-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdlp_proxy.py
More file actions
157 lines (123 loc) · 5.05 KB
/
dlp_proxy.py
File metadata and controls
157 lines (123 loc) · 5.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
import json
import os
import re
from mitmproxy import http
from mitmproxy import ctx
from presidio_analyzer import AnalyzerEngine
from typing import List
from modules.check_regex import checkRegex
from modules.check_keyword import checkKeyword
from modules.check_upload import checkUploadGithub
from modules.handle_sensitive_data import handleSensitiveData
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
CONFIG_DIR = os.path.join(BASE_DIR, "json")
RULE_FILE = os.path.join(CONFIG_DIR, "sensitive_info.json")
KEYWORD_FILE = os.path.join(CONFIG_DIR, "keyword.json")
ALLOWLIST_FILE = os.path.join(CONFIG_DIR, "allowlist.json")
LOG_FILE = "dlp.log"
# 허용되는 최대 크기 100MB
MAX_PAYLOAD_SIZE = 100 * 1024 * 1024
class EnglishDLPAnalyzer:
def __init__(self):
self.analyzer = AnalyzerEngine()
def analyze_text(self, text: str):
"""
Returns:
{
"is_leak": bool,
"entities": ["EMAIL_ADDRESS", "PHONE_NUMBER", ...]
}
"""
if not text or text.strip() == "":
return {"is_leak": False, "entities": []}
results = self.analyzer.analyze(text=text, language="en")
if not results:
return {"is_leak": False, "entities": []}
entities = list(set([r.entity_type for r in results]))
return {
"is_leak": True,
"entities": entities
}
nlp_dlp = EnglishDLPAnalyzer()
try:
with open(RULE_FILE, "r", encoding="utf-8") as f:
DLP_RULES = json.load(f)
ctx.log.info(f"[*] Loaded {len(DLP_RULES)} DLP rules from {RULE_FILE}")
except Exception as e:
ctx.log.error(f"[!] Failed to load rules: {e}")
DLP_RULES = []
try:
with open(KEYWORD_FILE, "r", encoding="utf-8") as f:
KEYWORD = json.load(f)
ctx.log.info(f"[*] Loaded {len(KEYWORD)} keyword from {KEYWORD_FILE}")
except Exception as e:
ctx.log.error(f"[!] Failed to load keyword: {e}")
KEYWORD = []
try:
with open(ALLOWLIST_FILE, "r", encoding="utf-8") as f:
ALLOWLIST = json.load(f)
ctx.log.info(f"[*] Loaded {len(ALLOWLIST)} keyword from {ALLOWLIST_FILE}")
except Exception as e:
ctx.log.error(f"[!] Failed to load keyword: {e}")
ALLOWLIST = []
def request(flow: http.HTTPFlow) -> None:
request_url = flow.request.pretty_url
request_header = json.dumps(dict(flow.request.headers))
request_body = flow.request.get_text()
request_method = flow.request.method
request_text = f"URL : {request_url}, Headers : {request_header}, Body : {request_body}"
content_type = flow.request.headers.get("Content-Type", "")
ALLOWLIST_DOMAINS = ALLOWLIST.get("ALLOWLIST_DOMAINS")
if ALLOWLIST_DOMAINS and re.search(ALLOWLIST_DOMAINS, request_url):
return
if any(x in content_type for x in ["video", "audio"]):
return
if not request_text:
return
detected_items = checkRegex(request_text, DLP_RULES, KEYWORD)
if detected_items:
handleSensitiveData(flow, detected_items, request_url)
detected_items = checkKeyword(request_url, request_text, KEYWORD, ALLOWLIST, MAX_PAYLOAD_SIZE)
if detected_items:
handleSensitiveData(flow, detected_items, request_url)
detected_items = checkUploadGithub(request_url, request_method, request_header, ALLOWLIST)
if detected_items:
handleSensitiveData(flow, detected_items, request_url)
ai_result = nlp_dlp.analyze_text(request_body)
if ai_result["is_leak"]:
alert_msg = f"[DLP DETECTED/AI] {request_url} -> Entities: {ai_result['entities']}"
ctx.log.alert(alert_msg)
with open(LOG_FILE, "a", encoding="utf-8") as log:
log.write(f"{alert_msg}\n")
log.write(f"Message request payload: {request_text}\n")
flow.response = http.Response.make(
403,
b"Blocked by AI-DLP: Sensitive Information Found\n",
{"Content-Type": "text/plain"}
)
return
def response(flow: http.HTTPFlow) -> None:
response_header = json.dumps(dict(flow.response.headers))
response_body = flow.response.get_text()
response_text = f"Headers : {response_header}, Body : {response_body}"
content_type = flow.response.headers.get("Content-Type", "")
if any(x in content_type for x in ["video", "audio"]):
return
if not response_text:
return
detected_items = checkRegex(response_text, DLP_RULES, KEYWORD)
if detected_items:
handleSensitiveData(flow, detected_items)
ai_result = nlp_dlp.analyze_text(response_text)
if ai_result["is_leak"]:
alert_msg = f"[DLP DETECTED/AI] {flow.request.pretty_url} -> Entities: {ai_result['entities']}"
ctx.log.alert(alert_msg)
with open(LOG_FILE, "a", encoding="utf-8") as log:
log.write(f"{alert_msg}\n")
log.write(f"Message response payload: {response_text}\n")
flow.response = http.Response.make(
403,
b"Blocked by AI-DLP: Sensitive Information Found\n",
{"Content-Type": "text/plain"}
)
return