Upload app.py

app.py

@@ -6,7 +6,7 @@ import re
 import time
 import requests
 import gradio as gr
-from typing import Tuple
+from typing import Tuple, List
 
 OPENAI_API_URL = "https://api.openai.com/v1/responses"
 OPENAI_MODEL_FALLBACK = ["gpt-4o-mini", "gpt-4o", "gpt-5-mini"]
@@ -25,13 +25,30 @@ Contenido a analizar:
 {input}
 """
 
-FORBIDDEN_PATTERNS = [
-    r"\bexploit\b", r"\bpayload\b", r"\bmeterpreter\b", r"\bmsfconsole\b",
-    r"curl\b", r"wget\b", r"sudo\b", r"rm\s+-rf\b", r"reverse shell\b",
-    r"exec\b", r"bash -i\b", r"nc\b", r"ncat\b", r"chmod\b", r"chown\b",
-    r"\bsqlmap\b", r"\\x", r"0x[0-9a-fA-F]{2,}", r"base64 -d", r"\\b\\$\\(", r"\\$\\{"
+# --------- Filtro seguro (sin regex unificado para evitar errores) ----------
+FORBIDDEN_KEYWORDS = [
+    "exploit", "payload", "meterpreter", "msfconsole",
+    "reverse shell", "sqlmap", "chmod", "chown", "exec "
 ]
-FORBIDDEN_REGEX = re.compile("|".join(FORBIDDEN_PATTERNS), re.I)
+FORBIDDEN_CMDLIKE = ["curl ", "wget ", "sudo ", "bash -i", "nc ", "ncat ", "rm -rf"]
+FORBIDDEN_SUBSTR = ["$(", "${", "\x", "base64 -d"]
+FORBIDDEN_HEX_RE = re.compile(r"0x[0-9a-fA-F]{2,}")  # compilar por separado, simple y seguro
+
+def contains_forbidden(text: str) -> bool:
+    if not text:
+        return False
+    t = text.lower()
+    if any(k in t for k in FORBIDDEN_KEYWORDS):
+        return True
+    if any(k in t for k in FORBIDDEN_CMDLIKE):
+        return True
+    if any(s in text for s in FORBIDDEN_SUBSTR):  # mantener mayúsculas para secuencias
+        return True
+    if FORBIDDEN_HEX_RE.search(text):
+        return True
+    return False
+
+# ---------------------------------------------------------------------------
 
 def call_openai_responses(prompt: str, api_key: str, models=None, timeout: int = 20) -> Tuple[bool, str]:
     if models is None:
@@ -49,7 +66,7 @@ def call_openai_responses(prompt: str, api_key: str, models=None, timeout: int =
                 out = ""
                 if "output" in j:
                     if isinstance(j["output"], list):
-                        parts = []
+                        parts: List[str] = []
                         for item in j["output"]:
                             if isinstance(item, dict):
                                 c = item.get("content") or item.get("text") or item.get("output_text")
@@ -89,11 +106,6 @@ def call_openai_responses(prompt: str, api_key: str, models=None, timeout: int =
             return False, f"HTTP {r.status_code}: {msg}"
     return False, "Ningún modelo disponible o permitido en la cuenta de OpenAI."
 
-def contains_forbidden(text: str) -> bool:
-    if not text:
-        return False
-    return bool(FORBIDDEN_REGEX.search(text))
-
 def safe_parse_json_from_model(text: str):
     try:
         return json.loads(text)
@@ -183,7 +195,7 @@ def generate_report(json_str: str, title: str = "Reporte Red Team") -> Tuple[str
     return filename, filename
 
 with gr.Blocks(analytics_enabled=False) as demo:
-    gr.Markdown("## 🧯 Simulador Red Team (alto nivel) — Defender con IA")
+    gr.Markdown("## 🧯 Simulación Red Team (alto nivel) — Defender con IA")
     with gr.Row():
         with gr.Column(scale=7):
             inp = gr.Textbox(label="Pega aquí el correo RAW, URL o fragmento a analizar", lines=20, placeholder="Pega cabeceras, cuerpo o URL completa")