Beispiel #1
0
        public void GoodExtensionsNotCaught()
        {
            var exts = _goodFiles.Select(System.IO.Path.GetExtension).ToList();

            exts.ForEach(e =>
                         Assert.IsFalse(FileNames.IsKnownRiskyExtension(e), $"expected {e} to be marked as good")
                         );
        }
Beispiel #2
0
        public void BadExtensionsCaught()
        {
            var exts = _badFiles.Select(System.IO.Path.GetExtension).ToList();

            exts.ForEach(e =>
                         Assert.IsTrue(FileNames.IsKnownRiskyExtension(e), $"expected {e} to be marked as bad")
                         );
        }
Beispiel #3
0
        internal bool ExtensionIsOk(string fileName, out HttpExceptionAbstraction preparedException)
        {
            if (!SiteAllowsExtension(fileName))
            {
                preparedException = HttpException.NotAllowedFileType(fileName, "Not in whitelisted CMS file types.");
                return(false);
            }

            if (FileNames.IsKnownRiskyExtension(fileName))// AdamSecurityCheckHelpers.IsKnownRiskyExtension(fileName))
            {
                preparedException = HttpException.NotAllowedFileType(fileName, "This is a known risky file type.");
                return(false);
            }
            preparedException = null;
            return(true);
        }
 //[AssertionMethod]
 internal static bool IsKnownRiskyExtension(string fileName)
 => FileNames.IsKnownRiskyExtension(fileName);