id: django-framework-exceptions

info:
  name: Django Framework Exceptions
  author: geeknik
  severity: medium
  description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
  reference:
    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
  tags: file,logs,django
file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: exception
        part: body
        regex:
          - 'SuspiciousOperation'
          - 'DisallowedHost'
          - 'DisallowedModelAdminLookup'
          - 'DisallowedModelAdminToField'
          - 'DisallowedRedirect'
          - 'InvalidSessionKey'
          - 'RequestDataTooBig'
          - 'SuspiciousFileOperation'
          - 'SuspiciousMultipartForm'
          - 'SuspiciousSession'
          - 'TooManyFieldsSent'
          - 'PermissionDenied'

# digest: 4a0a0047304502205f33a921687fc710f1271b09e50c6f9fbca2ca07919f6239a8972da5e80e4ece022100bfc39ac2cdb85b270eb0d92321b0809a68df57f8956a06dcaf6ac4a1e4b87e2f:922c64590222798bb761d5b6d8e72950