id: django-framework-exceptions

info:
  name: Django Framework Exceptions
  author: geeknik
  severity: medium
  description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
  reference:
    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
  tags: file,logs,django

file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: exception
        part: body
        regex:
          - 'SuspiciousOperation'
          - 'DisallowedHost'
          - 'DisallowedModelAdminLookup'
          - 'DisallowedModelAdminToField'
          - 'DisallowedRedirect'
          - 'InvalidSessionKey'
          - 'RequestDataTooBig'
          - 'SuspiciousFileOperation'
          - 'SuspiciousMultipartForm'
          - 'SuspiciousSession'
          - 'TooManyFieldsSent'
          - 'PermissionDenied'