id: django-framework-exceptions

info:
  name: Django Framework Exceptions
  author: geeknik
  severity: medium
  description: Detects suspicious Django web application framework exceptions that could indicate exploitation attempts
  reference:
    - https://docs.djangoproject.com/en/1.11/ref/exceptions/
    - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security
  tags: file,logs,django
file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: exception
        part: body
        regex:
          - 'SuspiciousOperation'
          - 'DisallowedHost'
          - 'DisallowedModelAdminLookup'
          - 'DisallowedModelAdminToField'
          - 'DisallowedRedirect'
          - 'InvalidSessionKey'
          - 'RequestDataTooBig'
          - 'SuspiciousFileOperation'
          - 'SuspiciousMultipartForm'
          - 'SuspiciousSession'
          - 'TooManyFieldsSent'
          - 'PermissionDenied'
# digest: 4b0a004830460221008b0efbd4b09919107b3842e04485ea44c08a79ac676184f4bd173ac01f1a018a0221008ed8c0ecff57cae7f6575ef15c16aed3d44585ebdce04bb45e5344b3901f90a2:922c64590222798bb761d5b6d8e72950