C# (CSharp) DOTNETIDS IDSPageSettings Beispiele

Beispiel #1

Datei: WebScanRunner.cs Projekt: ericjuden/.NetIDS

        private void RunScan()
        {
            //Determine if we already have a Page Settings object
            IDSPageSettings ips;

            _settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);

            if (ips == null)
            {
                ips = new IDSPageSettings(_settings);
                _settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
            }

            RunScan(ips);
        }

Beispiel #2

Datei: WebScanRunner.cs Projekt: IndiansIncredible/.NetIDS

        private void RunScan()
        {
            //Determine if we already have a Page Settings object
            IDSPageSettings ips;

            _settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);

            if (ips == null)
            {
                ips = new IDSPageSettings(_settings);
                _settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
            }

            RunScan(ips);
        }

Beispiel #3

Datei: WebScanRunner.cs Projekt: ericjuden/.NetIDS

        public void Run()
        {
            //Determine if we already have a Page Settings object
            IDSPageSettings ips;

            _settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);

            if (ips == null)
            {
                ips = new IDSPageSettings(_settings);
                _settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
            }

            //Wire up the web.config page callbacks
            foreach (IDSCallback callback in ips.Callbacks)
            {
                Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
                SetupBinding(t, callback.Method);
            }

            if (ips.OnIDSEvent != null)
            {
                foreach (Delegate d in ips.OnIDSEvent.GetInvocationList())
                {
                    OnIDSEvents += (IDSEvent)d;
                }
            }

            //Wire up the web.config global callbacks
            foreach (IDSCallback callback in _settings.Callbacks)
            {
                Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
                SetupBinding(t, callback.Method);
            }

            //If _callScan is false then the firing mechanism will run in
            //the page_preinit event of a page/page subclass
            if (!_callScan)
            {
                return;
            }

            RunScan(ips);
        }

Beispiel #4

Datei: SecurePage.cs Projekt: IndiansIncredible/.NetIDS

        /// <summary>
        /// The Secure Page's OnInit event handler
        /// </summary>
        /// <param name="e">The Page Init EventArgs</param>
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            //Create a config object
            IDSGlobalSettings settings = new IDSGlobalSettings();
            IDSPageSettings pageSettings = new IDSPageSettings(settings);

            pageSettings.OnIDSEvent = OnIDSEvent;
            pageSettings.CookieExclusions = _exclusions_cookies;
            pageSettings.PostExclusions = _exclusions_post;
            pageSettings.HeaderExclusions = _exclusions_headers;
            pageSettings.GetExclusions = _exclusions_get;
            pageSettings.DecodeJS = _decodeJS;
            pageSettings.DecodeUTF7 = _decodeUTF7;

            settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings);

            WebScanRunner wsr = new WebScanRunner(settings);
            wsr.Run();
        }

Beispiel #5

        /// <summary>
        /// The Secure Page's OnInit event handler
        /// </summary>
        /// <param name="e">The Page Init EventArgs</param>
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            //Create a config object
            IDSGlobalSettings settings     = new IDSGlobalSettings();
            IDSPageSettings   pageSettings = new IDSPageSettings(settings);

            pageSettings.OnIDSEvent       = OnIDSEvent;
            pageSettings.CookieExclusions = _exclusions_cookies;
            pageSettings.PostExclusions   = _exclusions_post;
            pageSettings.HeaderExclusions = _exclusions_headers;
            pageSettings.GetExclusions    = _exclusions_get;
            pageSettings.DecodeJS         = _decodeJS;
            pageSettings.DecodeUTF7       = _decodeUTF7;

            settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings);

            WebScanRunner wsr = new WebScanRunner(settings);

            wsr.Run();
        }

Beispiel #6

        public object Create(object parent,
                             object configContext, System.Xml.XmlNode section)
        {
            IDSGlobalSettings settings = new IDSGlobalSettings();
            IDSBaseSettings   ibs      = (IDSBaseSettings)settings;

            //Load base IDS settings
            LoadBaseSettings(ref ibs, section);

            //Get page exclusions
            XmlNodeList xnl = section.SelectNodes("excludepage");

            foreach (XmlNode n in xnl)
            {
                string pagetoexclude = GetAttribute(n, "page", true);
                settings.ExcludedPages.Add(pagetoexclude);
            }

            //Get regex exclusions
            xnl = section.SelectNodes("excluderegex");

            foreach (XmlNode n in xnl)
            {
                string pattern    = GetAttribute(n, "pattern", true);
                bool   ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true));
                settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase));
            }

            //Get the global callbacks
            xnl = section.SelectNodes("callback");

            foreach (XmlNode n in xnl)
            {
                string method           = GetAttribute(n, "method", true);
                string namespaceandtype = GetAttribute(n, "namespaceandtype", true);
                string assembly         = GetAttribute(n, "assembly", true);

                settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
            }

            //Get page settings
            xnl = section.SelectNodes("pagesetup");

            foreach (XmlNode n in xnl)
            {
                string pagename = GetAttribute(n, "page", true);

                //Create a page settings object
                IDSPageSettings ips = new IDSPageSettings(settings);

                try
                {
                    settings.PageSettings.Add(pagename, ips);
                }
                catch (Exception e)
                {
                    throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e);
                }

                //Populate base data
                IDSBaseSettings pagebase = (IDSBaseSettings)ips;
                LoadBaseSettings(ref pagebase, n);

                //Look for page callbacks
                XmlNodeList pagecallbacks = n.SelectNodes("callback");

                foreach (XmlNode pagecallback in pagecallbacks)
                {
                    string method           = GetAttribute(pagecallback, "method", true);
                    string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true);
                    string assembly         = GetAttribute(pagecallback, "assembly", true);

                    ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
                }
            }

            return(settings);
        }

Beispiel #7

Datei: WebScanRunner.cs Projekt: ericjuden/.NetIDS

        private void RunScan(IDSPageSettings ips)
        {
            HttpRequest  Request  = HttpContext.Current.Request;
            HttpResponse Response = HttpContext.Current.Response;

            //Perform scanning
            //Add some default exclusions
            if (HttpContext.Current.Request.Url.Host == "localhost")
            {
                _settings.HeaderExclusions.Add("Host");
            }

            //Hook the output
            if (ips.ScanOutput)
            {
                /*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath);
                 * _oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady);
                 * _oF.JSDecode = _settings.DecodeJS;
                 * _oF.UTF7Decode = _settings.DecodeUTF7;
                 * Response.Filter = _oF;*/
            }

            //Pass GET, POST, COOKIES and HEADERS through the IDS
            DOTNETIDS.IDS ids_get;

            if (_settings.FilterXmlPath != string.Empty)
            {
                //Load from file
                ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath);
            }
            else
            {
                //Load from embedded resource
                ids_get = new DOTNETIDS.IDS(Request.QueryString);
            }

            DOTNETIDS.IDS ids_post    = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post);
            DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get);
            DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header);

            ips.GetExclusions.AddRange(ips.Exclusions);
            ips.PostExclusions.AddRange(ips.Exclusions);
            ips.CookieExclusions.AddRange(ips.Exclusions);
            ips.HeaderExclusions.AddRange(ips.Exclusions);

            ips.GetExclusions.AddRange(_settings.Exclusions);
            ips.PostExclusions.AddRange(_settings.Exclusions);
            ips.CookieExclusions.AddRange(_settings.Exclusions);
            ips.HeaderExclusions.AddRange(_settings.Exclusions);

            ips.GetExclusions.AddRange(_settings.GetExclusions);
            ips.HeaderExclusions.AddRange(_settings.HeaderExclusions);
            ips.PostExclusions.AddRange(_settings.PostExclusions);
            ips.CookieExclusions.AddRange(_settings.CookieExclusions);

            ids_get.Exclusions.AddRange(ips.GetExclusions);
            ids_post.Exclusions.AddRange(ips.PostExclusions);
            ids_cookies.Exclusions.AddRange(ips.CookieExclusions);
            ids_headers.Exclusions.AddRange(ips.HeaderExclusions);

            ids_get.JSDecode     = ips.DecodeJS;
            ids_post.JSDecode    = ips.DecodeJS;
            ids_cookies.JSDecode = ips.DecodeJS;
            ids_headers.JSDecode = ips.DecodeJS;

            ids_get.UTF7Decode     = ips.DecodeUTF7;
            ids_post.UTF7Decode    = ips.DecodeUTF7;
            ids_cookies.UTF7Decode = ips.DecodeUTF7;
            ids_headers.UTF7Decode = ips.DecodeUTF7;


            //Run the IDS on each component
            if (ips.ScanGet)
            {
                ids_get.Run();
                if (OnIDSEvents != null)
                {
                    OnIDSEvents(ids_get.Report, this);
                }
            }

            if (ips.ScanPost)
            {
                ids_post.Run();
                if (OnIDSEvents != null)
                {
                    OnIDSEvents(ids_post.Report, this);
                }
            }

            if (ips.ScanCookies)
            {
                ids_cookies.Run();
                if (OnIDSEvents != null)
                {
                    OnIDSEvents(ids_cookies.Report, this);
                }
            }

            if (ips.ScanHeaders)
            {
                ids_headers.Run();
                if (OnIDSEvents != null)
                {
                    OnIDSEvents(ids_headers.Report, this);
                }
            }
        }

Beispiel #8

Datei: WebScanRunner.cs Projekt: IndiansIncredible/.NetIDS

        private void RunScan(IDSPageSettings ips)
        {
            HttpRequest Request = HttpContext.Current.Request;
            HttpResponse Response = HttpContext.Current.Response;

            //Perform scanning
            //Add some default exclusions
            if (HttpContext.Current.Request.Url.Host == "localhost")
            {
                _settings.HeaderExclusions.Add("Host");
            }

            //Hook the output
            if (ips.ScanOutput)
            {
                /*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath);
                _oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady);
                _oF.JSDecode = _settings.DecodeJS;
                _oF.UTF7Decode = _settings.DecodeUTF7;
                Response.Filter = _oF;*/
            }

            //Pass GET, POST, COOKIES and HEADERS through the IDS
            DOTNETIDS.IDS ids_get;

            if (_settings.FilterXmlPath != string.Empty)
            {
                //Load from file
                ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath);
            }
            else
            {
                //Load from embedded resource
                ids_get = new DOTNETIDS.IDS(Request.QueryString);
            }
            
            DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post);
            DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get);
            DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header);

            ips.GetExclusions.AddRange(ips.Exclusions);
            ips.PostExclusions.AddRange(ips.Exclusions);
            ips.CookieExclusions.AddRange(ips.Exclusions);
            ips.HeaderExclusions.AddRange(ips.Exclusions);
            
            ips.GetExclusions.AddRange(_settings.Exclusions);
            ips.PostExclusions.AddRange(_settings.Exclusions);
            ips.CookieExclusions.AddRange(_settings.Exclusions);
            ips.HeaderExclusions.AddRange(_settings.Exclusions);
            
            ips.GetExclusions.AddRange(_settings.GetExclusions);
            ips.HeaderExclusions.AddRange(_settings.HeaderExclusions);
            ips.PostExclusions.AddRange(_settings.PostExclusions);
            ips.CookieExclusions.AddRange(_settings.CookieExclusions);

            ids_get.Exclusions.AddRange(ips.GetExclusions);
            ids_post.Exclusions.AddRange(ips.PostExclusions);
            ids_cookies.Exclusions.AddRange(ips.CookieExclusions);
            ids_headers.Exclusions.AddRange(ips.HeaderExclusions);

            ids_get.JSDecode = ips.DecodeJS;
            ids_post.JSDecode = ips.DecodeJS;
            ids_cookies.JSDecode = ips.DecodeJS;
            ids_headers.JSDecode = ips.DecodeJS;

            ids_get.UTF7Decode = ips.DecodeUTF7;
            ids_post.UTF7Decode = ips.DecodeUTF7;
            ids_cookies.UTF7Decode = ips.DecodeUTF7;
            ids_headers.UTF7Decode = ips.DecodeUTF7;


            //Run the IDS on each component
            if (ips.ScanGet)
            {
                ids_get.Run();
                if (OnIDSEvents != null) OnIDSEvents(ids_get.Report, this);
            }

            if (ips.ScanPost)
            {
                ids_post.Run();
                if (OnIDSEvents != null) OnIDSEvents(ids_post.Report, this);
            }

            if (ips.ScanCookies)
            {
                ids_cookies.Run();
                if (OnIDSEvents != null) OnIDSEvents(ids_cookies.Report, this);
            }

            if (ips.ScanHeaders)
            {
                ids_headers.Run();
                if (OnIDSEvents != null) OnIDSEvents(ids_headers.Report, this);
            }
        }

Beispiel #9

Datei: WebScanRunner.cs Projekt: IndiansIncredible/.NetIDS

        public void Run()
        {
            //Determine if we already have a Page Settings object
            IDSPageSettings ips;

            _settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);

            if (ips == null)
            {
                ips = new IDSPageSettings(_settings);
                _settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
            }

            //Wire up the web.config page callbacks
            foreach (IDSCallback callback in ips.Callbacks)
            {
                Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
                SetupBinding(t, callback.Method);
            }
            
            if (ips.OnIDSEvent != null)
            {
                foreach (Delegate d in ips.OnIDSEvent.GetInvocationList())
                {
                    OnIDSEvents += (IDSEvent)d;
                }
            }

            //Wire up the web.config global callbacks
            foreach (IDSCallback callback in _settings.Callbacks)
            {
                Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
                SetupBinding(t, callback.Method);
            }

            //If _callScan is false then the firing mechanism will run in
            //the page_preinit event of a page/page subclass
            if (!_callScan) return;

            RunScan(ips);
        }

Beispiel #10

Datei: IDSSettings.cs Projekt: IndiansIncredible/.NetIDS

        public object Create(object parent,
               object configContext, System.Xml.XmlNode section)
        {
            IDSGlobalSettings settings = new IDSGlobalSettings();
            IDSBaseSettings ibs = (IDSBaseSettings)settings;

            //Load base IDS settings
            LoadBaseSettings(ref ibs, section);

            //Get page exclusions
            XmlNodeList xnl = section.SelectNodes("excludepage");

            foreach (XmlNode n in xnl)
            {
                string pagetoexclude = GetAttribute(n, "page", true);
                settings.ExcludedPages.Add(pagetoexclude);
            }

            //Get regex exclusions
            xnl = section.SelectNodes("excluderegex");

            foreach (XmlNode n in xnl)
            {
                string pattern = GetAttribute(n, "pattern", true);
                bool ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true));
                settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase));
            }
            
            //Get the global callbacks
            xnl = section.SelectNodes("callback");

            foreach (XmlNode n in xnl)
            {
                string method = GetAttribute(n, "method", true);
                string namespaceandtype = GetAttribute(n, "namespaceandtype", true);
                string assembly = GetAttribute(n, "assembly", true);

                settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
            }

            //Get page settings
            xnl = section.SelectNodes("pagesetup");

            foreach (XmlNode n in xnl)
            {
                string pagename = GetAttribute(n, "page", true);

                //Create a page settings object
                IDSPageSettings ips = new IDSPageSettings(settings);

                try
                {
                    settings.PageSettings.Add(pagename, ips);
                }
                catch (Exception e)
                {
                    throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e);
                }

                //Populate base data
                IDSBaseSettings pagebase = (IDSBaseSettings)ips;
                LoadBaseSettings(ref pagebase, n);

                //Look for page callbacks
                XmlNodeList pagecallbacks = n.SelectNodes("callback");

                foreach (XmlNode pagecallback in pagecallbacks)
                {
                    string method = GetAttribute(pagecallback, "method", true);
                    string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true);
                    string assembly = GetAttribute(pagecallback, "assembly", true);

                    ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
                }
            }
            
            return settings;
        }