/// <summary>
/// Initializes a new instance of the <see cref="SoapFormatMessage" /> class.
/// </summary>
/// <param name="soapOperation">The SOAP operation.</param>
/// <param name="messageFaultSoapBuilder">The message fault SOAP builder.</param>
/// <param name="ns">The WS namespace.</param>
public SoapFormatMessage(SoapOperation soapOperation, IMessageFaultSoapBuilder messageFaultSoapBuilder, string ns)
{
this._exceptionHandler = exception => messageFaultSoapBuilder.BuildException(exception, soapOperation.ToString());
var response = soapOperation.GetResponse();
var responseElement = response.ToString();
this._xmlQualifiedName = new XmlQualifiedName(responseElement, ns);
}
/// <summary>
/// Gets the query root element for SDMX V20.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <returns>
/// The query root element qualified name; otherwise <see cref="XmlQualifiedName.Empty"/>
/// </returns>
public static XmlQualifiedName GetQueryRootElementV20(this SoapOperation operation)
{
ElementNameTable element;
switch (operation)
{
case SoapOperation.GetUtilityData:
case SoapOperation.GetCompactData:
case SoapOperation.GetCrossSectionalData:
case SoapOperation.GetGenericData:
case SoapOperation.GetGenericMetadata:
element = ElementNameTable.QueryMessage;
break;
case SoapOperation.QueryStructure:
element = ElementNameTable.RegistryInterface;
break;
case SoapOperation.SubmitStructure: // Add case for submit structure
element = ElementNameTable.RegistryInterface;
break;
default:
return(XmlQualifiedName.Empty);
}
return(new XmlQualifiedName(NameTableCache.GetElementName(element), SdmxConstants.MessageNs20));
}
/// <summary>
/// The get message type.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <returns>
/// The <see cref="MessageEnumType"/>.
/// </returns>
public static MessageEnumType GetMessageType(this SoapOperation operation)
{
switch (operation)
{
case SoapOperation.GetCompactData:
case SoapOperation.GetStructureSpecificData:
case SoapOperation.GetStructureSpecificTimeSeriesData:
return(MessageEnumType.CompactData);
case SoapOperation.GetUtilityData:
return(MessageEnumType.UtilityData);
case SoapOperation.GetCrossSectionalData:
return(MessageEnumType.CrossSectionalData);
case SoapOperation.GetGenericData:
return(MessageEnumType.GenericData);
case SoapOperation.GetGenericTimeSeriesData:
return(MessageEnumType.GenericData);
case SoapOperation.GetGenericMetadata:
return(MessageEnumType.GenericMetadata);
case SoapOperation.GetStructureSpecificMetadata:
return(MessageEnumType.MetadataReport);
case SoapOperation.GetStructures:
case SoapOperation.GetDataflow:
case SoapOperation.GetMetadataflow:
case SoapOperation.GetDataStructure:
case SoapOperation.GetMetadataStructure:
case SoapOperation.GetCategoryScheme:
case SoapOperation.GetConceptScheme:
case SoapOperation.GetCodelist:
case SoapOperation.GetHierarchicalCodelist:
case SoapOperation.GetOrganisationScheme:
case SoapOperation.GetReportingTaxonomy:
case SoapOperation.GetStructureSet:
case SoapOperation.GetProcess:
case SoapOperation.GetCategorisation:
case SoapOperation.GetProvisionAgreement:
case SoapOperation.GetConstraint:
return(MessageEnumType.Structure);
case SoapOperation.GetDataSchema:
return(MessageEnumType.Unknown);
case SoapOperation.QueryStructure:
return(MessageEnumType.RegistryInterface);
case SoapOperation.SubmitStructure: // Add case for submit structure
return(MessageEnumType.RegistryInterface);
}
return(MessageEnumType.Null);
}
/// <summary>
/// Initializes a new instance of the <see cref="XmlStreamWrapper"/> class.
/// </summary>
/// <param name="controller">
/// The <see cref="IStreamController{XmlWriter}"/> which will be used at <see cref="WriteXml"/>
/// </param>
/// <param name="soapOperation">
/// The soap Operation.
/// </param>
/// <exception cref="ArgumentNullException">
/// <paramref name="controller"/>
/// is null
/// </exception>
internal XmlStreamWrapper(IStreamController <XmlWriter> controller, SoapOperation soapOperation) : this()
{
if (controller == null)
{
throw new ArgumentNullException("controller");
}
this._controller = controller;
this._soapOperation = soapOperation;
}
/// <summary>
/// Initializes a new instance of the <see cref="XmlStreamWrapper"/> class.
/// </summary>
/// <param name="controller">
/// The <see cref="IStreamController{XmlWriter}"/> which will be used at <see cref="WriteXml"/>
/// </param>
/// <param name="soapOperation">
/// The soap Operation.
/// </param>
/// <exception cref="ArgumentNullException">
/// <paramref name="controller"/>
/// is null
/// </exception>
internal XmlStreamWrapper(IStreamController<XmlWriter> controller, SoapOperation soapOperation) : this()
{
if (controller == null)
{
throw new ArgumentNullException("controller");
}
this._controller = controller;
this._soapOperation = soapOperation;
}
static void FuzzHttpGetPort(SoapBinding binding)
{
SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);
foreach (SoapBindingOperation op in binding.Operations)
{
Console.WriteLine("Fuzzing operation: " + op.Name);
string url = _endpoint + op.Location;
SoapOperation po = portType.Operations.Single(p => p.Name == op.Name);
SoapMessage input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);
Dictionary <string, string> parameters = new Dictionary <string, string>();
foreach (SoapMessagePart part in input.Parts)
{
parameters.Add(part.Name, part.Type);
}
bool first = true;
List <Guid> guidList = new List <Guid>();
foreach (var param in parameters)
{
if (param.Value.EndsWith("string"))
{
Guid guid = Guid.NewGuid();
guidList.Add(guid);
url += (first ? "?" : "&") + param.Key + "=" + guid.ToString();
}
first = false;
}
Console.WriteLine("Fuzzing full url: " + url);
int k = 0;
foreach (Guid guid in guidList)
{
string testUrl = url.Replace(guid.ToString(), "fd'sa");
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(testUrl);
string resp = string.Empty;
try
{
using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
resp = rdr.ReadToEnd();
}
catch (WebException ex)
{
using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
resp = rdr.ReadToEnd();
if (resp.Contains("syntax error"))
{
Console.WriteLine("Possible SQL injection vector in parameter: " + input.Parts[k].Name);
}
}
k++;
}
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AdvancedDataController{TWriter}" /> class.
/// </summary>
/// <param name="operation">The operation.</param>
/// <param name="decoratedController">The decorated Controller.</param>
/// <param name="sdmxRetrievalManager">The sdmx Retrieval Manager.</param>
/// <exception cref="System.ArgumentNullException"><see cref="_sdmxRetrievalManager"/> is null.</exception>
/// <exception cref="SdmxSemmanticException">Operation not accepted with query used</exception>
public AdvancedDataController(SoapOperation operation, IController <IComplexDataQuery, TWriter> decoratedController, ISdmxObjectRetrievalManager sdmxRetrievalManager)
: base(decoratedController)
{
if (sdmxRetrievalManager == null)
{
throw new ArgumentNullException("sdmxRetrievalManager");
}
this._sdmxRetrievalManager = sdmxRetrievalManager;
this._rootNode = operation.GetQueryRootElementV21();
}
/// <summary>
/// Invokes the service.
/// </summary>
/// <param name="wsClient">
/// The ws client.
/// </param>
/// <param name="operation">
/// The operation.
/// </param>
/// <param name="request">
/// The request.
/// </param>
/// <param name="response">
/// The response.
/// </param>
/// <param name="schemaVersion">
/// The schema version.
/// </param>
/// <param name="compress">
/// if set to <c>true</c> [compress].
/// </param>
/// <returns>
/// The <see cref="bool"/>.
/// </returns>
public bool InvokeService(SdmxWsClient wsClient, SoapOperation operation, FileInfo request, FileInfo response, SdmxSchemaEnumType schemaVersion, bool compress = false)
{
var sdmxMessage = new FileInfo(Path.Combine(response.DirectoryName ?? string.Empty, response.Name + ".sdmx.xml"));
try
{
wsClient.InvokeService(operation, request, response, compress);
using (var reader = XmlReader.Create(response.FullName, new XmlReaderSettings() {IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true}))
using (var writer = XmlWriter.Create(sdmxMessage.FullName, new XmlWriterSettings() {Encoding = Encoding.UTF8, Indent = true }))
{
SdmxMessageUtil.FindSdmx(reader);
writer.WriteNode(reader, true);
writer.Flush();
}
}
catch (WebException e)
{
_log.Error(e.Message, e);
var webResponse = e.Response;
if (webResponse != null)
{
var tempFileName = Path.GetTempFileName();
_log.ErrorFormat("Logging error at {0}", tempFileName);
WriteResponse(webResponse, tempFileName);
var errorCode = GetErrorCode(tempFileName);
_log.ErrorFormat("Error code : {0} ", errorCode);
_log.Error(File.ReadAllText(tempFileName));
File.Delete(tempFileName);
}
throw;
}
using (IReadableDataLocation location = new FileReadableDataLocation(sdmxMessage))
{
var actualVersion = SdmxMessageUtil.GetSchemaVersion(location);
if (actualVersion != schemaVersion)
{
return false;
}
var actualMessageType = SdmxMessageUtil.GetMessageType(location);
var expectedMessageType = operation.GetMessageType();
if (actualMessageType != expectedMessageType)
{
return false;
}
}
return true;
}
/// <summary>
/// Initializes a new instance of the <see cref="StructureRequestV21AdvancedController{TWriter}"/> class.
/// </summary>
/// <param name="responseGenerator">
/// The response generator.
/// </param>
/// <param name="authStructureSearchManager">
/// The authentication structure search manager.
/// </param>
/// <param name="structureSearchManager">
/// The structure search manager.
/// </param>
/// <param name="principal">
/// The principal.
/// </param>
/// <param name="soapOperation">
/// The SOAP operation.
/// </param>
/// <exception cref="SdmxSemmanticException">
/// Operation not accepted with query used
/// </exception>
public StructureRequestV21AdvancedController(
IResponseGenerator <TWriter, ISdmxObjects> responseGenerator,
IAuthAdvancedMutableStructureSearchManager authStructureSearchManager,
IAdvancedMutableStructureSearchManager structureSearchManager,
DataflowPrincipal principal,
SoapOperation soapOperation)
: base(responseGenerator, principal)
{
this._authStructureSearchManager = authStructureSearchManager;
this._structureSearchManager = structureSearchManager;
SdmxSchema sdmxSchemaV21 = SdmxSchema.GetFromEnum(SdmxSchemaEnumType.VersionTwoPointOne);
this._manager = new QueryParsingManager(sdmxSchemaV21.EnumType);
this._rootNode = soapOperation.GetQueryRootElementV21();
}
/// <summary>
/// The method that handle the processing of the SDMX query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">The XML containing the query bean</param>
/// <param name="soapOperation">The SOAP operation.</param>
/// <param name="baseDataFormat">The base data format.</param>
/// <returns>The queried data in specified format</returns>
private XmlStreamWrapper HandleDataRequest(XmlNode input, SoapOperation soapOperation, BaseDataFormatEnumType baseDataFormat)
{
_logger.DebugFormat(CultureInfo.InvariantCulture, "Received request for {0} for endpoint {1}", soapOperation, this.Endpoint);
IStreamController<XmlWriter> streamController = _dataRequestController.ParseRequest(input, baseDataFormat.GetDataType(SdmxSchemaEnumType.VersionTwo));
return new XmlStreamWrapper(streamController, soapOperation);
}
/// <summary>
/// Builds the Advanced Structure controller for SDMX V21 SOAP.
/// </summary>
/// <param name="principal">
/// The principal.
/// </param>
/// <param name="soapOperation">
/// The SOAP operation.
/// </param>
/// <returns>
/// The <see cref="IController{XmlNode,XmlWriter}"/>.
/// </returns>
public IController<Message, XmlWriter> BuildAdvancedQueryStructureV21(DataflowPrincipal principal, SoapOperation soapOperation)
{
IWriterBuilder<IStructureWriterManager, XmlWriter> structureManagerBuilder = new StructureBuilder(WebServiceEndpoint.StandardEndpoint, _sdmxSchemaV21);
IResponseGenerator<XmlWriter, ISdmxObjects> responseGenerator = new StructureResponseGenerator(structureManagerBuilder, StructureOutputFormatEnumType.SdmxV21StructureDocument);
var structureRequestController = new StructureRequestV21AdvancedController<XmlWriter>(
responseGenerator,
this._authAdvancedMutableStructureSearchManager,
this._advancedMutableStructureSearchManager,
principal,
soapOperation);
return structureRequestController;
}
/// <summary>
/// Gets the response.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <exception cref="System.ArgumentOutOfRangeException">
/// operation;Not valid operation.
/// </exception>
/// <returns>
/// The <see cref="SoapOperationResponse"/>.
/// </returns>
public static SoapOperationResponse GetResponse(this SoapOperation operation)
{
switch (operation)
{
case SoapOperation.Null:
return(SoapOperationResponse.Null);
case SoapOperation.QueryStructure:
return(SoapOperationResponse.QueryStructureResponse);
case SoapOperation.GetCompactData:
return(SoapOperationResponse.GetCompactDataResponse);
case SoapOperation.GetCrossSectionalData:
return(SoapOperationResponse.GetCrossSectionalDataResponse);
case SoapOperation.GetGenericData:
return(SoapOperationResponse.GetGenericDataResponse);
case SoapOperation.GetGenericTimeSeriesData:
return(SoapOperationResponse.GetGenericTimeSeriesDataResponse);
case SoapOperation.GetStructureSpecificData:
return(SoapOperationResponse.GetStructureSpecificDataResponse);
case SoapOperation.GetStructureSpecificTimeSeriesData:
return(SoapOperationResponse.GetStructureSpecificTimeSeriesDataResponse);
case SoapOperation.GetGenericMetadata:
return(SoapOperationResponse.GetGenericMetadataResponse);
case SoapOperation.GetStructureSpecificMetadata:
return(SoapOperationResponse.GetStructureSpecificMetadataResponse);
case SoapOperation.GetStructures:
return(SoapOperationResponse.GetStructuresResponse);
case SoapOperation.GetDataflow:
return(SoapOperationResponse.GetDataflowResponse);
case SoapOperation.GetMetadataflow:
return(SoapOperationResponse.GetMetadataflowResponse);
case SoapOperation.GetDataStructure:
return(SoapOperationResponse.GetDataStructureResponse);
case SoapOperation.GetMetadataStructure:
return(SoapOperationResponse.GetMetadataStructureResponse);
case SoapOperation.GetCategoryScheme:
return(SoapOperationResponse.GetCategorySchemeResponse);
case SoapOperation.GetConceptScheme:
return(SoapOperationResponse.GetConceptSchemeResponse);
case SoapOperation.GetCodelist:
return(SoapOperationResponse.GetCodelistResponse);
case SoapOperation.GetHierarchicalCodelist:
return(SoapOperationResponse.GetHierarchicalCodelistResponse);
case SoapOperation.GetOrganisationScheme:
return(SoapOperationResponse.GetOrganisationSchemeResponse);
case SoapOperation.GetReportingTaxonomy:
return(SoapOperationResponse.GetReportingTaxonomyResponse);
case SoapOperation.GetStructureSet:
return(SoapOperationResponse.GetStructureSetResponse);
case SoapOperation.GetProcess:
return(SoapOperationResponse.GetProcessResponse);
case SoapOperation.GetCategorisation:
return(SoapOperationResponse.GetCategorisationResponse);
case SoapOperation.GetProvisionAgreement:
return(SoapOperationResponse.GetProvisionAgreementResponse);
case SoapOperation.GetConstraint:
return(SoapOperationResponse.GetConstraintResponse);
case SoapOperation.GetDataSchema:
return(SoapOperationResponse.GetDataSchemaResponse);
case SoapOperation.GetMetadataSchema:
return(SoapOperationResponse.GetMetadataSchemaResponse);
case SoapOperation.SubmitStructure:
return(SoapOperationResponse.SubmitStructureResponse);
default:
throw new ArgumentOutOfRangeException("operation", operation, "Not valid operation.");
}
}
/// <summary>
/// Writes the response.
/// </summary>
/// <param name="soapOperation">The SOAP operation.</param>
/// <param name="controller">The controller.</param>
/// <returns>The <see cref="Message"/>.</returns>
private Message WriteResponse(SoapOperation soapOperation, IStreamController<XmlWriter> controller)
{
var format = new SoapFormatMessage(soapOperation, _messageFaultBuilder, SoapNamespaces.SdmxV21);
return this._messageBuilderManager.GetResponse<SdmxMessageSoap, XmlWriter>(format, controller);
}
/// <summary>
/// The method that handle the processing of the sdmx query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">
/// The xml containing the SDMX Query
/// </param>
/// <param name="controller">
/// The Controller of the request
/// </param>
/// <param name="xmlQualifiedName">
/// Name of the XML qualified.
/// </param>
/// <param name="operation">
/// The operation.
/// </param>
/// <returns>
/// The queried data in specified format
/// </returns>
/// <exception cref="System.ServiceModel.Web.WebFaultException">
/// Internal server error.
/// </exception>
private static Message HandleRequest(Message input, IController <Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation operation)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(CultureInfo.InvariantCulture, "Request: {0}\n", input);
}
try
{
IStreamController <XmlWriter> streamController = controller.ParseRequest(input);
WebOperationContext ctx = WebOperationContext.Current;
if (ctx == null)
{
_log.Error("Current WebOperationContext is null. Please check service configuration.");
throw new WebFaultException(HttpStatusCode.InternalServerError);
}
Message message = new SdmxMessageSoap(
streamController,
xmlQualifiedName: xmlQualifiedName,
exceptionHandler: exception => _messageFaultBuilder.BuildException(exception, operation.ToString()));
return(message);
}
catch (Exception e)
{
_log.Error(operation.ToString(), e);
throw _messageFaultBuilder.BuildException(e, operation.ToString());
}
}
/// <summary>
/// Builds the Advanced Structure controller for SDMX V21 SOAP.
/// </summary>
/// <param name="principal">
/// The principal.
/// </param>
/// <param name="soapOperation">
/// The SOAP operation.
/// </param>
/// <returns>
/// The <see cref="IController{XmlNode,XmlWriter}"/>.
/// </returns>
public IController <Message, XmlWriter> BuildAdvancedQueryStructureV21(DataflowPrincipal principal, SoapOperation soapOperation)
{
IWriterBuilder <IStructureWriterManager, XmlWriter> structureManagerBuilder = new StructureBuilder(WebServiceEndpoint.StandardEndpoint, _sdmxSchemaV21);
IResponseGenerator <XmlWriter, ISdmxObjects> responseGenerator = new StructureResponseGenerator(structureManagerBuilder, StructureOutputFormatEnumType.SdmxV21StructureDocument);
var structureRequestController = new StructureRequestV21AdvancedController <XmlWriter>(
responseGenerator,
this._authAdvancedMutableStructureSearchManager,
this._advancedMutableStructureSearchManager,
principal,
soapOperation);
return(structureRequestController);
}
/// <summary>
/// Writes the response.
/// </summary>
/// <param name="soapOperation">The SOAP operation.</param>
/// <param name="streamController">The stream controller.</param>
/// <returns>The <see cref="Message"/>.</returns>
private Message WriteResponse(SoapOperation soapOperation, IStreamController<XmlWriter> streamController)
{
IMessageFormat format = new SoapFormatMessage(soapOperation, this._faultSoapBuilderFactory.GetMessageFaultSoapBuilder(SdmxSchemaEnumType.VersionTwo), this.Ns);
return this._messageBuilderManager.GetResponse<SdmxMessageSoap, XmlWriter>(format, streamController);
}
static void FuzzSoapPort(SoapBinding binding)
{
SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);
foreach (SoapBindingOperation op in binding.Operations)
{
Console.WriteLine("Fuzzing operation: " + op.Name);
SoapOperation po = portType.Operations.Single(p => p.Name == op.Name);
SoapMessage input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);
XNamespace soapNS = "http://schemas.xmlsoap.org/soap/envelope/";
XNamespace xmlNS = op.SoapAction.Replace(op.Name, string.Empty);
XElement soapBody = new XElement(soapNS + "Body");
XElement soapOperation = new XElement(xmlNS + op.Name);
soapBody.Add(soapOperation);
List <Guid> paramList = new List <Guid>();
SoapType type = _wsdl.Types.Single(t => t.Name == input.Parts[0].Element.Split(':')[1]);
foreach (SoapTypeParameter param in type.Parameters)
{
XElement soapParam = new XElement(xmlNS + param.Name);
if (param.Type.EndsWith("string"))
{
Guid guid = Guid.NewGuid();
paramList.Add(guid);
soapParam.SetValue(guid.ToString());
}
soapOperation.Add(soapParam);
}
XDocument soapDoc = new XDocument(new XDeclaration("1.0", "ascii", "true"), new XElement(soapNS + "Envelope", new XAttribute(XNamespace.Xmlns + "soap", soapNS), new XAttribute("xmlns", xmlNS), soapBody));
int k = 0;
foreach (Guid parm in paramList)
{
string testSoap = soapDoc.ToString().Replace(parm.ToString(), "fd'sa");
byte[] data = System.Text.Encoding.ASCII.GetBytes(testSoap);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(_endpoint);
req.Headers["SOAPAction"] = op.SoapAction;
req.Method = "POST";
req.ContentType = "text/xml";
req.ContentLength = data.Length;
using (Stream stream = req.GetRequestStream())
stream.Write(data, 0, data.Length);
string resp = string.Empty;
try
{
using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
resp = rdr.ReadToEnd();
}
catch (WebException ex)
{
using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
resp = rdr.ReadToEnd();
if (resp.Contains("syntax error"))
{
Console.WriteLine("Possible SQL injection vector in parameter: ");
}
Console.Write(type.Parameters[k].Name);
}
k++;
}
}
}
static void FuzzHttpPostPort(SoapBinding binding)
{
SoapPortType portType = _wsdl.PortTypes.Single(pt => pt.Name == binding.Type.Split(':')[1]);
foreach (SoapBindingOperation op in binding.Operations)
{
Console.WriteLine("Fuzzing Operation: " + op.Name);
string url = _endpoint + op.Location;
SoapOperation po = portType.Operations.Single(p => p.Name == op.Name);
SoapMessage input = _wsdl.Messages.Single(m => m.Name == po.Input.Split(':')[1]);
Dictionary <string, string> parameters = new Dictionary <string, string>();
foreach (SoapMessagePart part in input.Parts)
{
parameters.Add(part.Name, part.Type);
}
string postParams = string.Empty;
bool first = true;
List <Guid> guids = new List <Guid>();
foreach (var param in parameters)
{
if (param.Value.EndsWith("string"))
{
Guid guid = Guid.NewGuid();
postParams += (first ? "" : "&") + param.Key + "=" + guid.ToString();
guids.Add(guid);
}
if (first)
{
first = false;
}
}
int k = 0;
foreach (Guid guid in guids)
{
string testParams = postParams.Replace(guid.ToString(), "fd'sa");
byte[] data = System.Text.Encoding.ASCII.GetBytes(testParams);
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);
req.Method = "POST";
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = data.Length;
req.GetRequestStream().Write(data, 0, data.Length);
string resp = string.Empty;
try
{
using (StreamReader rdr = new StreamReader(req.GetResponse().GetResponseStream()))
resp = rdr.ReadToEnd();
}
catch (WebException ex)
{
using (StreamReader rdr = new StreamReader(ex.Response.GetResponseStream()))
resp = rdr.ReadToEnd();
if (resp.Contains("syntax error"))
{
Console.WriteLine("Possible SQL injection vector in parameter: " + input.Parts[k].Name);
}
}
k++;
}
}
}
/// <summary>
/// The method that handle the processing of the SDMX query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">The XML containing the query bean</param>
/// <param name="soapOperation">The SOAP operation.</param>
/// <returns>
/// The queried data in specified format
/// </returns>
private XmlStreamWrapper HandleRequest(XmlNode input, SoapOperation soapOperation)
{
_logger.DebugFormat(CultureInfo.InvariantCulture, "Received request for {0} for endpoint {1}", soapOperation, this.Endpoint);
IStreamController<XmlWriter> streamController = _structureRequestController.ParseRequest(input, this.Endpoint);
return new XmlStreamWrapper(streamController, soapOperation);
}
/// <summary>
/// The method that handle the processing of the sdmx query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">
/// The xml containing the SDMX Query
/// </param>
/// <param name="controller">
/// The Controller of the request
/// </param>
/// <param name="xmlQualifiedName">
/// Name of the XML qualified.
/// </param>
/// <param name="getSoapOperation">
/// The get SOAP operation.
/// </param>
/// <returns>
/// The queried data in specified format
/// </returns>
/// <exception cref="Org.Sdmxsource.Sdmx.Api.Exception.SdmxInternalServerException">
/// Not initialized correctly
/// </exception>
private static Message HandleRequest(Message input, IController<Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation getSoapOperation)
{
try
{
IStreamController<XmlWriter> streamController = controller.ParseRequest(input);
WebOperationContext ctx = WebOperationContext.Current;
if (ctx == null)
{
_log.Error("Current WebOperationContext is null. Please check service configuration.");
throw new SdmxInternalServerException("Not initialized correctly");
}
Message message = new SdmxMessageSoap(streamController, exception => _messageFaultBuilder.BuildException(exception, getSoapOperation.ToString()), xmlQualifiedName);
return message;
}
catch (Exception e)
{
_log.Error(xmlQualifiedName, e);
////return Message.CreateMessage(MessageVersion.Soap11, _messageFaultBuilder.Build(e, xmlQualifiedName.Name), string.Empty);
throw _messageFaultBuilder.BuildException(e, getSoapOperation.ToString());
}
}
/// <summary>
/// The method that handle the processing of the sdmx query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">
/// The xml containing the SDMX Query
/// </param>
/// <param name="controller">
/// The Controller of the request
/// </param>
/// <param name="xmlQualifiedName">
/// Name of the XML qualified.
/// </param>
/// <param name="getSoapOperation">
/// The get SOAP operation.
/// </param>
/// <returns>
/// The queried data in specified format
/// </returns>
/// <exception cref="Org.Sdmxsource.Sdmx.Api.Exception.SdmxInternalServerException">
/// Not initialized correctly
/// </exception>
private static Message HandleRequest(Message input, IController <Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation getSoapOperation)
{
try
{
IStreamController <XmlWriter> streamController = controller.ParseRequest(input);
WebOperationContext ctx = WebOperationContext.Current;
if (ctx == null)
{
_log.Error("Current WebOperationContext is null. Please check service configuration.");
throw new SdmxInternalServerException("Not initialized correctly");
}
Message message = new SdmxMessageSoap(streamController, exception => _messageFaultBuilder.BuildException(exception, getSoapOperation.ToString()), xmlQualifiedName);
return(message);
}
catch (Exception e)
{
_log.Error(xmlQualifiedName, e);
////return Message.CreateMessage(MessageVersion.Soap11, _messageFaultBuilder.Build(e, xmlQualifiedName.Name), string.Empty);
throw _messageFaultBuilder.BuildException(e, getSoapOperation.ToString());
}
}
/// <summary>
/// Initializes a new instance of the <see cref="Body"/> class.
/// </summary>
/// <param name="operation">The operation for this request.</param>
public Body(SoapOperation operation)
{
this.Action = operation.Action;
this.Service = operation.Service;
}
/// <summary>
/// The method that handle the processing of the sdmx query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">
/// The xml containing the SDMX Query
/// </param>
/// <param name="controller">
/// The Controller of the request
/// </param>
/// <param name="xmlQualifiedName">
/// Name of the XML qualified.
/// </param>
/// <param name="operation">
/// The operation.
/// </param>
/// <returns>
/// The queried data in specified format
/// </returns>
/// <exception cref="System.ServiceModel.Web.WebFaultException">
/// Internal server error.
/// </exception>
private static Message HandleRequest(Message input, IController<Message, XmlWriter> controller, XmlQualifiedName xmlQualifiedName, SoapOperation operation)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(CultureInfo.InvariantCulture, "Request: {0}\n", input);
}
try
{
IStreamController<XmlWriter> streamController = controller.ParseRequest(input);
WebOperationContext ctx = WebOperationContext.Current;
if (ctx == null)
{
_log.Error("Current WebOperationContext is null. Please check service configuration.");
throw new WebFaultException(HttpStatusCode.InternalServerError);
}
Message message = new SdmxMessageSoap(
streamController,
xmlQualifiedName: xmlQualifiedName,
exceptionHandler: exception => _messageFaultBuilder.BuildException(exception, operation.ToString()));
return message;
}
catch (Exception e)
{
_log.Error(operation.ToString(), e);
throw _messageFaultBuilder.BuildException(e, operation.ToString());
}
}
/// <summary>
/// Initializes a new instance of the <see cref="DispatchBodyElementAttribute"/> class.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <param name="ns">
/// The namespace.
/// </param>
public DispatchBodyElementAttribute(SoapOperation operation, string ns)
{
this._qname = new XmlQualifiedName(operation.ToString(), ns);
}
/// <summary>
/// Gets the query root element for SDMX V21.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <returns>
/// The query root element qualified name; otherwise <see cref="XmlQualifiedName.Empty"/>
/// </returns>
public static XmlQualifiedName GetQueryRootElementV21(this SoapOperation operation)
{
ElementNameTable element;
switch (operation)
{
case SoapOperation.GetGenericData:
element = ElementNameTable.GenericDataQuery;
break;
case SoapOperation.GetGenericTimeSeriesData:
element = ElementNameTable.GenericTimeSeriesDataQuery;
break;
case SoapOperation.GetStructureSpecificData:
element = ElementNameTable.StructureSpecificDataQuery;
break;
case SoapOperation.GetStructureSpecificTimeSeriesData:
element = ElementNameTable.StructureSpecificTimeSeriesDataQuery;
break;
case SoapOperation.GetGenericMetadata:
element = ElementNameTable.GenericMetadataQuery;
break;
case SoapOperation.GetStructureSpecificMetadata:
element = ElementNameTable.StructureSpecificMetadataQuery;
break;
case SoapOperation.GetStructures:
element = ElementNameTable.StructuresQuery;
break;
case SoapOperation.GetDataflow:
element = ElementNameTable.DataflowQuery;
break;
case SoapOperation.GetMetadataflow:
element = ElementNameTable.MetadataflowQuery;
break;
case SoapOperation.GetDataStructure:
element = ElementNameTable.DataStructureQuery;
break;
case SoapOperation.GetMetadataStructure:
element = ElementNameTable.MetadataStructureQuery;
break;
case SoapOperation.GetCategoryScheme:
element = ElementNameTable.CategorySchemeQuery;
break;
case SoapOperation.GetConceptScheme:
element = ElementNameTable.ConceptSchemeQuery;
break;
case SoapOperation.GetCodelist:
element = ElementNameTable.CodelistQuery;
break;
case SoapOperation.GetHierarchicalCodelist:
element = ElementNameTable.HierarchicalCodelistQuery;
break;
case SoapOperation.GetOrganisationScheme:
element = ElementNameTable.OrganisationSchemeQuery;
break;
case SoapOperation.GetReportingTaxonomy:
element = ElementNameTable.ReportingTaxonomyQuery;
break;
case SoapOperation.GetStructureSet:
element = ElementNameTable.StructureSetQuery;
break;
case SoapOperation.GetProcess:
element = ElementNameTable.ProcessQuery;
break;
case SoapOperation.GetCategorisation:
element = ElementNameTable.CategorisationQuery;
break;
case SoapOperation.GetProvisionAgreement:
element = ElementNameTable.ProvisionAgreementQuery;
break;
case SoapOperation.GetConstraint:
element = ElementNameTable.ConstraintQuery;
break;
case SoapOperation.GetDataSchema:
element = ElementNameTable.DataSchemaQuery;
break;
case SoapOperation.GetMetadataSchema:
element = ElementNameTable.MetadataSchemaQuery;
break;
case SoapOperation.SubmitStructure:
element = ElementNameTable.SubmitStructureResponse;
break;
default:
return(XmlQualifiedName.Empty);
}
return(new XmlQualifiedName(NameTableCache.GetElementName(element), SdmxConstants.MessageNs21));
}
/// <summary>
/// Invokes the service error assert.
/// </summary>
/// <param name="wsClient">
/// The WS client.
/// </param>
/// <param name="operation">
/// The operation.
/// </param>
/// <param name="request">
/// The request.
/// </param>
/// <param name="expectedError">
/// The expected error.
/// </param>
/// <param name="compress">
/// if set to <c>true</c> [compress].
/// </param>
/// <returns>
/// True if the returned error matches the <paramref name="expectedError"/> ; otherwise false.
/// </returns>
public bool InvokeServiceErrorAssert(SdmxWsClient wsClient, SoapOperation operation, FileInfo request, int expectedError, bool compress = false)
{
var response = new FileInfo(Path.GetTempFileName());
try
{
wsClient.InvokeService(operation, request, response, compress);
}
catch (WebException e)
{
if (CheckErrorResponse(expectedError, e))
{
return true;
}
}
response.Refresh();
response.Delete();
return false;
}
/// <summary>
/// Invokes the service.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <param name="request">
/// The request.
/// </param>
/// <param name="response">
/// The response.
/// </param>
/// <param name="compress">
/// The compress.
/// </param>
public void InvokeService(SoapOperation operation, FileInfo request, FileInfo response, bool compress = false)
{
try
{
if (response.DirectoryName != null)
{
Directory.CreateDirectory(response.DirectoryName);
}
var requestInfo = new RequestInfo { Operation = operation, Request = request, Response = response, Compress = compress };
var operationName = requestInfo.Operation.ToString();
requestInfo.Parameter = this._webServiceInfo.WsdlSettings.GetParameterName(operationName);
requestInfo.SoapAction = this._webServiceInfo.WsdlSettings.GetSoapAction(operationName);
this.SendRequest(requestInfo);
}
catch (Exception ex)
{
_log.Error("Error while sending request", ex);
throw;
}
}
/// <summary>
/// The method that handle the processing of the SDMX query and orchestrate the
/// calls to different building blocks.
/// </summary>
/// <param name="input">The xml containing the query bean</param>
/// <param name="controller">The Controller of the request</param>
/// <param name="soapOperation">The SOAP operation.</param>
/// <returns>
/// The queried data in specified format
/// </returns>
private XmlStreamWrapper HandleRequest(XmlNode input, IController <XmlNode, XmlWriter> controller, SoapOperation soapOperation)
{
_logger.DebugFormat(CultureInfo.InvariantCulture, "Received request for {0} for endpoint {1}", soapOperation, this.Endpoint);
IStreamController <XmlWriter> streamController = controller.ParseRequest(input);
return(new XmlStreamWrapper(streamController, soapOperation));
}
/// <summary>
/// Initializes a new instance of the <see cref="DispatchBodyElementAttribute"/> class.
/// </summary>
/// <param name="operation">
/// The operation.
/// </param>
/// <param name="ns">
/// The namespace.
/// </param>
public DispatchBodyElementAttribute(SoapOperation operation, string ns)
{
this._qname = new XmlQualifiedName(operation.ToString(), ns);
}
