Metadata-Version: 2.4
Name: inject-bender
Version: 0.3.0
Summary: Security input validation with dual response modes: legal deterrence (NIS2/GDPR compliant audit trail) or comedy (hiking boots for hackers). TIBET provenance. OWASP aware.
Project-URL: Homepage, https://humotica.com
Project-URL: Repository, https://github.com/jaspertvdm/inject-bender
Project-URL: Documentation, https://humotica.com/docs/inject-bender
Project-URL: Bug Tracker, https://github.com/jaspertvdm/inject-bender/issues
Project-URL: OWASP Top 10, https://owasp.org/www-project-top-ten/
Project-URL: NIS2 Directive, https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
Author-email: "J. van de Meent" <jasper@humotica.com>, "R. AI" <root_idd@humotica.nl>
Maintainer-email: Humotica AI Lab <ai@humotica.nl>
License: MIT
Keywords: audit,compliance,detection,deterrence,gdpr,injection,input-validation,legal,nis2,owasp,prompt-injection,provenance,security,sql-injection,tibet,waf,xss
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Internet :: WWW/HTTP :: HTTP Servers
Classifier: Topic :: Security
Classifier: Topic :: System :: Logging
Requires-Python: >=3.10
Provides-Extra: ai
Requires-Dist: httpx>=0.24.0; extra == 'ai'
Provides-Extra: api
Requires-Dist: fastapi>=0.100.0; extra == 'api'
Requires-Dist: httpx>=0.24.0; extra == 'api'
Provides-Extra: dev
Requires-Dist: pytest>=7.0; extra == 'dev'
Requires-Dist: ruff>=0.1.0; extra == 'dev'
Provides-Extra: full
Requires-Dist: fastapi>=0.100.0; extra == 'full'
Requires-Dist: httpx>=0.24.0; extra == 'full'
Requires-Dist: tibet-core>=0.2.0; extra == 'full'
Provides-Extra: tibet
Requires-Dist: tibet-core>=0.2.0; extra == 'tibet'
Description-Content-Type: text/markdown

# inject-bender

Security input validation with dual response modes: **legal deterrence** (NIS2/GDPR compliant audit trail) or **comedy** (hiking boots for hackers).

Every detected attack is logged with [TIBET](https://pypi.org/project/tibet-core/) provenance tokens.

## Install

```bash
pip install inject-bender
```

With TIBET audit trail:
```bash
pip install inject-bender[tibet]
```

With FastAPI middleware:
```bash
pip install inject-bender[api]
```

## Quick Start

```python
from inject_bender import InjectBender

bender = InjectBender(mode="legal")  # or "comedy"
result = bender.bend("'; DROP TABLE users; --")

if result["was_attack"]:
    print(result["formatted"])
    print(f"Incident: {result['incident_id']}")
```

## Detection Only

```python
from inject_bender import detect

is_attack, attack_type = detect("SELECT * FROM users WHERE 1=1")
# (True, "sql_injection")
```

## Modes

| Mode | Response | Use Case |
|------|----------|----------|
| `legal` | Law citations, NIS2 audit trail, incident reports | Production, enterprise |
| `comedy` | Hiking boot ads (Skippie & Odin) | Development, demos, honeypots |
| `silent` | Detect and log only | Monitoring, WAF integration |
| `custom` | Your own response function | Any |

## ASGI Middleware

```python
from fastapi import FastAPI
from inject_bender.middleware import InjectBenderMiddleware

app = FastAPI()
app.add_middleware(InjectBenderMiddleware, mode="legal")
```

## CLI

```bash
inject-bender check "'; DROP TABLE users; --"
inject-bender bend --mode comedy "<script>alert('xss')</script>"
inject-bender laws
inject-bender demo
```

## Attack Types Detected

SQL Injection, XSS, Command Injection, Path Traversal, Prompt Injection, LDAP Injection, XML/XXE, Header Injection, Template Injection (SSTI).

## NIS2 Compliance

- Automatic incident detection and logging
- Immutable TIBET audit trail
- Report generation: NIS2, AP (Autoriteit Persoonsgegevens), Politie
- 24-hour deadline tracking

## Legal Mapping

Dutch/EU criminal law per attack type: Sr art. 138ab (computervredebreuk), Sr art. 350a (gegevensvernieling), AVG/GDPR art. 32/33/34, EU AI Act, EU 2013/40.

## License

MIT — Humotica AI Lab 2025-2026
