Metadata-Version: 2.1
Name: gemini_self_protector
Version: 0.1.7
Summary: Runtime Application Self-Protection
License: MIT
Author: lethanhphuc
Requires-Python: >=3.9,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Requires-Dist: argon2-cffi (>=23.1.0,<24.0.0)
Requires-Dist: cachetools (>=5.3.1,<6.0.0)
Requires-Dist: colorlog (>=6.7.0,<7.0.0)
Requires-Dist: flask-sqlalchemy (>=3.0.3,<4.0.0)
Requires-Dist: passlib (>=1.7.4,<2.0.0)
Requires-Dist: psutil (>=6.1.0,<7.0.0)
Requires-Dist: pyjwt (>=2.7.0,<3.0.0)
Requires-Dist: pyyaml (>=6.0,<7.0)
Requires-Dist: requests (>=2.31.0,<3.0.0)
Requires-Dist: tqdm (>=4.66.1,<5.0.0)
Description-Content-Type: text/markdown

# gemini_self_protector

Gemini - The Runtime Application Self Protection (RASP) Solution Combined With Deep Learning

## Installation

```
$ pip install gemini_self_protector
```

## Protect Mode & Sensitive

Gemini supports 3 modes and recommends sensitivity levels for the application to operate at its best state.

| Mode    | Sensitive |
| ------- | --------- |
| off     | N/A       |
| monitor | 70        |
| block   | 50        |

## License Key

The license key is used for authentication with the API.

Key: `988907ce-9803-11ed-a8fc-0242ac120002`

## Init Gemini self-protector

### CLI Mode

```
from flask import Flask, request
from gemini_self_protector import GeminiManager

app = Flask(__name__)
gemini = GeminiManager()
```

### GUI Mode

```
from flask import Flask, request
from gemini_self_protector import GeminiManager

app = Flask(__name__)
gemini = GeminiManager(app)
```

## Basic Usage

With the basic usage, Gemini runs in the default mode of "monitoring" and allows a sensitivity level of under 50, above which requests will be stored for monitoring purposes.

```
from flask import Flask, request, jsonify
from gemini_self_protector import GeminiManager

app = Flask(__name__)
gemini = GeminiManager(app)

@app.route('/api/login', methods=['POST'])
@gemini.flask_protect_extended() <--- Declare gemini below flask route and without option
def login():
    username = request.json['username']
    password = request.json['password']
    if username == "test" and password == "test":
        response = jsonify({
            "status": "Success",
            "message": "Login successful",
            "access_token": access_token
            })
        return response
    else:
        return jsonify({
            "status": "Fail",
            "message": "Incorrect Username or Password"
            }), 401

if __name__ == "__main__":
    app.run()
```

## Advance Usage

The advanced usage of Gemini allows for deeper customization. Specifically, it is possible to specify individual modes for each router and have a dashboard to monitor the activity of the application. The running mode and sensitivity can be adjusted directly on the dashboard, and additional features are currently being developed.

```
from flask import Flask
from flask import jsonify
from flask import request

from gemini_self_protector import GeminiManager

app = Flask(__name__)
gemini = GeminiManager(app)

@app.route('/api/login', methods=['POST'])
@gemini.flask_protect_extended(protect_mode='block') <--- Declare gemini below flask route with protect mode option
def login():
    username = request.json['username']
    password = request.json['password']
    if username == "test" and password == "test":
        response = jsonify({
            "status": "Success",
            "message": "Login successful",
            "access_token": access_token
            })
        return response
    else:
        return jsonify({
            "status": "Fail",
            "message": "Incorrect Username or Password"
            }), 401

if __name__ == "__main__":
    app.run()
```

## Gemini Protect Against

| Attacks                 | Supported          |
| ----------------------- | ------------------ |
| Malformed Content Types |                    |
| HTTP Method Tampering   | :white_check_mark: |
| Large Requests          | :white_check_mark: |
| Path Traversal          |                    |
| Unvalidated Redirects   | :white_check_mark: |

| Injections                 | Supported          |
| -------------------------- | ------------------ |
| Command Injection          | :white_check_mark: |
| Cross-Site Scripting       | :white_check_mark: |
| Cross-Site Request Forgery |                    |
| CSS & HTML Injection       |                    |
| JSON & XML Injection       |                    |
| SQL Injection              | :white_check_mark: |

| Weaknesses                   | Supported          |
| ---------------------------- | ------------------ |
| Insecure Cookies & Transport |                    |
| Weak Browser Caching         | :white_check_mark: |
| Vulnerable Dependencies      | :white_check_mark: |
| Weak Cryptography            |                    |
| HTTP Response Headers        | :white_check_mark: |
| API Rate Limit               | :white_check_mark: |

## Gemini Security Response Headers

| HTTP Response Headers | Default configuration | 
| ------------------------------ | --------------------- |
| X-Frame-Options                | SAMEORIGIN            |
| X-XSS-Protection               | 1; mode=block         |
| X-Content-Type-Options         | nosniff               |
| Referrer-Policy                | no-referrer-when-downgrade |
| Content-Type                   | N/A                   |
| Strict-Transport-Security      | max-age=31536000; includeSubDomains; preload |
| Expect-CT                      | enforce; max-age=31536000 |
| Content-Security-Policy        | N/A                   |
| X-Permitted-Cross-Domain-Policies | none               |
| Feature-Policy                 | fullscreen 'self'     |
| Cache-Control                  | no-cache, no-store, must-revalidate |
| Pragma                         | no-cache              |
| Expires                        | 0                     |
| X-UA-Compatible                | IE=Edge,chrome=1      |
| Access-Control-Allow-Origin    | *                     |
| Access-Control-Allow-Methods   | *                     |
| Access-Control-Allow-Headers   | *                     |
| Access-Control-Allow-Credentials | true                |
| Cross-Origin-Opener-Policy     | N/A                   |
| Cross-Origin-Embedder-Policy   | N/A                   |
| Cross-Origin-Resource-Policy   | N/A                   |
| Permissions-Policy             | N/A                   |
| FLoC                           | N/A                   |
| Server                         | gemini                |
| X-Powered-By                   | N/A                   |
| X-AspNet-Version               | N/A                   |
| X-AspNetMvc-Version            | N/A                   |
| X-DNS-Prefetch-Control         | N/A                   |

## Contributing

Interested in contributing? Check out the contributing guidelines. Please note that this project is released with a Code of Conduct. By contributing to this project, you agree to abide by its terms.

## License

`gemini_self_protector` was created by lethanhphuc. It is licensed under the terms of the MIT license.

## Credits

`gemini_self_protector` was created with [`cookiecutter`](https://cookiecutter.readthedocs.io/en/latest/) and the `py-pkgs-cookiecutter` [template](https://github.com/py-pkgs/py-pkgs-cookiecutter).

