8a55fa8e358a7bc97d |
|
| BLAKE2b-256 | c57a0b632187fb35accbb3c3415618a9a6effc34cd4317bf5ea5eb5d94d8b0a7 |
Hashes for gemini_self_protector-0.1.6-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a826eb514892092d69d6a4a0c54faea5a8c1cc3b22207eb421c564954ba83715 |
|
| MD5 | 685c1748bb8185be18b7a53db0457188 |
|
| BLAKE2b-256 | ff1b438f46e4b89d20a66bc84e0210670c386e3a3635f68de4b29cae560383f5 |
