Inheritance: IInstanceInfo
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> responses = new List<string>();

            var dbService = instanceInfo.DBService;
            var taskRowCount = dbService.ExecuteAndGetScalar<int>("SELECT count(*) FROM CMS_WebFarmTask WHERE TaskCreated < DATEADD(hour, -24, GETDATE());");

            if (taskRowCount > 0)
            {
                responses.Add("There are tasks over 24 hours old in the web farm (" + taskRowCount + " tasks exactly).");
                return new ModuleResults
                {
                    Result = responses,
                    ResultComment = "There are tasks that are over 24 hours old in the CMS_WebFarmTask table. Please check the health of the web far",
                    Status = Status.Error,
                };

            }

            return new ModuleResults
            {
                ResultComment = "There are no aged tasks pending.",
                Status = Status.Good
            };
        }
		public HttpResponseMessage GetSetupModulesMetadata([FromUri]InstanceConfig config)
		{
			try
			{
				var instance = new InstanceInfo(config);
				var version = instance.Version;

				// Get all modules of given version which are in 'Setup' category
				var modules = ModuleLoader.Modules
					.Select(x => x.GetModuleMetadata())
					.Where(x => x.SupportedVersions.Contains(version))
					.Where(x => x.Category != null && x.Category.StartsWith("Setup", StringComparison.InvariantCultureIgnoreCase));

				if (modules.Count() == 0)
				{
					return Request.CreateResponse(HttpStatusCode.BadRequest,
						String.Format("There are no modules available for version {0}.", version));
				}

				return Request.CreateResponse(HttpStatusCode.OK, modules);
			}
			catch (Exception e)
			{
				return Request.CreateResponse(HttpStatusCode.BadRequest, e.Message);
			}
		}
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> report = new List<string>();

            bool isWebSite = ProjectCodeFilesHelper.Current.IsWebSiteProject(instanceInfo.Directory);

            List<string> customerCodeFiles = ProjectCodeFilesHelper.Current.GetCustomerProjectCodeFiles(instanceInfo.Directory, instanceInfo.Version, isWebSite, true).ToList();
            if (customerCodeFiles.Count == 0)
            {
                return new ModuleResults
                {
                    ResultComment = "No customer files found.",
                    Status = Status.Good
                };
            }

            report.AddRange(customerCodeFiles);

            VulnerabilityAnalysisResults results = new VulnerabilityAnalysisResults();
            AnalyseVulnerabilities(instanceInfo.Directory, customerCodeFiles, ref results);
            string resultString = PrintResults(results);
            if (!String.IsNullOrEmpty(resultString))
            {
                report.Add(String.Empty);
                report.AddRange(resultString.Split(new[] { "<br />" }, StringSplitOptions.None));
            }

            return new ModuleResults
            {
                Result = report,
                Trusted = true
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            try
            {
                ProbeHelper.InstallProbe(instanceInfo.Directory);

                var uri = new Uri(instanceInfo.Uri, "CMSPages/KInspectorProbe.aspx");
                HttpWebRequest request = WebRequest.CreateHttp(uri);
                using (WebResponse response = request.GetResponse())
                {
                    DataTable result = new DataTable();
                    result.ReadXml(response.GetResponseStream());

                    return new ModuleResults
                    {
                        Result = result,
                    };
                }
            }
            catch (Exception e)
            {
                // Probably 404
                return new ModuleResults
                {
                    Result = e.ToString(),
                    Status = Status.Error
                };
            }
            finally
            {
                ProbeHelper.UninstallProbe(instanceInfo.Directory);
            }
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("AttachmentsBySizeModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("ApplicationRestartsModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetDataSetFromFile("Setup/SmtpServerSetupModule.sql");

            return new ModuleResults
            {
                Result = results
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetPrintsFromFile("CMSFileModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetPrintsFromFile("Setup/SiteDomainAliasesSetupModule.sql");

            return new ModuleResults
            {
                Result = results
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("SecuritySettingsModule.sql");
            List<DataRow> rowsToDelete = new List<DataRow>();

            // Iterate through and check int/double settings 
            foreach (DataRow row in results.Rows)
            {
                if (!String.IsNullOrEmpty(row["Key value"].ToString()))
                {
                    switch (row["Key name"].ToString()) 
                    {
                        case "CMSResetPasswordInterval":
                            if (GetValueAndCheckInterval(row, 1, 12))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        case "CMSPolicyMinimalLength":
                            if (GetValueAndCheckInterval(row, 8))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        case "CMSPolicyNumberOfNonAlphaNumChars":
                            if (GetValueAndCheckInterval(row, 2))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        case "CMSMaximumInvalidLogonAttempts":
                            if (GetValueAndCheckInterval(row, 0, 5))
                            {
                                rowsToDelete.Add(row); 
                            }
                            break;
                        default: break;
                    }
                }
            }

            foreach(DataRow row in rowsToDelete)
            {
                results.Rows.Remove(row);
            }

            return new ModuleResults
            {
                Result = results,
                ResultComment = "",
                Status = Status.Warning,
            };
        }
        public void EnsureTrailingSlash(string url, string expected)
        {
            var instanceConfig = new InstanceConfig
            {
                Url = url
            };
            
            var instanceInfo = new InstanceInfo(instanceConfig);

            Assert.AreEqual(expected, instanceInfo.Uri.AbsoluteUri);
        }
Beispiel #12
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var sitemaps = dbService.ExecuteAndGetDataSetFromFile("SiteMapModule.sql");

            // Postprocess sitemaps of all sites
            foreach (DataTable sitemap in sitemaps.Tables)
            {
                bool outputCacheEnabled = dbService.GetSetting<bool>("CMSEnableOutputCache", sitemap.TableName);

                // process every row of the sitemap
                foreach (DataRow row in sitemap.Rows)
                {
                    // Get effective value of columns that can be inherited
                    foreach (var column in ColumnsWithInheritance)
                    {
                        string origColName = column.Key + "Orig";

                        // Add new column to the table for storing original column value
                        if (!sitemap.Columns.Contains(origColName))
                        {
                            int colIndex = sitemap.Columns.IndexOf(column.Key);
                            sitemap.Columns.Add(origColName).SetOrdinal(colIndex);
                        }

                        // Copy original value to the new column
                        row[origColName] = row[column.Key];

                        if (column.Key == "OutputCache" && !outputCacheEnabled)
                        {
                            // Special case - output cache can be disabled in settings and then effective value is always 0
                            row[column.Key] = 0;
                        }
                        else
                        {
                            // Set effective value to the column
                            row[column.Key] = GetEffectiveColumnResult(sitemap, row, column.Key, column.Value);
                        }
                    }
                }
                
                // All post processing for the table is done - remove columns that might not be visible
                sitemap.Columns.Cast<DataColumn>()
                    .Select(x => x.ColumnName)
                    .Except(VisibleColumns)
                    .ToList()
                    .ForEach(x => sitemap.Columns.Remove(x));
            }

            return new ModuleResults
            {
                Result = sitemaps,
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("WebPartsInTransformationsModule.sql");

            return new ModuleResults
            {
                Result = results,
                Status = results.Rows.Count > 0 ? Status.Error : Status.Good
            };
        }
Beispiel #14
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> responses = new List<string>();

            var dbService = instanceInfo.DBService;
            var activityCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Activity");
            if (activityCount > 10000000)
            {
                responses.Add("There are over 10 000 000 (" + activityCount + " exactly) activities in the database. Consider using deleting old page visits or setting up the old contact's deletion");
            }

            var contactsCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact");
            if (contactsCount > 1000000)
            {
                responses.Add("There are over 1 000 000 (" + contactsCount + " exactly) contacts in the database. Consider using old contact's deletion");

                var anonymousCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact WHERE ContactLastName LIKE 'Anonymous%'");
                var mergedCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact WHERE ContactMergedWithContactID NOT NULL");

                responses.Add("Out of these " + contactsCount + " contacts, " + anonymousCount + " are anonymous and " + mergedCount + " are merged");
            }

            var contactGroupCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_ContactGroup");
            if (contactGroupCount > 50)
            {
                responses.Add("There are over 50 contact groups (" + contactGroupCount + " exactly). This might affect performance, are all of those really neccessary?");
            }

            var scoringRuleCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Rule");
            if (scoringRuleCount > 50)
            {
                responses.Add("There are over 50 scoring rules (" + scoringRuleCount + " exactly). This might affect performance, are all of those really neccessary?");
            }

            if (responses.Any())
            {
                return new ModuleResults
                {
                    Result = responses,
                    ResultComment = @"Check the counts in the result table. Exceeding the limits doesn't mean it must be wrong. 
It depends on other things like traffic, hardware and so on.",
                    Status = Status.Error,
                };
            }
            else
            {
                return new ModuleResults
                {
                    ResultComment = "All of critical Online marketing are small enough to use Online marketing without affecting performance.",
                    Status = Status.Good
                };
            }
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;

            int databaseSizeInMB = dbService.ExecuteAndGetScalar<int>("SELECT SUM(reserved_page_count) * 8.0 / 1024 FROM sys.dm_db_partition_stats");
            var results = dbService.ExecuteAndGetTableFromFile("BigTablesModule.sql");

            return new ModuleResults
            {
                Result = results,
                ResultComment = String.Format("The overall database size is {0} MB", databaseSizeInMB)
            };
        }
Beispiel #16
0
 public HttpResponseMessage GetKenticoVersion([FromUri]InstanceConfig config)
 {
     try
     {
         var instance = new InstanceInfo(config);
         var version = instance.Version;
         return Request.CreateResponse(HttpStatusCode.OK, version);
     }
     catch (Exception e)
     {
         return Request.CreateResponse(HttpStatusCode.BadRequest, e.Message);
     }
 }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            DataTable expiredTokens = new DataTable("Expired account tokens");
            expiredTokens.Columns.Add("SocialNetwork");
            expiredTokens.Columns.Add("SiteName");
            expiredTokens.Columns.Add("AccountName");

            var dbService = instanceInfo.DBService;
            if (instanceInfo.Version != new Version("8.0"))
            {
                // LinkedIn integration is in 8.1 and newer
                var linResults = dbService.ExecuteAndGetTableFromFile("ExpiredTokensModule-LinkedIn.sql");
                foreach (DataRow token in linResults.Rows)
                {
                    var row = expiredTokens.NewRow();
                    row["SocialNetwork"] = "LinkedIn";
                    row["SiteName"] = token["SiteName"];
                    row["AccountName"] = token["AccountName"];
                    expiredTokens.Rows.Add(row);
                }
            }

            var fbResults = dbService.ExecuteAndGetTableFromFile("ExpiredTokensModule-Facebook.sql");
            if (fbResults.Rows.Count > 0)
            {
                foreach (DataRow token in fbResults.Rows)
                {
                    var row = expiredTokens.NewRow();
                    row["SocialNetwork"] = "Facebook";
                    row["SiteName"] = token["SiteName"];
                    row["AccountName"] = token["AccountName"];
                    expiredTokens.Rows.Add(row);
                }                
            }

            if (expiredTokens.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    Result = expiredTokens,
                    Status = Status.Error,
                    ResultComment = "Tokens have expired, posting stuff on some social markenting accounts doesn't work at all for accounts in results. Tell customer to reauthorize the pages.",
                };
            }

            return new ModuleResults
            {
                Status = Status.Good,
                ResultComment = "There are no expired tokens.",
            };
        }
Beispiel #18
0
        public HttpResponseMessage GetModuleExport([FromUri]IEnumerable<string> moduleNames, [FromUri]InstanceConfig config, [FromUri]string exportModuleCodeName)
        {
            if (config == null)
            {
                throw new ArgumentNullException(nameof(config));
            }

            var instanceInfo = new InstanceInfo(config);
            if (instanceInfo == null)
            {
                throw new ArgumentException(nameof(config));
            }

            if (moduleNames == null)
            {
                throw new ArgumentNullException(nameof(moduleNames));
            }

            var module = ExportModuleLoader.Modules.FirstOrDefault(m => m.ModuleMetaData.ModuleCodeName == exportModuleCodeName);
            if (module == null)
            {
                throw new ArgumentException(nameof(exportModuleCodeName));
            }

            try
            {
                var stream = module.GetExportStream(moduleNames.Distinct(), instanceInfo);
                if (stream == null)
                {
                    throw new Exception("Empty export file");
                }

                // Send stream
                var response = Request.CreateResponse(HttpStatusCode.OK);
                response.Content = new StreamContent(stream);
                response.Content.Headers.ContentType = new MediaTypeHeaderValue(module.ModuleMetaData.ModuleFileMimeType);
                response.Content.Headers.ContentLength = stream.Length;
                response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
                {
                    FileName = $"KInspectorExport_{DateTime.Now.ToString("yyyyMMdd_HHmmss")}.{module.ModuleMetaData.ModuleFileExtension}"
                };
                response.Headers.ConnectionClose = true;

                return response;
            }
            catch (Exception e)
            {
                return Request.CreateResponse(HttpStatusCode.InternalServerError, $"Error in processing modules. Error message: {e.Message}");
            }
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var urls = dbService.ExecuteAndGetTableFromFile("ScreenshotterModule.sql");

            // Start process in separate thread to make website responsive.
            Thread t = new Thread(StartScreenshotting);
            t.Start(new object[] { instanceInfo, urls });

            return new ModuleResults
            {
                Result = urls
            };
        }
Beispiel #20
0
        public HttpResponseMessage GetModuleResult(string moduleName, [FromUri]InstanceConfig config)
        {
            try
            {
                var instance = new InstanceInfo(config);
                var result = ModuleLoader.GetModule(moduleName).GetResults(instance);

                return Request.CreateResponse(HttpStatusCode.OK, result);
            }
            catch (Exception e)
            {
                return Request.CreateResponse(HttpStatusCode.InternalServerError, $"Error in \"{moduleName}\" module. Error message: {e.Message}");
            }
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> report = new List<string>();

            mDatabaseService = instanceInfo.DBService;

            DataTable webPartsInTransformationsTable = GetPageTemplateWebParts(LikePageTemplateDisplayName);
            List<string> whereOrderResults = new List<string>();
            List<string> otherResults = new List<string>();
            foreach (DataRow webPart in webPartsInTransformationsTable.Rows)
            {
                string pageTemplateDisplayName = webPart["PageTemplateDisplayName"] as string;
                XmlDocument webPartsXmlDoc = new XmlDocument();
                webPartsXmlDoc.LoadXml(webPart["PageTemplateWebParts"] as string);

                whereOrderResults.AddRange(AnalyseWhereAndOrderByConditionsInPageTemplateWebParts(webPartsXmlDoc, pageTemplateDisplayName));
                otherResults.AddRange(AnalysePageTemplateWebParts(webPartsXmlDoc, pageTemplateDisplayName));
            }

            if (whereOrderResults.Count > 0)
            {
                report.Add("------------------------ Web parts - Where and Order condition results - Potential SQL injections -----------------");
                report.AddRange(whereOrderResults);
            }
            if (otherResults.Count > 0)
            {
                report.Add("------------------------ Macros in DB - Potential XSS -----------------");
                report.AddRange(otherResults);
            }

            if (report.Count == 0)
            {
                return new ModuleResults
                {
                    ResultComment = "No problems in web parts found.",
                    Status = Status.Good
                };
            }

            StringBuilder res = new StringBuilder();
            report.ForEach(it => res.Append(it.Replace("\n", "<br />")));

            return new ModuleResults
            {
                Result = report,
                Trusted = true
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            if (instanceInfo.Version == new Version("6.0"))
            {
                return new ModuleResults
                {
                    Result = dbService.ExecuteAndGetPrintsFromFile("WebPartColumnsModule6.sql"),
                };
            }

            return new ModuleResults
            {
                Result = dbService.ExecuteAndGetPrintsFromFile("WebPartColumnsModule.sql"),
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            if (!TestUrl(instanceInfo.Uri, "robots.txt"))
            {
                return new ModuleResults
                {
                    Status = Status.Warning,
                    Result = "Missing! Please add the robots.txt into the web root",
                };
            }

            return new ModuleResults
            {
                Status = Status.Good,
                Result = "All good, robots.txt found.",
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            DataTable sourceUIElements = dbService.ExecuteAndGetTableFromFile(String.Format("UIElementsDiffV{0}.sql", instanceInfo.Version.Major));

            var kenticoUIElements = new DataTable();
            kenticoUIElements.ReadXml(String.Format("./Data/DefaultUIElements/{0}{1}.xml", instanceInfo.Version.Major, instanceInfo.Version.Minor));

            RemoveHashesFromStringRecords(sourceUIElements);

            var result = Diff(kenticoUIElements, sourceUIElements);

            return new ModuleResults
            {
                Result = result
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("PasswordPolicy.sql");

            if (results.Rows.Count > 0)
            { 
                DataRow[] passwordFormatRow = results.Select("KeyName = 'CMSPasswordFormat'");
                DataRow[] passwordPolicyRow = results.Select("KeyName = 'CMSUsePasswordPolicy'");

                if (passwordFormatRow[0][1].ToString() != "SHA2SALT")
                {
                    return new ModuleResults
                    {
                        Result = results,
                        ResultComment = "The CMSPasswordFormat should be set to 'SHA2SALT'.",
                        Status = Status.Error,
                    };
                }
                else if (passwordPolicyRow[0][1].ToString() != "True")
                {
                    return new ModuleResults
                    {
                        Result = results,
                        ResultComment = "It is recommended that you have CMSUsePasswordPolicy set to 'True'.",
                        Status = Status.Warning,
                    };
                }
                else
                {
                    return new ModuleResults
                    {
                        ResultComment = "Password settings look good.",
                        Status = Status.Good
                    };
                }
            }

            return new ModuleResults
            {
                ResultComment = "Failed to check settings as expected.",
                Status = Status.Error
            };

        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var contactNumber = dbService.ExecuteAndGetScalar<int>(@"SELECT COUNT(*) FROM OM_Contact");

            var results = dbService.ExecuteAndGetTableFromFile(@"OMInactiveContactsDeletion.sql");

            return new ModuleResults
            {
                Result = results,
                ResultComment = @"Inactive contact deletion setting should be always set up, so that the database doesn't get too big over time.
It is a business decision what contacts could be deleted. There are now " + (contactNumber < 10000 ? "only " : "") + contactNumber + " contacts in the database.",
                Status = (contactNumber > 100000 && results.Rows.Count > 0) 
                            ? Status.Error
                            : (results.Rows.Count > 0)
                                ? Status.Warning
                                : Status.Good
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetPrintsFromFile("ScheduledTasksModule.sql");

            var res = new ModuleResults
            {
                Result = results,
            };

            if (results.Any(x => x.Contains("DISABLE SCHEDULED TASK!") 
                || x.Contains("DON NOT RUN THE task as EXTERNAL") 
                || x.Contains("RUN THE task as EXTERNAL")))
            {
                res.Status = Status.Warning;
            }

            return res;
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var manualContactGroups = dbService.ExecuteAndGetTableFromFile("OMContactGroupsWithManualMacro.sql");
            if (manualContactGroups.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    Result = manualContactGroups, 
                    ResultComment = "These contact groups use plain macro that should be translated into MacroRules, so that the SQL translation could be leveraged. This is like MUCH slower.",
                    Status = Status.Error,
                };
            }

            return new ModuleResults
            {
                ResultComment = "All existing contact groups are designed with Macro, so they can leverage fast recalculation ",
                Status = Status.Good
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("EventLogErrorsModule.sql");

            if (results.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    Result = results,
                    ResultComment = "Errors in event log found!",
                    Status = results.Rows.Count > 10 ? Status.Error : Status.Warning,
                };
            }

            return new ModuleResults
            {
                ResultComment = "No errors were found in the event log.",
                Status = Status.Good
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("DatabaseConsistencyCheckModule.sql");

            if (results.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    ResultComment = "CHECKDB found some errors!",
                    Result = results,
                    Status = Status.Error
                };
            }

            return new ModuleResults
            {
                Status = Status.Good,
                ResultComment = "CHECKDB didn't found any errors."
            };
        }