34 lines
952 B
YAML
34 lines
952 B
YAML
|
id: django-framework-exceptions
|
||
|
|
|
||
|
|
info:
|
||
|
|
name: Django Framework Exceptions
|
||
|
|
description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
|
||
|
|
author: geeknik
|
||
|
|
reference:
|
||
|
|
- https://docs.djangoproject.com/en/1.11/ref/exceptions/
|
||
|
|
- https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
|
||
|
|
severity: medium
|
||
|
|
tags: file,logs,django
|
||
|
|
|
||
|
|
file:
|
||
|
|
- extensions:
|
||
|
|
- all
|
||
|
|
|
||
|
|
extractors:
|
||
|
|
- type: regex
|
||
|
|
name: exception
|
||
|
|
part: body
|
||
|
|
regex:
|
||
|
|
- 'SuspiciousOperation'
|
||
|
|
- 'DisallowedHost'
|
||
|
|
- 'DisallowedModelAdminLookup'
|
||
|
|
- 'DisallowedModelAdminToField'
|
||
|
|
- 'DisallowedRedirect'
|
||
|
|
- 'InvalidSessionKey'
|
||
|
|
- 'RequestDataTooBig'
|
||
|
|
- 'SuspiciousFileOperation'
|
||
|
|
- 'SuspiciousMultipartForm'
|
||
|
|
- 'SuspiciousSession'
|
||
|
|
- 'TooManyFieldsSent'
|
||
|
|
- 'PermissionDenied'
|