/// <summary>
 /// Initializes a new instance of the <see cref="SoapFormatMessage" /> class.
 /// </summary>
 /// <param name="soapOperation">The SOAP operation.</param>
 /// <param name="messageFaultSoapBuilder">The message fault SOAP builder.</param>
 /// <param name="ns">The WS namespace.</param>
 public SoapFormatMessage(SoapOperation soapOperation, IMessageFaultSoapBuilder messageFaultSoapBuilder, string ns)
 {
     this._exceptionHandler = exception => messageFaultSoapBuilder.BuildException(exception, soapOperation.ToString());
     var response = soapOperation.GetResponse();
     var responseElement = response.ToString();
     this._xmlQualifiedName = new XmlQualifiedName(responseElement, ns);
 }
Beispiel #2
0
        /// <summary>
        /// Gets the query root element for SDMX V20.
        /// </summary>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <returns>
        /// The query root element qualified name; otherwise <see cref="XmlQualifiedName.Empty"/>
        /// </returns>
        public static XmlQualifiedName GetQueryRootElementV20(this SoapOperation operation)
        {
            ElementNameTable element;

            switch (operation)
            {
            case SoapOperation.GetUtilityData:
            case SoapOperation.GetCompactData:
            case SoapOperation.GetCrossSectionalData:
            case SoapOperation.GetGenericData:
            case SoapOperation.GetGenericMetadata:
                element = ElementNameTable.QueryMessage;
                break;

            case SoapOperation.QueryStructure:
                element = ElementNameTable.RegistryInterface;
                break;

            case SoapOperation.SubmitStructure:     // Add case for submit structure
                element = ElementNameTable.RegistryInterface;
                break;

            default:
                return(XmlQualifiedName.Empty);
            }

            return(new XmlQualifiedName(NameTableCache.GetElementName(element), SdmxConstants.MessageNs20));
        }
Beispiel #3
0
        /// <summary>
        /// The get message type.
        /// </summary>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <returns>
        /// The <see cref="MessageEnumType"/>.
        /// </returns>
        public static MessageEnumType GetMessageType(this SoapOperation operation)
        {
            switch (operation)
            {
            case SoapOperation.GetCompactData:
            case SoapOperation.GetStructureSpecificData:
            case SoapOperation.GetStructureSpecificTimeSeriesData:
                return(MessageEnumType.CompactData);

            case SoapOperation.GetUtilityData:
                return(MessageEnumType.UtilityData);

            case SoapOperation.GetCrossSectionalData:
                return(MessageEnumType.CrossSectionalData);

            case SoapOperation.GetGenericData:
                return(MessageEnumType.GenericData);

            case SoapOperation.GetGenericTimeSeriesData:
                return(MessageEnumType.GenericData);

            case SoapOperation.GetGenericMetadata:
                return(MessageEnumType.GenericMetadata);

            case SoapOperation.GetStructureSpecificMetadata:
                return(MessageEnumType.MetadataReport);

            case SoapOperation.GetStructures:
            case SoapOperation.GetDataflow:
            case SoapOperation.GetMetadataflow:
            case SoapOperation.GetDataStructure:
            case SoapOperation.GetMetadataStructure:
            case SoapOperation.GetCategoryScheme:
            case SoapOperation.GetConceptScheme:
            case SoapOperation.GetCodelist:
            case SoapOperation.GetHierarchicalCodelist:
            case SoapOperation.GetOrganisationScheme:
            case SoapOperation.GetReportingTaxonomy:
            case SoapOperation.GetStructureSet:
            case SoapOperation.GetProcess:
            case SoapOperation.GetCategorisation:
            case SoapOperation.GetProvisionAgreement:
            case SoapOperation.GetConstraint:
                return(MessageEnumType.Structure);

            case SoapOperation.GetDataSchema:
                return(MessageEnumType.Unknown);

            case SoapOperation.QueryStructure:
                return(MessageEnumType.RegistryInterface);

            case SoapOperation.SubmitStructure:     // Add case for submit structure
                return(MessageEnumType.RegistryInterface);
            }

            return(MessageEnumType.Null);
        }
Beispiel #4
0
        /// <summary>
        /// Initializes a new instance of the <see cref="XmlStreamWrapper"/> class.
        /// </summary>
        /// <param name="controller">
        /// The <see cref="IStreamController{XmlWriter}"/> which will be used at <see cref="WriteXml"/>
        /// </param>
        /// <param name="soapOperation">
        /// The soap Operation.
        /// </param>
        /// <exception cref="ArgumentNullException">
        /// <paramref name="controller"/>
        ///   is null
        /// </exception>
        internal XmlStreamWrapper(IStreamController <XmlWriter> controller, SoapOperation soapOperation) : this()
        {
            if (controller == null)
            {
                throw new ArgumentNullException("controller");
            }

            this._controller    = controller;
            this._soapOperation = soapOperation;
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="XmlStreamWrapper"/> class.
        /// </summary>
        /// <param name="controller">
        /// The <see cref="IStreamController{XmlWriter}"/> which will be used at <see cref="WriteXml"/> 
        /// </param>
        /// <param name="soapOperation">
        /// The soap Operation.
        /// </param>
        /// <exception cref="ArgumentNullException">
        /// <paramref name="controller"/>
        ///   is null
        /// </exception>
        internal XmlStreamWrapper(IStreamController<XmlWriter> controller, SoapOperation soapOperation) : this()
        {
            if (controller == null)
            {
                throw new ArgumentNullException("controller");
            }

            this._controller = controller;
            this._soapOperation = soapOperation;
        }
Beispiel #6
0
        static void FuzzHttpGetPort(SoapBinding binding)
        {
            SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);

            foreach (SoapBindingOperation op in binding.Operations)
            {
                Console.WriteLine("Fuzzing operation: " + op.Name);
                string        url   = _endpoint + op.Location;
                SoapOperation po    = portType.Operations.Single(p => p.Name == op.Name);
                SoapMessage   input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);
                Dictionary <string, string> parameters = new Dictionary <string, string>();

                foreach (SoapMessagePart part in input.Parts)
                {
                    parameters.Add(part.Name, part.Type);
                }

                bool        first    = true;
                List <Guid> guidList = new List <Guid>();
                foreach (var param in parameters)
                {
                    if (param.Value.EndsWith("string"))
                    {
                        Guid guid = Guid.NewGuid();
                        guidList.Add(guid);
                        url += (first ? "?" : "&") + param.Key + "=" + guid.ToString();
                    }
                    first = false;
                }
                Console.WriteLine("Fuzzing full url: " + url);
                int k = 0;
                foreach (Guid guid in guidList)
                {
                    string         testUrl = url.Replace(guid.ToString(), "fd'sa");
                    HttpWebRequest req     = (HttpWebRequest)WebRequest.Create(testUrl);
                    string         resp    = string.Empty;
                    try
                    {
                        using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
                            resp = rdr.ReadToEnd();
                    }
                    catch (WebException ex)
                    {
                        using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
                            resp = rdr.ReadToEnd();

                        if (resp.Contains("syntax error"))
                        {
                            Console.WriteLine("Possible SQL injection vector in parameter: " + input.Parts[k].Name);
                        }
                    }
                    k++;
                }
            }
        }
Beispiel #7
0
        /// <summary>
        /// Initializes a new instance of the <see cref="AdvancedDataController{TWriter}" /> class.
        /// </summary>
        /// <param name="operation">The operation.</param>
        /// <param name="decoratedController">The decorated Controller.</param>
        /// <param name="sdmxRetrievalManager">The sdmx Retrieval Manager.</param>
        /// <exception cref="System.ArgumentNullException"><see cref="_sdmxRetrievalManager"/> is null.</exception>
        /// <exception cref="SdmxSemmanticException">Operation not accepted with query used</exception>
        public AdvancedDataController(SoapOperation operation, IController <IComplexDataQuery, TWriter> decoratedController, ISdmxObjectRetrievalManager sdmxRetrievalManager)
            : base(decoratedController)
        {
            if (sdmxRetrievalManager == null)
            {
                throw new ArgumentNullException("sdmxRetrievalManager");
            }

            this._sdmxRetrievalManager = sdmxRetrievalManager;
            this._rootNode             = operation.GetQueryRootElementV21();
        }
        /// <summary>
        /// Invokes the service.
        /// </summary>
        /// <param name="wsClient">
        /// The ws client.
        /// </param>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <param name="request">
        /// The request.
        /// </param>
        /// <param name="response">
        /// The response.
        /// </param>
        /// <param name="schemaVersion">
        /// The schema version.
        /// </param>
        /// <param name="compress">
        /// if set to <c>true</c> [compress].
        /// </param>
        /// <returns>
        /// The <see cref="bool"/>.
        /// </returns>
        public bool InvokeService(SdmxWsClient wsClient, SoapOperation operation, FileInfo request, FileInfo response, SdmxSchemaEnumType schemaVersion, bool compress = false)
        {
            var sdmxMessage = new FileInfo(Path.Combine(response.DirectoryName ?? string.Empty, response.Name + ".sdmx.xml"));
            try
            {
                wsClient.InvokeService(operation, request, response, compress);
                using (var reader = XmlReader.Create(response.FullName, new XmlReaderSettings() {IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true}))
                using (var writer = XmlWriter.Create(sdmxMessage.FullName, new XmlWriterSettings() {Encoding = Encoding.UTF8, Indent = true }))
                {
                    SdmxMessageUtil.FindSdmx(reader);
                    writer.WriteNode(reader, true);

                    writer.Flush();
                }
            }
            catch (WebException e)
            {
                _log.Error(e.Message, e);
                var webResponse = e.Response;
                if (webResponse != null)
                {
                    var tempFileName = Path.GetTempFileName();
                    _log.ErrorFormat("Logging error at {0}", tempFileName);
                    WriteResponse(webResponse, tempFileName);
                    var errorCode = GetErrorCode(tempFileName);
                    _log.ErrorFormat("Error code : {0} ", errorCode);
                    _log.Error(File.ReadAllText(tempFileName));
                    File.Delete(tempFileName);
                }

                throw;
            }

            using (IReadableDataLocation location = new FileReadableDataLocation(sdmxMessage))
            {
                var actualVersion = SdmxMessageUtil.GetSchemaVersion(location);
                if (actualVersion != schemaVersion)
                {
                    return false;
                }

                var actualMessageType = SdmxMessageUtil.GetMessageType(location);
                var expectedMessageType = operation.GetMessageType();
                if (actualMessageType != expectedMessageType)
                {
                    return false;
                }
            }

            return true;
        }
Beispiel #9
0
        /// <summary>
        /// Initializes a new instance of the <see cref="StructureRequestV21AdvancedController{TWriter}"/> class.
        /// </summary>
        /// <param name="responseGenerator">
        /// The response generator.
        /// </param>
        /// <param name="authStructureSearchManager">
        /// The authentication structure search manager.
        /// </param>
        /// <param name="structureSearchManager">
        /// The structure search manager.
        /// </param>
        /// <param name="principal">
        /// The principal.
        /// </param>
        /// <param name="soapOperation">
        /// The SOAP operation.
        /// </param>
        /// <exception cref="SdmxSemmanticException">
        /// Operation not accepted with query used
        /// </exception>
        public StructureRequestV21AdvancedController(
            IResponseGenerator <TWriter, ISdmxObjects> responseGenerator,
            IAuthAdvancedMutableStructureSearchManager authStructureSearchManager,
            IAdvancedMutableStructureSearchManager structureSearchManager,
            DataflowPrincipal principal,
            SoapOperation soapOperation)
            : base(responseGenerator, principal)
        {
            this._authStructureSearchManager = authStructureSearchManager;
            this._structureSearchManager     = structureSearchManager;
            SdmxSchema sdmxSchemaV21 = SdmxSchema.GetFromEnum(SdmxSchemaEnumType.VersionTwoPointOne);

            this._manager  = new QueryParsingManager(sdmxSchemaV21.EnumType);
            this._rootNode = soapOperation.GetQueryRootElementV21();
        }
        /// <summary>
        /// The method that handle the processing of the SDMX query and orchestrate the
        /// calls to different building blocks.
        /// </summary>
        /// <param name="input">The XML containing the query bean</param>
        /// <param name="soapOperation">The SOAP operation.</param>
        /// <param name="baseDataFormat">The base data format.</param>
        /// <returns>The queried data in specified format</returns>
        private XmlStreamWrapper HandleDataRequest(XmlNode input, SoapOperation soapOperation, BaseDataFormatEnumType baseDataFormat)
        {
            _logger.DebugFormat(CultureInfo.InvariantCulture, "Received request for {0} for endpoint {1}", soapOperation, this.Endpoint);
            IStreamController<XmlWriter> streamController = _dataRequestController.ParseRequest(input, baseDataFormat.GetDataType(SdmxSchemaEnumType.VersionTwo));

            return new XmlStreamWrapper(streamController, soapOperation);
        }
 /// <summary>
 /// Builds the Advanced Structure controller for SDMX V21 SOAP.
 /// </summary>
 /// <param name="principal">
 /// The principal.
 /// </param>
 /// <param name="soapOperation">
 /// The SOAP operation.
 /// </param>
 /// <returns>
 /// The <see cref="IController{XmlNode,XmlWriter}"/>.
 /// </returns>
 public IController<Message, XmlWriter> BuildAdvancedQueryStructureV21(DataflowPrincipal principal, SoapOperation soapOperation)
 {
     IWriterBuilder<IStructureWriterManager, XmlWriter> structureManagerBuilder = new StructureBuilder(WebServiceEndpoint.StandardEndpoint, _sdmxSchemaV21);
     IResponseGenerator<XmlWriter, ISdmxObjects> responseGenerator = new StructureResponseGenerator(structureManagerBuilder, StructureOutputFormatEnumType.SdmxV21StructureDocument);
     var structureRequestController = new StructureRequestV21AdvancedController<XmlWriter>(
         responseGenerator, 
         this._authAdvancedMutableStructureSearchManager, 
         this._advancedMutableStructureSearchManager, 
         principal, 
         soapOperation);
     return structureRequestController;
 }
Beispiel #12
0
        /// <summary>
        /// Gets the response.
        /// </summary>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <exception cref="System.ArgumentOutOfRangeException">
        /// operation;Not valid operation.
        /// </exception>
        /// <returns>
        /// The <see cref="SoapOperationResponse"/>.
        /// </returns>
        public static SoapOperationResponse GetResponse(this SoapOperation operation)
        {
            switch (operation)
            {
            case SoapOperation.Null:
                return(SoapOperationResponse.Null);

            case SoapOperation.QueryStructure:
                return(SoapOperationResponse.QueryStructureResponse);

            case SoapOperation.GetCompactData:
                return(SoapOperationResponse.GetCompactDataResponse);

            case SoapOperation.GetCrossSectionalData:
                return(SoapOperationResponse.GetCrossSectionalDataResponse);

            case SoapOperation.GetGenericData:
                return(SoapOperationResponse.GetGenericDataResponse);

            case SoapOperation.GetGenericTimeSeriesData:
                return(SoapOperationResponse.GetGenericTimeSeriesDataResponse);

            case SoapOperation.GetStructureSpecificData:
                return(SoapOperationResponse.GetStructureSpecificDataResponse);

            case SoapOperation.GetStructureSpecificTimeSeriesData:
                return(SoapOperationResponse.GetStructureSpecificTimeSeriesDataResponse);

            case SoapOperation.GetGenericMetadata:
                return(SoapOperationResponse.GetGenericMetadataResponse);

            case SoapOperation.GetStructureSpecificMetadata:
                return(SoapOperationResponse.GetStructureSpecificMetadataResponse);

            case SoapOperation.GetStructures:
                return(SoapOperationResponse.GetStructuresResponse);

            case SoapOperation.GetDataflow:
                return(SoapOperationResponse.GetDataflowResponse);

            case SoapOperation.GetMetadataflow:
                return(SoapOperationResponse.GetMetadataflowResponse);

            case SoapOperation.GetDataStructure:
                return(SoapOperationResponse.GetDataStructureResponse);

            case SoapOperation.GetMetadataStructure:
                return(SoapOperationResponse.GetMetadataStructureResponse);

            case SoapOperation.GetCategoryScheme:
                return(SoapOperationResponse.GetCategorySchemeResponse);

            case SoapOperation.GetConceptScheme:
                return(SoapOperationResponse.GetConceptSchemeResponse);

            case SoapOperation.GetCodelist:
                return(SoapOperationResponse.GetCodelistResponse);

            case SoapOperation.GetHierarchicalCodelist:
                return(SoapOperationResponse.GetHierarchicalCodelistResponse);

            case SoapOperation.GetOrganisationScheme:
                return(SoapOperationResponse.GetOrganisationSchemeResponse);

            case SoapOperation.GetReportingTaxonomy:
                return(SoapOperationResponse.GetReportingTaxonomyResponse);

            case SoapOperation.GetStructureSet:
                return(SoapOperationResponse.GetStructureSetResponse);

            case SoapOperation.GetProcess:
                return(SoapOperationResponse.GetProcessResponse);

            case SoapOperation.GetCategorisation:
                return(SoapOperationResponse.GetCategorisationResponse);

            case SoapOperation.GetProvisionAgreement:
                return(SoapOperationResponse.GetProvisionAgreementResponse);

            case SoapOperation.GetConstraint:
                return(SoapOperationResponse.GetConstraintResponse);

            case SoapOperation.GetDataSchema:
                return(SoapOperationResponse.GetDataSchemaResponse);

            case SoapOperation.GetMetadataSchema:
                return(SoapOperationResponse.GetMetadataSchemaResponse);

            case SoapOperation.SubmitStructure:
                return(SoapOperationResponse.SubmitStructureResponse);

            default:
                throw new ArgumentOutOfRangeException("operation", operation, "Not valid operation.");
            }
        }
 /// <summary>
 /// Writes the response.
 /// </summary>
 /// <param name="soapOperation">The SOAP operation.</param>
 /// <param name="controller">The controller.</param>
 /// <returns>The <see cref="Message"/>.</returns>
 private Message WriteResponse(SoapOperation soapOperation, IStreamController<XmlWriter> controller)
 {
     var format = new SoapFormatMessage(soapOperation, _messageFaultBuilder, SoapNamespaces.SdmxV21);
     return this._messageBuilderManager.GetResponse<SdmxMessageSoap, XmlWriter>(format, controller);
 }
Beispiel #14
0
        /// <summary>
        /// The method that handle the processing of the sdmx query and orchestrate the
        ///     calls to different building blocks.
        /// </summary>
        /// <param name="input">
        /// The xml containing the SDMX Query
        /// </param>
        /// <param name="controller">
        /// The Controller of the request
        /// </param>
        /// <param name="xmlQualifiedName">
        /// Name of the XML qualified.
        /// </param>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <returns>
        /// The queried data in specified format
        /// </returns>
        /// <exception cref="System.ServiceModel.Web.WebFaultException">
        /// Internal server error.
        /// </exception>
        private static Message HandleRequest(Message input, IController <Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation operation)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(CultureInfo.InvariantCulture, "Request: {0}\n", input);
            }

            try
            {
                IStreamController <XmlWriter> streamController = controller.ParseRequest(input);
                WebOperationContext           ctx = WebOperationContext.Current;
                if (ctx == null)
                {
                    _log.Error("Current WebOperationContext is null. Please check service configuration.");
                    throw new WebFaultException(HttpStatusCode.InternalServerError);
                }

                Message message = new SdmxMessageSoap(
                    streamController,
                    xmlQualifiedName: xmlQualifiedName,
                    exceptionHandler: exception => _messageFaultBuilder.BuildException(exception, operation.ToString()));

                return(message);
            }
            catch (Exception e)
            {
                _log.Error(operation.ToString(), e);
                throw _messageFaultBuilder.BuildException(e, operation.ToString());
            }
        }
Beispiel #15
0
        /// <summary>
        /// Builds the Advanced Structure controller for SDMX V21 SOAP.
        /// </summary>
        /// <param name="principal">
        /// The principal.
        /// </param>
        /// <param name="soapOperation">
        /// The SOAP operation.
        /// </param>
        /// <returns>
        /// The <see cref="IController{XmlNode,XmlWriter}"/>.
        /// </returns>
        public IController <Message, XmlWriter> BuildAdvancedQueryStructureV21(DataflowPrincipal principal, SoapOperation soapOperation)
        {
            IWriterBuilder <IStructureWriterManager, XmlWriter> structureManagerBuilder = new StructureBuilder(WebServiceEndpoint.StandardEndpoint, _sdmxSchemaV21);
            IResponseGenerator <XmlWriter, ISdmxObjects>        responseGenerator       = new StructureResponseGenerator(structureManagerBuilder, StructureOutputFormatEnumType.SdmxV21StructureDocument);
            var structureRequestController = new StructureRequestV21AdvancedController <XmlWriter>(
                responseGenerator,
                this._authAdvancedMutableStructureSearchManager,
                this._advancedMutableStructureSearchManager,
                principal,
                soapOperation);

            return(structureRequestController);
        }
 /// <summary>
 /// Writes the response.
 /// </summary>
 /// <param name="soapOperation">The SOAP operation.</param>
 /// <param name="streamController">The stream controller.</param>
 /// <returns>The <see cref="Message"/>.</returns>
 private Message WriteResponse(SoapOperation soapOperation, IStreamController<XmlWriter> streamController)
 {
     IMessageFormat format = new SoapFormatMessage(soapOperation, this._faultSoapBuilderFactory.GetMessageFaultSoapBuilder(SdmxSchemaEnumType.VersionTwo), this.Ns);
     return this._messageBuilderManager.GetResponse<SdmxMessageSoap, XmlWriter>(format, streamController);
 }
Beispiel #17
0
        static void FuzzSoapPort(SoapBinding binding)
        {
            SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);

            foreach (SoapBindingOperation op in binding.Operations)
            {
                Console.WriteLine("Fuzzing operation: " + op.Name);
                SoapOperation po    = portType.Operations.Single(p => p.Name == op.Name);
                SoapMessage   input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);

                XNamespace soapNS        = "http://schemas.xmlsoap.org/soap/envelope/";
                XNamespace xmlNS         = op.SoapAction.Replace(op.Name, string.Empty);
                XElement   soapBody      = new XElement(soapNS + "Body");
                XElement   soapOperation = new XElement(xmlNS + op.Name);

                soapBody.Add(soapOperation);

                List <Guid> paramList = new List <Guid>();
                SoapType    type      = _wsdl.Types.Single(t => t.Name == input.Parts[0].Element.Split(':')[1]);
                foreach (SoapTypeParameter param in type.Parameters)
                {
                    XElement soapParam = new XElement(xmlNS + param.Name);
                    if (param.Type.EndsWith("string"))
                    {
                        Guid guid = Guid.NewGuid();
                        paramList.Add(guid);
                        soapParam.SetValue(guid.ToString());
                    }
                    soapOperation.Add(soapParam);
                }

                XDocument soapDoc = new XDocument(new XDeclaration("1.0", "ascii", "true"), new XElement(soapNS + "Envelope", new XAttribute(XNamespace.Xmlns + "soap", soapNS), new XAttribute("xmlns", xmlNS), soapBody));

                int k = 0;
                foreach (Guid parm in paramList)
                {
                    string         testSoap = soapDoc.ToString().Replace(parm.ToString(), "fd'sa");
                    byte[]         data     = System.Text.Encoding.ASCII.GetBytes(testSoap);
                    HttpWebRequest req      = (HttpWebRequest)WebRequest.Create(_endpoint);

                    req.Headers["SOAPAction"] = op.SoapAction;
                    req.Method        = "POST";
                    req.ContentType   = "text/xml";
                    req.ContentLength = data.Length;

                    using (Stream stream = req.GetRequestStream())
                        stream.Write(data, 0, data.Length);

                    string resp = string.Empty;
                    try
                    {
                        using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
                            resp = rdr.ReadToEnd();
                    }
                    catch (WebException ex)
                    {
                        using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
                            resp = rdr.ReadToEnd();

                        if (resp.Contains("syntax error"))
                        {
                            Console.WriteLine("Possible SQL injection vector in parameter: ");
                        }
                        Console.Write(type.Parameters[k].Name);
                    }
                    k++;
                }
            }
        }
Beispiel #18
0
        static void FuzzHttpPostPort(SoapBinding binding)
        {
            SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);

            foreach (SoapBindingOperation op in binding.Operations)
            {
                Console.WriteLine("Fuzzing Operation: " + op.Name);
                string        url   = _endpoint + op.Location;
                SoapOperation po    = portType.Operations.Single(p => p.Name == op.Name);
                SoapMessage   input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);
                Dictionary <string, string> parameters = new Dictionary <string, string>();

                foreach (SoapMessagePart part in input.Parts)
                {
                    parameters.Add(part.Name, part.Type);
                }

                string      postParams = string.Empty;
                bool        first      = true;
                List <Guid> guids      = new List <Guid>();
                foreach (var param in parameters)
                {
                    if (param.Value.EndsWith("string"))
                    {
                        Guid guid = Guid.NewGuid();
                        postParams += (first ? "" : "&") + param.Key + "=" + guid.ToString();
                        guids.Add(guid);
                    }
                    if (first)
                    {
                        first = false;
                    }
                }

                int k = 0;
                foreach (Guid guid in guids)
                {
                    string testParams = postParams.Replace(guid.ToString(), "fd'sa");
                    byte[] data       = System.Text.Encoding.ASCII.GetBytes(testParams);

                    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
                    req.Method        = "POST";
                    req.ContentType   = "application/x-www-form-urlencoded";
                    req.ContentLength = data.Length;
                    req.GetRequestStream().Write(data, 0, data.Length);

                    string resp = string.Empty;
                    try
                    {
                        using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
                            resp = rdr.ReadToEnd();
                    }
                    catch (WebException ex)
                    {
                        using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
                            resp = rdr.ReadToEnd();

                        if (resp.Contains("syntax error"))
                        {
                            Console.WriteLine("Possible SQL injection vector in parameter: " + input.Parts[k].Name);
                        }
                    }
                    k++;
                }
            }
        }
        /// <summary>
        /// The method that handle the processing of the SDMX query and orchestrate the
        /// calls to different building blocks.
        /// </summary>
        /// <param name="input">The XML containing the query bean</param>
        /// <param name="soapOperation">The SOAP operation.</param>
        /// <returns>
        /// The queried data in specified format
        /// </returns>
        private XmlStreamWrapper HandleRequest(XmlNode input, SoapOperation soapOperation)
        {
            _logger.DebugFormat(CultureInfo.InvariantCulture, "Received request for {0} for endpoint {1}", soapOperation, this.Endpoint);
            IStreamController<XmlWriter> streamController = _structureRequestController.ParseRequest(input, this.Endpoint);

            return new XmlStreamWrapper(streamController, soapOperation);
        }
        /// <summary>
        /// The method that handle the processing of the sdmx query and orchestrate the
        ///     calls to different building blocks.
        /// </summary>
        /// <param name="input">
        /// The xml containing the SDMX Query
        /// </param>
        /// <param name="controller">
        /// The Controller of the request
        /// </param>
        /// <param name="xmlQualifiedName">
        /// Name of the XML qualified.
        /// </param>
        /// <param name="getSoapOperation">
        /// The get SOAP operation.
        /// </param>
        /// <returns>
        /// The queried data in specified format
        /// </returns>
        /// <exception cref="Org.Sdmxsource.Sdmx.Api.Exception.SdmxInternalServerException">
        /// Not initialized correctly
        /// </exception>
        private static Message HandleRequest(Message input, IController<Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation getSoapOperation)
        {
            try
            {
                IStreamController<XmlWriter> streamController = controller.ParseRequest(input);
                WebOperationContext ctx = WebOperationContext.Current;
                if (ctx == null)
                {
                    _log.Error("Current WebOperationContext is null. Please check service configuration.");
                    throw new SdmxInternalServerException("Not initialized correctly");
                }

                Message message = new SdmxMessageSoap(streamController, exception => _messageFaultBuilder.BuildException(exception, getSoapOperation.ToString()), xmlQualifiedName);

                return message;
            }
            catch (Exception e)
            {
                _log.Error(xmlQualifiedName, e);

                ////return Message.CreateMessage(MessageVersion.Soap11, _messageFaultBuilder.Build(e, xmlQualifiedName.Name), string.Empty);
                throw _messageFaultBuilder.BuildException(e, getSoapOperation.ToString());
            }
        }
Beispiel #21
0
        /// <summary>
        /// The method that handle the processing of the sdmx query and orchestrate the
        ///     calls to different building blocks.
        /// </summary>
        /// <param name="input">
        /// The xml containing the SDMX Query
        /// </param>
        /// <param name="controller">
        /// The Controller of the request
        /// </param>
        /// <param name="xmlQualifiedName">
        /// Name of the XML qualified.
        /// </param>
        /// <param name="getSoapOperation">
        /// The get SOAP operation.
        /// </param>
        /// <returns>
        /// The queried data in specified format
        /// </returns>
        /// <exception cref="Org.Sdmxsource.Sdmx.Api.Exception.SdmxInternalServerException">
        /// Not initialized correctly
        /// </exception>
        private static Message HandleRequest(Message input, IController <Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation getSoapOperation)
        {
            try
            {
                IStreamController <XmlWriter> streamController = controller.ParseRequest(input);
                WebOperationContext           ctx = WebOperationContext.Current;
                if (ctx == null)
                {
                    _log.Error("Current WebOperationContext is null. Please check service configuration.");
                    throw new SdmxInternalServerException("Not initialized correctly");
                }

                Message message = new SdmxMessageSoap(streamController, exception => _messageFaultBuilder.BuildException(exception, getSoapOperation.ToString()), xmlQualifiedName);

                return(message);
            }
            catch (Exception e)
            {
                _log.Error(xmlQualifiedName, e);

                ////return Message.CreateMessage(MessageVersion.Soap11, _messageFaultBuilder.Build(e, xmlQualifiedName.Name), string.Empty);
                throw _messageFaultBuilder.BuildException(e, getSoapOperation.ToString());
            }
        }
Beispiel #22
0
 /// <summary>
 /// Initializes a new instance of the <see cref="Body"/> class.
 /// </summary>
 /// <param name="operation">The operation for this request.</param>
 public Body(SoapOperation operation)
 {
     this.Action  = operation.Action;
     this.Service = operation.Service;
 }
        /// <summary>
        /// The method that handle the processing of the sdmx query and orchestrate the
        ///     calls to different building blocks.
        /// </summary>
        /// <param name="input">
        /// The xml containing the SDMX Query
        /// </param>
        /// <param name="controller">
        /// The Controller of the request
        /// </param>
        /// <param name="xmlQualifiedName">
        /// Name of the XML qualified.
        /// </param>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <returns>
        /// The queried data in specified format
        /// </returns>
        /// <exception cref="System.ServiceModel.Web.WebFaultException">
        /// Internal server error.
        /// </exception>
        private static Message HandleRequest(Message input, IController<Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation operation)
        {
            if (_log.IsDebugEnabled)
            {
                _log.DebugFormat(CultureInfo.InvariantCulture, "Request: {0}\n", input);
            }

            try
            {
                IStreamController<XmlWriter> streamController = controller.ParseRequest(input);
                WebOperationContext ctx = WebOperationContext.Current;
                if (ctx == null)
                {
                    _log.Error("Current WebOperationContext is null. Please check service configuration.");
                    throw new WebFaultException(HttpStatusCode.InternalServerError);
                }

                Message message = new SdmxMessageSoap(
                    streamController,
                    xmlQualifiedName: xmlQualifiedName,
                    exceptionHandler: exception => _messageFaultBuilder.BuildException(exception, operation.ToString()));

                return message;
            }
            catch (Exception e)
            {
                _log.Error(operation.ToString(), e);
                throw _messageFaultBuilder.BuildException(e, operation.ToString());
            }
        }
 /// <summary>
 /// Initializes a new instance of the <see cref="DispatchBodyElementAttribute"/> class.
 /// </summary>
 /// <param name="operation">
 /// The operation.
 /// </param>
 /// <param name="ns">
 /// The namespace.
 /// </param>
 public DispatchBodyElementAttribute(SoapOperation operation, string ns)
 {
     this._qname = new XmlQualifiedName(operation.ToString(), ns);
 }
Beispiel #25
0
        /// <summary>
        /// Gets the query root element for SDMX V21.
        /// </summary>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <returns>
        /// The query root element qualified name; otherwise <see cref="XmlQualifiedName.Empty"/>
        /// </returns>
        public static XmlQualifiedName GetQueryRootElementV21(this SoapOperation operation)
        {
            ElementNameTable element;

            switch (operation)
            {
            case SoapOperation.GetGenericData:
                element = ElementNameTable.GenericDataQuery;
                break;

            case SoapOperation.GetGenericTimeSeriesData:
                element = ElementNameTable.GenericTimeSeriesDataQuery;
                break;

            case SoapOperation.GetStructureSpecificData:
                element = ElementNameTable.StructureSpecificDataQuery;
                break;

            case SoapOperation.GetStructureSpecificTimeSeriesData:
                element = ElementNameTable.StructureSpecificTimeSeriesDataQuery;
                break;

            case SoapOperation.GetGenericMetadata:
                element = ElementNameTable.GenericMetadataQuery;
                break;

            case SoapOperation.GetStructureSpecificMetadata:
                element = ElementNameTable.StructureSpecificMetadataQuery;
                break;

            case SoapOperation.GetStructures:
                element = ElementNameTable.StructuresQuery;
                break;

            case SoapOperation.GetDataflow:
                element = ElementNameTable.DataflowQuery;
                break;

            case SoapOperation.GetMetadataflow:
                element = ElementNameTable.MetadataflowQuery;
                break;

            case SoapOperation.GetDataStructure:
                element = ElementNameTable.DataStructureQuery;
                break;

            case SoapOperation.GetMetadataStructure:
                element = ElementNameTable.MetadataStructureQuery;
                break;

            case SoapOperation.GetCategoryScheme:
                element = ElementNameTable.CategorySchemeQuery;
                break;

            case SoapOperation.GetConceptScheme:
                element = ElementNameTable.ConceptSchemeQuery;
                break;

            case SoapOperation.GetCodelist:
                element = ElementNameTable.CodelistQuery;
                break;

            case SoapOperation.GetHierarchicalCodelist:
                element = ElementNameTable.HierarchicalCodelistQuery;
                break;

            case SoapOperation.GetOrganisationScheme:
                element = ElementNameTable.OrganisationSchemeQuery;
                break;

            case SoapOperation.GetReportingTaxonomy:
                element = ElementNameTable.ReportingTaxonomyQuery;
                break;

            case SoapOperation.GetStructureSet:
                element = ElementNameTable.StructureSetQuery;
                break;

            case SoapOperation.GetProcess:
                element = ElementNameTable.ProcessQuery;
                break;

            case SoapOperation.GetCategorisation:
                element = ElementNameTable.CategorisationQuery;
                break;

            case SoapOperation.GetProvisionAgreement:
                element = ElementNameTable.ProvisionAgreementQuery;
                break;

            case SoapOperation.GetConstraint:
                element = ElementNameTable.ConstraintQuery;
                break;

            case SoapOperation.GetDataSchema:
                element = ElementNameTable.DataSchemaQuery;
                break;

            case SoapOperation.GetMetadataSchema:
                element = ElementNameTable.MetadataSchemaQuery;
                break;

            case SoapOperation.SubmitStructure:
                element = ElementNameTable.SubmitStructureResponse;
                break;

            default:
                return(XmlQualifiedName.Empty);
            }

            return(new XmlQualifiedName(NameTableCache.GetElementName(element), SdmxConstants.MessageNs21));
        }
        /// <summary>
        /// Invokes the service error assert.
        /// </summary>
        /// <param name="wsClient">
        /// The WS client.
        /// </param>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <param name="request">
        /// The request.
        /// </param>
        /// <param name="expectedError">
        /// The expected error.
        /// </param>
        /// <param name="compress">
        /// if set to <c>true</c> [compress].
        /// </param>
        /// <returns>
        /// True if the returned error matches the <paramref name="expectedError"/> ; otherwise false.
        /// </returns>
        public bool InvokeServiceErrorAssert(SdmxWsClient wsClient, SoapOperation operation, FileInfo request, int expectedError, bool compress = false)
        {
            var response = new FileInfo(Path.GetTempFileName());
            try
            {
                wsClient.InvokeService(operation, request, response, compress);
            }
            catch (WebException e)
            {
                if (CheckErrorResponse(expectedError, e))
                {
                    return true;
                }
            }

            response.Refresh();
            response.Delete();

            return false;
        }
        /// <summary>
        /// Invokes the service.
        /// </summary>
        /// <param name="operation">
        /// The operation.
        /// </param>
        /// <param name="request">
        /// The request.
        /// </param>
        /// <param name="response">
        /// The response.
        /// </param>
        /// <param name="compress">
        /// The compress.
        /// </param>
        public void InvokeService(SoapOperation operation, FileInfo request, FileInfo response, bool compress = false)
        {
            try
            {
                if (response.DirectoryName != null)
                {
                    Directory.CreateDirectory(response.DirectoryName);
                }

                var requestInfo = new RequestInfo { Operation = operation, Request = request, Response = response, Compress = compress };
                var operationName = requestInfo.Operation.ToString();
                requestInfo.Parameter = this._webServiceInfo.WsdlSettings.GetParameterName(operationName);
                requestInfo.SoapAction = this._webServiceInfo.WsdlSettings.GetSoapAction(operationName);
                this.SendRequest(requestInfo);
            }
            catch (Exception ex)
            {
                _log.Error("Error while sending request", ex);
                throw;
            }
        }
Beispiel #28
0
        /// <summary>
        /// The method that handle the processing of the SDMX query and orchestrate the
        /// calls to different building blocks.
        /// </summary>
        /// <param name="input">The xml containing the query bean</param>
        /// <param name="controller">The Controller of the request</param>
        /// <param name="soapOperation">The SOAP operation.</param>
        /// <returns>
        /// The queried data in specified format
        /// </returns>
        private XmlStreamWrapper HandleRequest(XmlNode input, IController <XmlNode, XmlWriter> controller, SoapOperation soapOperation)
        {
            _logger.DebugFormat(CultureInfo.InvariantCulture, "Received request for {0} for endpoint {1}", soapOperation, this.Endpoint);
            IStreamController <XmlWriter> streamController = controller.ParseRequest(input);

            return(new XmlStreamWrapper(streamController, soapOperation));
        }
Beispiel #29
0
 /// <summary>
 /// Initializes a new instance of the <see cref="DispatchBodyElementAttribute"/> class.
 /// </summary>
 /// <param name="operation">
 /// The operation.
 /// </param>
 /// <param name="ns">
 /// The namespace.
 /// </param>
 public DispatchBodyElementAttribute(SoapOperation operation, string ns)
 {
     this._qname = new XmlQualifiedName(operation.ToString(), ns);
 }