o
    Fý¤h½<  ã                   @   sn  d Z ddlZddlZddlZddlZddlZddlmZmZm	Z	m
Z
 ddlmZ ddlmZ dededee	 d	efd
d„Zde
de
d	eeee eeeef  f fdd„Zd+deded	efdd„Zded	eeee f fdd„Zd,ded	efdd„Zdededed	efdd „Zd-d"ed#ed	efd$d%„Zde	ee
f d&e	ee	f d	eeee e	ee
f f fd'd(„Zd)d*„ ZdS ).a;  
security_enhancements.py

Purpose:
  Advanced security enhancement functions that implement protection against sophisticated
  attack vectors identified during red-team security auditing. This module provides
  timing attack protection, input validation hardening, and security-focused error
  handling to maintain the highest security standards across the application.

Security Enhancements:
  - Timing attack resistant authentication checks (username enumeration prevention)
  - Geographic coordinate validation with proper bounds checking
  - Security-focused error message sanitization to prevent information disclosure
  - Enhanced input validation for all user-controllable parameters
  - Cryptographic helper functions for secure token generation and validation

Implementation Philosophy:
  All functions follow defense-in-depth principles with multiple validation layers.
  Error handling is designed to prevent information leakage while maintaining
  system functionality. Security measures are transparent to legitimate users
  but effectively block malicious attempts.
é    N)ÚTupleÚOptionalÚDictÚAny)Úwraps)Úcurrent_appÚusernameÚpasswordÚuser_rowÚreturnc                 C   sT   d}|r|d r|d   d¡}t |  d¡|¡}|S t |  d¡|  d¡¡ d}|S )aÇ  
    Timing-attack resistant password verification.
    
    Prevents username enumeration by ensuring consistent timing regardless of whether
    the username exists in the database. Always performs bcrypt operation to maintain
    constant time complexity.
    
    Args:
        username: Username being authenticated
        password: Password to verify
        user_row: User database row (None if user doesn't exist)
    
    Returns:
        bool: True if authentication successful, False otherwise
    
    Security Features:
        - Constant time execution regardless of username validity
        - Secure password hashing verification
        - No information leakage through timing differences
    z<$2b$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewiyTuTpbsEf.ug.Úpassword_hashúutf-8F)ÚencodeÚbcryptÚcheckpw)r   r	   r
   Ú
dummy_hashÚtarget_hashÚresult© r   ú2/var/www/html/app_modules/security_enhancements.pyÚsecure_password_check"   s   ýr   ÚlatÚlngc              
   C   s’   z;t | ƒ}t |ƒ}d|  krdksW dS  W dS d|  kr%dks)W dS  W dS ||ks1||kr4W dS dd	||ffW S  tttfyH   Y dS w )
a_  
    Validate geographic coordinates with proper bounds checking.
    
    Prevents injection of invalid coordinate data that could pollute the database
    or cause application errors. Enforces strict geographic bounds and type validation.
    
    Args:
        lat: Latitude value (any type, will be validated)
        lng: Longitude value (any type, will be validated)
    
    Returns:
        Tuple[bool, Optional[str], Optional[Tuple[float, float]]]:
            - success: Whether validation passed
            - error_message: Error description if validation failed
            - coordinates: Validated (lat, lng) tuple if successful
    
    Security Features:
        - Strict type validation prevents injection attacks
        - Geographic bounds enforcement prevents invalid data
        - Sanitized error messages prevent information disclosure
    g     €VÀg     €V@)Fu   Neispravna geografska Å¡irina.Ng     €fÀg     €f@)Fu   Neispravna geografska duÅ¾ina.N)FzNeispravne koordinate.NTN)ÚfloatÚ
ValueErrorÚ	TypeErrorÚOverflowError)r   r   Ú	lat_floatÚ	lng_floatr   r   r   Úvalidate_geographic_coordinatesG   s"   ÿÿÿr   Ú	operationÚerrorÚcontextc                    sx   t | ƒ ¡ ‰ t‡ fdd„dD ƒƒrdS t‡ fdd„dD ƒƒr dS t‡ fdd„d	D ƒƒr-d
S t‡ fdd„dD ƒƒr:dS dS )a¤  
    Sanitize error messages to prevent information disclosure.
    
    Converts detailed system errors into generic user-friendly messages that don't
    reveal sensitive system information or internal application structure.
    
    Args:
        error: The original exception
        context: Context of the operation for logging purposes
    
    Returns:
        str: Sanitized error message safe for user display
    
    Security Features:
        - Removes database-specific error details
        - Hides file system paths and internal structure
        - Prevents stack trace information leakage
        - Maintains user experience with helpful generic messages
    c                 3   ó    | ]}|ˆ v V  qd S ©Nr   ©Ú.0Úkeyword©Ú	error_strr   r   Ú	<genexpr>Š   ó   € z)sanitize_error_message.<locals>.<genexpr>)ÚsqliteÚdatabaseÚtableÚcolumnÚ
constraintu   GreÅ¡ka pri obradi podataka.c                 3   r#   r$   r   r%   r(   r   r   r*   Ž   r+   )Ú
permissionÚaccessÚfileÚ	directoryÚpathu   GreÅ¡ka pri pristupu datoteci.c                 3   r#   r$   r   r%   r(   r   r   r*   ’   r+   )Ú
connectionÚtimeoutÚnetworkÚsocketu   GreÅ¡ka mreÅ¾e.c                 3   r#   r$   r   r%   r(   r   r   r*   –   r+   )ÚunauthorizedÚ	forbiddenzaccess deniedz Nemate dozvolu za ovu operaciju.u0   DoÅ¡lo je do greÅ¡ke. Molimo pokuÅ¡ajte ponovno.)ÚstrÚlowerÚany)r!   r"   r   r(   r   Úsanitize_error_messages   s   r?   Úfilenamec                 C   s|   | rt | tƒs	dS t| ƒdkrdS g d¢}|D ]	}|| v r  dS qg d¢}|  ¡ }|D ]
}| |¡r5 dS q+d| v r<dS d	S )
a  
    Validate filename for security issues including path traversal and malicious extensions.
    
    Prevents path traversal attacks, executable file uploads, and other filename-based
    security vulnerabilities.
    
    Args:
        filename: Filename to validate
    
    Returns:
        Tuple[bool, Optional[str]]: (is_valid, error_message)
    
    Security Features:
        - Path traversal prevention (../, ..\, etc.)
        - Malicious extension detection
        - Special character filtering
        - Length validation
    )FzNedostaje ime datoteke.éÿ   )Fu   Ime datoteke je predugaÄko.)
z..ú/ú\ú:ú|ú<ú>ú*ú?ú")FzNeispravno ime datoteke.)z.phpz.php3z.php4z.php5z.phtmlz.aspz.aspxz.jspz.jspxz.pyz.plz.rbz.shz.batz.cmdz.exez.scrz.comz.pifz	.htaccessz	.htpasswdz.configz.iniz.cfg)FzNedozvoljena vrsta datoteke.ú )TN)Ú
isinstancer<   Úlenr=   Úendswith)r@   Údangerous_patternsÚpatternÚdangerous_extensionsÚfilename_lowerÚextr   r   r   Úvalidate_filename_security   s$   ÿ	
ÿrT   é    Úlengthc                 C   s
   t  | ¡S )a  
    Generate cryptographically secure random token.
    
    Creates tokens with high entropy suitable for CSRF protection, session tokens,
    and other security-critical applications.
    
    Args:
        length: Desired token length in bytes (default 32)
    
    Returns:
        str: URL-safe base64 encoded secure token
    
    Security Features:
        - Cryptographically secure random number generation
        - High entropy output suitable for security tokens
        - URL-safe encoding for web application compatibility
    )ÚsecretsÚtoken_urlsafe)rV   r   r   r   Úgenerate_secure_tokenß   s   
rY   ÚdataÚtokenÚ
secret_keyc                 C   sD   zt  | d¡|  d¡tj¡ ¡ }t  ||¡W S  ty!   Y dS w )a<  
    Verify HMAC-based token for integrity and authenticity.
    
    Provides secure verification of tokens used in media URLs, API authentication,
    and other security-sensitive contexts.
    
    Args:
        data: Original data that was signed
        token: HMAC token to verify
        secret_key: Secret key used for signing
    
    Returns:
        bool: True if token is valid, False otherwise
    
    Security Features:
        - Timing-attack resistant comparison
        - Strong HMAC-SHA256 verification
        - Prevents token manipulation attacks
    r   F)ÚhmacÚnewr   ÚhashlibÚsha256Ú	hexdigestÚcompare_digestÚ	Exception)rZ   r[   r\   Úexpected_tokenr   r   r   Úverify_hmac_tokenô   s   ýüÿre   é   Úattempt_countÚ
base_delayc                 C   s&   | dkrdS t |d| d   dƒ}|S )a|  
    Calculate exponential backoff delay for rate limiting.
    
    Implements increasingly longer delays for repeated failed attempts,
    making brute force attacks impractical while allowing legitimate users
    to retry after reasonable delays.
    
    Args:
        attempt_count: Number of failed attempts
        base_delay: Base delay in seconds (default 5)
    
    Returns:
        int: Delay in seconds before next attempt allowed
    
    Security Features:
        - Exponential increase in delay times
        - Maximum cap to prevent excessive delays
        - Transparent to legitimate users with minimal attempts
    r   é   é   i  )Úmin)rg   rh   Údelayr   r   r   Ú#rate_limit_with_exponential_backoff  s   rm   Úschemac              
   C   sr  t | tƒs
ddi fS i }| ¡ D ]£\}}|  |¡}| dd¡r2|du s'|dkr2dd|› di f  S |dur³| dt¡}t ||ƒs^z||ƒ}W n ttfy]   dd	|› d
i f Y   S w t |tƒr¯| dd¡}| dd¡}t|ƒ|k r€dd|› di f  S t|ƒ|kr‘dd|› di f  S g d¢}	| ¡ }
|	D ]}||
v r®dd	|› d
i f    S q›|||< qdd|fS )aƒ  
    Validate API input against schema with security-focused validation.
    
    Provides comprehensive input validation with type checking, length limits,
    and security pattern detection to prevent injection attacks.
    
    Args:
        data: Input data to validate
        schema: Validation schema with field definitions
    
    Returns:
        Tuple[bool, Optional[str], Dict[str, Any]]: (is_valid, error_message, sanitized_data)
    
    Security Features:
        - SQL injection pattern detection
        - XSS prevention through input sanitization
        - Type and length validation
        - Required field enforcement
    FzNeispravni podaci.ÚrequiredNÚ zPolje 'z' je obavezno.ÚtypezNeispravna vrijednost za 'z'.Ú
min_lengthr   Ú
max_lengthi'  ú'z' prekratak.u   ' predugaÄak.)ÚscriptÚ
javascriptÚvbscriptÚonloadÚonerrorÚonclickÚselectÚunionÚdropÚinsertÚupdateÚdeletez--ú;T)	rL   ÚdictÚitemsÚgetr<   r   r   rM   r=   )rZ   rn   Úsanitized_dataÚ
field_nameÚfield_schemaÚvalueÚexpected_typerr   rs   rO   Úvalue_lowerrP   r   r   r   Úvalidate_api_input2  s>   



ÿ
ÿ€
r‹   c                 C   s\   g d¢}d  |¡| jd< d| jd< d| jd< d| jd	< d
| jd< d| jd< | j dd¡ | S )a;  
    Add comprehensive security headers to HTTP responses.
    
    Implements defense-in-depth security headers to protect against various
    web application attacks including XSS, clickjacking, and data injection.
    
    Args:
        response: Flask response object
    
    Returns:
        Response object with security headers added
    
    Security Features:
        - Content Security Policy (CSP) enforcement
        - XSS protection headers
        - Clickjacking prevention
        - MIME type sniffing prevention
        - Referrer policy enforcement
    )	zdefault-src 'self'z3script-src 'self' 'unsafe-inline' https://unpkg.comzOstyle-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.comzGimg-src 'self' data: https://*.tile.openstreetmap.org https://unpkg.comz/font-src 'self' https://fonts.gstatic.com data:zconnect-src 'self'zframe-ancestors 'none'zbase-uri 'self'zform-action 'self'z; zContent-Security-PolicyÚDENYzX-Frame-OptionsÚnosniffzX-Content-Type-Optionsz1; mode=blockzX-XSS-Protectionzstrict-origin-when-cross-originzReferrer-Policyz,geolocation=(self), microphone=(), camera=()zPermissions-PolicyÚServerN)ÚjoinÚheadersÚpop)ÚresponseÚcsp_directivesr   r   r   Úsecurity_headers_middlewareƒ  s   


r”   )r    )rU   )rf   )Ú__doc__Útimer   rW   r_   r]   Útypingr   r   r   r   Ú	functoolsr   Úflaskr   r<   Úboolr   r   r   rc   r?   rT   ÚintrY   re   rm   r‹   r”   r   r   r   r   Ú<module>   s$    0%,*B"<Q