public void InitializeTests() { // Reset cached data Esapi.Reset(); EsapiConfig.Reset(); SetCurrentUser(null); }
public void InitializeTest() { Esapi.Reset(); EsapiConfig.Reset(); SurrogateEncoder.DefaultEncoder = null; }
public void InitializeTest() { Esapi.Reset(); EsapiConfig.Reset(); SurrogateValidator.DefaultValidator = null; }
private void Application_BeginRequest(Object source, EventArgs e) { HttpContext context = HttpContext.Current; HttpRequest request = (HttpRequest)context.Request; HttpResponse response = (HttpResponse)context.Response; try { // figure out who the current user is try { ((Authenticator)Esapi.Authenticator()).Context = WebContext.Cast(HttpContext.Current); Esapi.Authenticator().Login(); } catch (AuthenticationException ex) { ((Authenticator)Esapi.Authenticator()).Logout(); // FIXME: use safeforward! // FIXME: make configurable with config // int position = request.Url.ToString().LastIndexOf('/') + 1; // string page = request.Url.ToString().Substring(position, request.Url.ToString().Length - position); // if (!page.ToLower().Equals("default.aspx")) // { // response.Redirect("default.aspx"); // } // return; } // log this request, obfuscating any parameter named password logger.LogHttpRequest(new ArrayList(ignore)); // check access to this URL if (!Esapi.AccessController().IsAuthorizedForUrl(request.RawUrl.ToString())) { context.Items["message"] = "Unauthorized"; context.Server.Transfer("login.aspx"); } // verify if this request meets the baseline input requirements if (!Esapi.Validator().IsValidHttpRequest(WebContext.Cast(request))) { context.Items["message"] = "Validation error"; context.Server.Transfer("login.aspx"); } // check for CSRF attacks and set appropriate caching headers IHttpUtilities utils = Esapi.HttpUtilities(); // utils.checkCSRFToken(); utils.SetNoCacheHeaders(); //utils.SafeSetContentType(); // forward this request on to the web application } catch (Exception ex) { logger.LogSpecial("Security error in ESAPI Filter", ex); response.Output.WriteLine("<H1>Security Error</H1>"); } }
/// <summary> Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by /// using this API, applications will generate an extensive security log. In addition, this exception is /// automatically registrered with the IntrusionDetector, so that quotas can be checked. /// /// </summary> /// <param name="userMessage">The message for the user. /// </param> /// <param name="logMessage">The message for the log. /// </param> public EnterpriseSecurityException(string userMessage, string logMessage) : base(userMessage) { this._logMessage = logMessage; Esapi.IntrusionDetector().AddException(this); }
public void InitializeTest() { Esapi.Reset(); EsapiConfig.Reset(); }