Beispiel #1
0
        private static string BuildComparisonLine(string name, System.Web.HttpCookieCollection a, IRequestCookieCollection b)
        {
            var result = new StringBuilder();

            result.AppendLine(BuildComparisonLine(name, a.Count, b.Count));

            foreach (var key in a.AllKeys)
            {
                if (b.ContainsKey(key))
                {
                    result.AppendLine(BuildComparisonLine(" " + key, a[key], b[key]));
                }
                else
                {
                    result.AppendLine(BuildComparisonLine(" " + key, a[key], "null"));
                }
            }

            foreach (var keyValue in b)
            {
                var valueFound = a.Get(keyValue.Key);
                if (valueFound == null)
                {
                    result.AppendLine(BuildComparisonLine(" " + keyValue.Key, "null", keyValue.Value));
                }
            }

            return(result.ToString());
        }
Beispiel #2
0
        /// <summary>
        /// Perform intrusion detection
        /// </summary>
        /// <returns>An intrusion detection report</returns>
        public Report Run()
        {
            if (_nullByteFilter)
            {
                //Load internal filters
                NullByteFilter nbf = new NullByteFilter();
                _store.AddFilter(nbf);
            }


            if (IsForm)
            {
                Exclusions.Add("__VIEWSTATE");
                Exclusions.Add("__EVENTTARGET");
                Exclusions.Add("__EVENTARGUMENT");
                Exclusions.Add("__EVENTVALIDATION");
            }

            if (IsCookie)
            {
                Exclusions.Add(".ASPROLES");
            }

            if (IsHeader)
            {
                Exclusions.Add("Accept");
                Exclusions.Add("Cookie");
                Exclusions.Add("Content-Type");
            }

            if (!IsRaw)
            {
                if (_request != null)
                {
                    //Do POST and GET
                    foreach (string key in _request.Keys)
                    {
                        if (!Exclusions.Contains(key))
                        {
                            string val = _request.Get(key);
                            Iterate(key, val);
                        }
                    }
                }
                else
                {
                    //Process cookies
                    foreach (string key in _cookies.AllKeys)
                    {
                        if (!Exclusions.Contains(key))
                        {
                            string val = _cookies.Get(key).Value;
                            Iterate(key, val);
                        }
                    }
                }
            }
            else
            {
                //Do a raw request (OutputFilter)
                string key = "Page Output";
                string val = ConcatControls();

                if (!Exclusions.Contains(key))
                {
                    Iterate(key, val);
                }
            }

            _report.Exclusions = _exclusions;

            return(_report);
        }