/// <summary>
/// Initializes a new instance of the WebSec.Library.Engine.Context class.
/// </summary>
public Context()
{
this.CurrentCookies = new ConcurrentDictionary <string, CookieCollection>();
this.Vulnerabilities = new ConcurrentDictionary <string, Vulnerability>();
this.Payloads = ObjectResolver.Resolve <IPayloads>();
this.ActiveDetectors = new List <Type>();
}
private static void HandleNotification <T>(ObjectResolver objectResolver, T message) where T : INotification
{
foreach (var handler in objectResolver.GetAll <IHandleNotifications <T> >())
{
handler.Handle(message);
}
}
public void TestSendRequestUsingBrowserWebRequestHandlingHttpException()
{
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserInstances = new Dictionary <BrowserType, int> {
{ BrowserType.Chrome, 1 }
};
using (var browserManager = new BrowserManager(browserInstances))
{
ObjectResolver.RegisterInstance <IBrowserManager>(browserManager);
var context = new Context();
WebRequestContext webRequestContext =
context.SendRequest(new ContextSendRequestParameter
{
Url = nonExistingTargetUrl,
BrowserType = BrowserType.Chrome
});
// check that we got the proper response back
webRequestContext.ResponseHolder.ShouldNotBeNull();
webRequestContext.ResponseHolder.ResponseContent.ShouldNotBeEmpty();
webRequestContext.ResponseHolder.RequestUserAgent.ShouldEqual(BrowserType.Chrome.ToString());
webRequestContext.ResponseHolder.StatusCode.ShouldEqual(HttpStatusCode.OK);
webRequestContext.ResponseHolder.BrowserPageTitle.IndexOfOi("404").ShouldBeGreaterThan(-1);
}
}
public void TestSendRequestUsingBrowserWebRequest()
{
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserInstances = new Dictionary <BrowserType, int> {
{ BrowserType.Chrome, 1 }
};
using (var browserManager = new BrowserManager(browserInstances))
{
ObjectResolver.RegisterInstance <IBrowserManager>(browserManager);
var context = new Context();
WebRequestContext webRequestContext =
context.SendRequest(new ContextSendRequestParameter
{
Url = targetUrl,
BrowserType = BrowserType.Chrome
});
// check that we got the proper response back
webRequestContext.ResponseHolder.ShouldNotBeNull();
webRequestContext.ResponseHolder.ResponseContent.ShouldNotBeNullOrEmpty();
webRequestContext.ResponseHolder.RequestUserAgent.ShouldContain(BrowserType.Chrome.ToString());
}
}
/// <summary>
/// Cleanup fiddler and browser instances.
/// </summary>
internal static void Cleanup()
{
FiddlerProxy.Cleanup(Constants.FiddlerPort);
((BrowserManager)ObjectResolver.Resolve <IBrowserManager>()).Dispose();
TestSetupHelpers.CleanupProcess(Constants.ChromeDriver);
}
private static void RegisterMultiple(ObjectResolver resolver)
{
resolver.RegisterCollection <IMulti>(new[] { typeof(Multi1), typeof(Multi2), typeof(Multi3), typeof(Multi4) });
resolver.Register <MultipleObject1, MultipleObject1>();
resolver.Register <MultipleObject2, MultipleObject2>();
resolver.Register <MultipleObject3, MultipleObject3>();
}
public void SetUp()
{
theFile = "{0}.csv".ToFormat(GetType().Name);
beforeEach();
using (var writer = new StreamWriter(theFile))
{
writeFile(writer);
}
theReader = new CsvReader(ObjectResolver.Basic());
theResults = new List <T>();
theRequest = new CsvRequest <T>
{
Mapping = new TMap(),
FileName = theFile,
Callback = theResults.Add
};
configureRequest(theRequest);
theReader.Read(theRequest);
}
public void TestOpenRedirectClientSideHttp()
{
// Setup
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserInstances = new Dictionary <BrowserType, int> {
{ BrowserType.Chrome, 1 }
};
using (var browserManager = new BrowserManager(browserInstances))
{
ObjectResolver.RegisterInstance <IBrowserManager>(browserManager);
var target =
Target.Create(
$"{Constants.VulnerabilitiesAddress}PluginsTestPages/XOpenRedirectToBadPlacesHTTP.aspx?q=junk");
// Execute
var vulns = ExecutePluginTestRequest(target);
// Validate
vulns.Count.ShouldEqual(2);
vulns.ElementAt(0).Title.ShouldEqual("Open Redirect");
vulns.ElementAt(0).Evidence.ShouldEqual("www.example.com");
vulns.ElementAt(1).Title.ShouldEqual("Open Redirect");
vulns.ElementAt(1).Evidence.ShouldEqual("www.example.com");
}
}
/// <summary>
/// Browser waits for XML document implementation.
/// </summary>
/// <param name="browserType">
/// Browser type.
/// </param>
private void BrowserWaitsForXmlDocumentImplementation(BrowserType browserType)
{
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserInstances = new Dictionary <BrowserType, int> {
{ browserType, 1 }
};
const int MaxWait = 10;
using (var manager = new BrowserManager(browserInstances))
{
var browser = manager.AcquireBrowser(browserType);
var stopWatch = new Stopwatch();
stopWatch.Start();
// make the request, wait for up to 10 seconds.
browser.NavigateTo($"{Constants.VulnerabilitiesAddress}XmlResponse.aspx");
browser.WaitForPageLoad(MaxWait);
stopWatch.Stop();
// FF and Chrome will return the XML content, IE returns the XML with styles applied.
browser.PageSource.ShouldContain("content");
stopWatch.ElapsedMilliseconds.ShouldBeLessThan((MaxWait + 1) * 1000);
}
}
static void BuildObjects()
{
ObjectResolver ob = new ObjectResolver("objs/", "Objects");
ob.Resolve();
EditorUtility.DisplayDialog("AssetBunlde", "Finish", "Close");
}
/// <summary>
/// Browser DOM access test implementation.
/// </summary>
/// <param name="browserType">The type of the browser being tested.</param>
private void BrowserFindElementImplementation(BrowserType browserType)
{
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserInstances = new Dictionary <BrowserType, int> {
{ browserType, 1 }
};
using (var manager = new BrowserManager(browserInstances))
{
var browser = manager.AcquireBrowser(browserType);
browser.NavigateTo($"{Constants.VulnerabilitiesAddress}SimplePageWithForm.html");
browser.WaitForPageLoad(10);
var element = browser.FindWebElement(By.Id("textInputId"));
element.ShouldNotBeNull();
element.TagName.Equals("input").ShouldBeTrue();
element.SendKeys("Hello");
System.Threading.Thread.Sleep(1000);
element.SendKeys(" world");
element.GetAttribute("value").Equals("Hello world").ShouldBeTrue();
element = browser.FindWebElement(By.Name("textInputName"));
element.GetAttribute("value").Equals("Hello world").ShouldBeTrue();
}
}
/// <summary>
/// Evaluates whether the condition is true for the specified object.
/// </summary>
/// <param name="uv">The Ultraviolet context.</param>
/// <param name="dobj">The object against which to evaluate the trigger condition.</param>
/// <returns><see langword="true"/> if the condition is true for the specified object; otherwise, <see langword="false"/>.</returns>
internal Boolean Evaluate(UltravioletContext uv, DependencyObject dobj)
{
Contract.Require(uv, nameof(uv));
Contract.Require(dobj, nameof(dobj));
var dprop = DependencyProperty.FindByStylingName(uv, dobj, propertyName.Owner, propertyName.Name);
if (dprop == null)
{
return(false);
}
var refvalCacheType = (propertyValueCachhe == null) ? null : propertyValueCachhe.GetType();
if (refvalCacheType == null || (refvalCacheType != dprop.PropertyType && refvalCacheType != dprop.UnderlyingType))
{
propertyValueCachhe = ObjectResolver.FromString(
propertyValue.Value, dprop.PropertyType, propertyValue.Culture);
}
var comparison = TriggerComparisonCache.Get(dprop.PropertyType, op);
if (comparison == null)
{
throw new InvalidOperationException(PresentationStrings.InvalidTriggerComparison.Format(propertyName, op, dprop.PropertyType));
}
return(comparison(dobj, dprop, propertyValueCachhe));
}
public static void Main(string[] args)
{
var resolver = ObjectResolver.Create();
var commandTypes = CommandUtils.GetAllCommandTypes();
resolver.Register <ITagPropertyEditor, TagPropertyEditor>(Lifestyle.Singleton);
resolver.Register <IOutput, OutputConsole>(Lifestyle.Singleton);
resolver.Register <ICommandParser, CommandParser>(Lifestyle.Singleton);
resolver.RegisterCollection <ICommand>(Lifestyle.Singleton, commandTypes);
resolver.Compile();
var commandParser = resolver.Resolve <ICommandParser>();
var commandString = args[0];
var commandArgs = args.Skip(1).ToArray();
var command = commandParser.Parse(commandString);
command.Execute(commandArgs);
Console.WriteLine("Done. Press any key to continue...");
Console.ReadLine();
}
public string Invoke(ref SearchContext searchContext)
{
string result = string.Empty;
try
{
/* Session Logic must be inserted here. (Need new table creation)*/
if (searchContext.MethodInformation != null)
{
Object[] data = null;
Object resultData = null;
Type type = ObjectResolver.Resolve(searchContext.MethodInformation.ObjectName, false);
//
using (IDataTransaction dataTransaction = Activator.CreateInstance(type) as IDataTransaction)
{
MethodInfo method = this.FindMethod(type, searchContext.MethodInformation.MethodName);
//
data = this.FindParameters(searchContext, method);
//
resultData = method.Invoke(dataTransaction, data);
result = Json.Serialize(resultData);
}
}
else
{
throw new ArgumentException("Missing Method Information.");
}
}
catch (Exception exception)
{
Errors.Extract(exception);
}
//
return(result);
}
/// <summary>
/// Generates the api description and prepares all resolvers
/// </summary>
private void Assemble()
{
this.ApiDescription.Version = this.GetType().GetTypeInfo().Assembly.GetName().Version;
this.ApiDescription.Types.Clear();
this.ApiDescription.Mutations.Clear();
var rootResolver = (ObjectResolver)Activator.CreateInstance(typeof(ObjectResolver <>)
.MakeGenericType(this.GetType()));
this.resolver = rootResolver;
var root = rootResolver.GetApiType();
this.ApiDescription.TypeName = this.ApiDescription.ApiName = root.TypeName;
this.ApiDescription.Description = root.Description;
this.ApiDescription.Fields = new List <ApiField>(root.Fields.Select(f => f.Clone()));
List <ApiType> allTypes;
List <ObjectResolver.MutationDescription> mutationList;
List <string> errors;
rootResolver.CreateApiRoot(out allTypes, out this.argumentsSerializer, out mutationList, out errors);
this.generationErrors.Clear();
this.generationErrors.AddRange(errors);
this.mutations = mutationList.ToDictionary(m => m.MutationName);
this.ApiDescription.Types = allTypes;
this.ApiDescription.Mutations = this.mutations.Values.Select(d => d.CreateMutationField()).ToList();
}
public void SetUp()
{
var resolver = ObjectResolver.Basic();
theSource = new FolderAppSettingsXmlSource("Configuration");
theProvider = new SettingsProvider(resolver, new ISettingsSource[] { theSource });
}
static void ResolveEffects()
{
ObjectResolver ob = new ObjectResolver("effect/", "Effect");
ob.Resolve();
EditorUtility.DisplayDialog("AssetBunlde", "Finish", "Close");
}
/// <summary>
/// Initializes a new instance of the <see cref="BrowserAbstract" /> class.
/// </summary>
/// <exception cref="InvalidOperationException">
/// Thrown when the requested operation is invalid.
/// </exception>
/// <param name="browser">
/// The Selenium driver to wrap.
/// </param>
/// <param name="windowTitleFormat">
/// The expected format for the browser window title.
/// </param>
protected BrowserAbstract(IWebDriver browser, string windowTitleFormat)
{
Require.NotNullOrEmpty(() => windowTitleFormat);
this.browser = browser;
this.alertMessageDisplayed = new HashSet <string>();
this.actionState = new ActionState(s =>
{
// dialog is blocking page load, remember the message and unblock.
string text;
DismissIfAlertDisplayedImpl(out text);
});
var script = browser as IJavaScriptExecutor;
if (script == null)
{
throw new InvalidOperationException("Browser does not support script execution");
}
string unique = Guid.NewGuid().ToString();
script.ExecuteScript($"document.title ='{unique}'");
var processManager = ObjectResolver.Resolve <IProcessManager>();
this.Process = processManager.GetProcessByWindowTitle(string.Format(windowTitleFormat, unique));
if (this.Process == null)
{
throw new InvalidOperationException("Browser process could not be found");
}
}
public static void Setup()
{
// Create a new container
var resolver = ObjectResolver.Create();
// Register interface->type map, default is transient(instantiate every request)
resolver.Register <IWorkTaskRepository, SQLiteWorkTaskRepository>(Lifestyle.Singleton);
resolver.Register <IWorkProcessRepository, SQLiteWorkProcessRepository>(Lifestyle.Singleton);
resolver.Register <IClientRepository, SQLiteClientRepository>(Lifestyle.Singleton);
resolver.Register <IProductRepository, SQLiteProductRepository>(Lifestyle.Singleton);
resolver.Register <IWorkingTimeRangeRepository, SQLiteWorkingTimeRangeRepository>(Lifestyle.Singleton);
resolver.Register <IDailyWorkRecordQueryService, SQLiteDailyWorkRecordQueryService>(Lifestyle.Singleton);
resolver.Register <IWorkingTimeQueryService, SQLiteWorkingTimeQueryService>(Lifestyle.Singleton);
resolver.Register <IWorkTaskWithTimesQueryService, SQLiteWorkTaskWithTimesQueryService>(Lifestyle.Singleton);
resolver.Register <IHealthChecker, SQLiteHealthChecker>(Lifestyle.Singleton);
resolver.Register <IScheduledEventRepository, GoogleApiScheduledEventRepository>(Lifestyle.Singleton);
resolver.Register <IConfigurationRepository, SQLiteConfigurationRepository>(Lifestyle.Singleton);
resolver.Register <IWorkingHourRepository, SQLiteWorkingHoursRepository>(Lifestyle.Singleton);
resolver.Register <IReportDriver, CsvReportDriver>(Lifestyle.Singleton);
resolver.Register <IWorkingHourImportDriver, CsvWorkingHourImportDriver>(Lifestyle.Singleton);
// You can configure lifestyle - Transient, Singleton or Scoped
//resolver.Register<ILogger, MailLogger>(Lifestyle.Singleton);
// Compile and Verify container(this is required step)
resolver.Compile();
Resolver = resolver;
// Get instance from container
//var userRepository = resolver.Resolve<IUserRepository>();
//var logger = resolver.Resolve<ILogger>();
}
public void SetUp()
{
var resolver = ObjectResolver.Basic();
_settingsSource = new TestSettingsSource();
theProvider = new SettingsProvider(resolver, new[] { _settingsSource });
}
public DataSet Search(ref SearchContext searchContext)
{
DataSet dataSet = new DataSet();
try
{
/* Session Logic must be inserted here. (Need new table creation)*/
if (searchContext.MethodInformation != null)
{
Object[] data = null;
Type type = ObjectResolver.Resolve(searchContext.MethodInformation.ObjectName, false);
//
using (IDataTransaction dataTransaction = Activator.CreateInstance(type) as IDataTransaction)
{
MethodInfo method = this.FindMethod(type, searchContext.MethodInformation.MethodName);
//
data = this.FindParameters(searchContext, method);
//
dataSet = method.Invoke(dataTransaction, data) as DataSet;
}
}
else
{
using (IDataTransaction dataTransaction = Activator.CreateInstance(ObjectResolver.Resolve(searchContext)) as IDataTransaction)
dataSet = dataTransaction.Search(ref searchContext);
}
}
catch (Exception exception)
{
searchContext.ErrorMessage = Errors.Extract(exception);
}
//
return(dataSet);
}
public void Execute_Directory_ToUnspecifiedDirectory(
string sampleFileName, // This argument is not for command.
string pattern,
string expectedResultPath)
{
var sample = new Sample(sampleFileName, expectedResultPath);
sample.Initialize();
var resolver = ObjectResolver.Create();
resolver.Register <ICommand, CommandFromTags>(Lifestyle.Singleton);
resolver.Register <ITagPropertyEditor, TagPropertyEditor>(Lifestyle.Singleton);
resolver.Register <IOutput, OutputDebug>(Lifestyle.Singleton);
resolver.Compile();
var command = resolver.Resolve <ICommand>();
command.Execute(sample.Directory, pattern);
var actualFilePath = sample.GetFirstFilePath();
sample.DeleteDirectory();
Assert.AreEqual(sample.ExpectedFilePath, actualFilePath);
}
/// <summary>
/// Browser handles missing page implementation.
/// </summary>
/// <param name="browserType">
/// Browser type.
/// </param>
private void BrowserHandlesMissingPageImplementation(BrowserType browserType)
{
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserInstances = new Dictionary <BrowserType, int> {
{ browserType, 1 }
};
const int MaxWait = 10;
using (var manager = new BrowserManager(browserInstances))
{
var browser = manager.AcquireBrowser(browserType);
var stopWatch = new Stopwatch();
stopWatch.Start();
// make the request, wait for up to 10 seconds.
browser.NavigateTo(
"http://ieonline.microsoft.com/pinnedconfig?action=1&CurrentPage=1&itemId=1&nextQuestionId=1&nextQuestionUserId=1");
browser.WaitForPageLoad(MaxWait);
stopWatch.Stop();
// expect a browser specific 404 message
browser.PageSource.ShouldContain("Page not found");
stopWatch.ElapsedMilliseconds.ShouldBeLessThan((MaxWait * 1000) + 1500);
}
}
public void DomXssTestFalsePositiveResult()
{
const string TestUrl = @"http://www.bing.com/search?q=seattle";
var propertyBag = new ConcurrentDictionary <int, bool>();
var browserMock = CreateMockBrowser();
browserMock
.Setup(m => m.NavigateTo(It.IsAny <string>()))
.Callback <string>(s => propertyBag[Thread.CurrentThread.ManagedThreadId] = s.Contains("alert()"));
// some pages pop their own dialog boxes, we should ignore these
string alertText = "** Expected message from the page **";
browserMock
.Setup(m => m.DismissedIfAlertDisplayed(out alertText))
.Returns(() => propertyBag.ContainsKey(Thread.CurrentThread.ManagedThreadId) && propertyBag[Thread.CurrentThread.ManagedThreadId]);
browserMock
.SetupGet(m => m.PageSource)
.Returns("pagesource");
browserMock
.SetupGet(m => m.Url)
.Returns("http://foo");
var factoryMock = new Mock <IBrowserFactory>();
factoryMock
.Setup(m => m.Create(It.IsAny <BrowserType>()))
.Returns(browserMock.Object);
ObjectResolver.RegisterType <IProcessManager, ProcessManager>();
var browserManagerMock = this.CreateBrowserManager(new[] { BrowserType.Chrome });
browserManagerMock
.Setup(m => m.AcquireBrowser(It.Is <BrowserType>(b => b == BrowserType.Chrome)))
.Returns(browserMock.Object);
ObjectResolver.RegisterInstance(browserManagerMock.Object);
var target = Target.Create(TestUrl);
var context = new Context();
var instance = new TestableDomXssTest();
instance.Init(context, target);
// introduce our known injection strings
instance.InjectTestCaseStrings(new[] { "blah", "alert()", "foo" });
// run the test
instance.DoTests();
// a vuln should be found
instance.Vulnerabilities.ShouldNotBeNull();
instance.Vulnerabilities.Count.ShouldEqual(0);
}
public void PrepareBasic()
{
container = ObjectResolver.Create();
RegisterBasic(container);
container.Compile();
}
public static IUnityContainer Initialise()
{
var container = BuildUnityContainer();
DependencyResolver.SetResolver(new UnityDependencyResolver(container));
ObjectResolver.SetContainer(container);
return(container);
}
public PluginManager(ObjectResolver iocContainer = null)
{
if (iocContainer == null)
{
iocContainer = ObjectResolver.Create();
}
_container = iocContainer;
}
/// <summary>
/// The release browser.
/// </summary>
/// <param name="browser">
/// The browser.
/// </param>
public static void ReleaseBrowser(BrowserAbstract browser)
{
if (browser != null)
{
var browserManager = ObjectResolver.Resolve <IBrowserManager>();
browserManager.ReleaseBrowser(browser);
}
}
public void AssignField()
{
var testInstance = new TestExtractClass();
Assert.That(testInstance.SomeField, Is.EqualTo(0));
ObjectResolver.SetValue("SomeField", testInstance, 3);
Assert.That(testInstance.SomeField, Is.EqualTo(3));
}
protected override object CreateContainer(Type t)
{
var container = ObjectResolver.Create();
container.Register(Lifestyle.Transient, t, t);
container.Compile();
return(container);
}
