Ejemplo n.º 1
0
        /// <summary>
        /// Validates whether a  <see cref="LocalFileSystemProvider"/> was configured
        /// with access restricted to a given <see cref="LocalFileSystemProvider.RootDirectory"/>,
        /// and makes sure that the requested <paramref name="file"/> is indeed contained
        /// within that folder.
        /// </summary>
        /// <param name="file">The requested file resource.</param>
        /// <param name="submittedFilePath">The path that was submitted in the original request.</param>
        /// <param name="context">The currently performed file system operation.</param>
        /// <exception cref="ResourceAccessException">If the requested resource is not
        /// a descendant of a configured <see cref="LocalFileSystemProvider.RootDirectory"/>.</exception>
        /// <exception cref="ArgumentNullException">If <paramref name="file"/>
        /// is a null reference.</exception>
        private void ValidateFileRequestAccess(FileItem file, string submittedFilePath, FileSystemTask context)
        {
            if (file == null)
            {
                throw new ArgumentNullException("file");
            }

            //if there isn't a restricted custom root, every file resource can be accessed
            //(if the path is invalid, this will fail otherwise, depending on the action)
            if (RootDirectory == null)
            {
                return;
            }

            try {
                //if we have a custom root, make sure the resource is indeed a descendant of the root
                if (RootDirectory.IsParentOf(file.LocalFile.FullName))
                {
                    return;
                }
            }
            catch (ResourceAccessException e) {
                //just bubble a resource access exception
                if (e.Resource == null)
                {
                    e.Resource = file.ResourceInfo;
                }
                throw;
            }
            catch (Exception e) {
                //exceptions can happen in case of invalid file paths

                //log detailed info
                string error = "Resource request for file [{0}] caused exception when validating against root directory [{1}].";
                error = String.Format(error, submittedFilePath, RootDirectory.FullName);
                AuditHelper.AuditException(Auditor, e, AuditLevel.Warning, context, AuditEvent.InvalidFilePathFormat, error);

                //do not expose too much path information (e.g. absolute paths if disabled)
                error = String.Format("Invalid file path: [{0}].", submittedFilePath);
                throw new ResourceAccessException(error, e)
                      {
                          Resource = file.ResourceInfo, IsAudited = true
                      };
            }

            //if none of the above is true, the request is invalid

            //log detailed info
            string msg = "Resource request for file [{0}] was blocked. The resource is outside the root directory [{1}].";

            msg = String.Format(msg, file.ResourceInfo.FullName, RootDirectory.FullName);
            Auditor.Audit(AuditLevel.Warning, context, AuditEvent.InvalidResourceLocationRequested, msg);

            //do not expose too much path information (e.g. absolute paths if disabled)
            msg = String.Format("Invalid file path: [{0}].", submittedFilePath);
            throw new ResourceAccessException(msg)
                  {
                      Resource = file.ResourceInfo, IsAudited = true
                  };
        }
Ejemplo n.º 2
0
        protected IEnumerable <string> GetChildFolderPathsInternal2(FolderItem parentFolder)
        {
            //the second tests are redundant, but they should be given. otherwise let the routine cause
            //an exception
            if (parentFolder.LocalDirectory == null && parentFolder.ResourceInfo.IsRootFolder && RootDirectory == null)
            {
                //get drives
                return(GetDriveFolders());
            }

            //LocalDirectory should *not* be null - this is only allowed for system roots
            var directory = parentFolder.LocalDirectory;

            if (directory == null)
            {
                string msg =
                    "The LocalDirectory property of folder [{0}] is not set although it's not the system root. Cannot resolve child folders.";
                msg = String.Format(msg, parentFolder.ResourceInfo.FullName);
                Auditor.Audit(AuditLevel.Critical, FileSystemTask.ChildFoldersRequest, AuditEvent.InternalError, msg);

                msg = "Cannot resolve child folders of parent folder [{0}].";
                msg = String.Format(msg, parentFolder.ResourceInfo.FullName);
                throw new ResourceAccessException(msg)
                      {
                          IsAudited = true
                      };
            }

            return(directory.GetDirectories().Select(di => di.FullName));
        }
Ejemplo n.º 3
0
        /// <summary>
        /// Gets the corresponding <see cref="TempStream"/> instance from the
        /// <see cref="FileCache"/>, and audits an exception in case no matching
        /// entry is found.
        /// </summary>
        /// <param name="transfer">The processed transfer.</param>
        /// <param name="position">The expected position within the stream.</param>
        /// <returns>The corresponding <see cref="TempStream"/> entry that was created
        /// during initialization.</returns>
        protected virtual TempStream GetCachedTempData(TTransfer transfer, long?position)
        {
            try
            {
                var stream = FileCache[transfer.TransferId];
                if (position.HasValue)
                {
                    stream.Position = position.Value;
                }
                return(stream);
            }
            catch (KeyNotFoundException e)
            {
                string msg = "Internal dictionary does not contain a [{0}] object found for transfer [{1}] on resource [{2}] - this should not happen.";
                msg = String.Format(msg, typeof(TempStream).Name, transfer.TransferId, transfer.FileItem.QualifiedIdentifier);
                Auditor.Audit(AuditLevel.Critical, FileSystemTask.Unknown, AuditEvent.Undefined, msg);

                msg = "An unexpected error occurred - could not access file data for uploaded file [{0}]";
                msg = String.Format(msg, transfer.FileItem.ResourceInfo.FullName);
                throw new ResourceAccessException(msg, e)
                      {
                          IsAudited = true
                      };
            }
        }
        private SingleTraderCreditProviderEndApplyResponse EndApply(SingleTraderCreditProviderEndApplyRequest request)
        {
            var response = new SingleTraderCreditProviderEndApplyResponse();
            var args     = new
            {
                Result         = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80),
                TransactionKey = request.TransactionKey
            };
            var dbr = Db.ExecuteNonQuery("usp1_Credit_singletrader_end_apply", args);

            if (dbr.Success)
            {
                response.Status = args.Result.Value?.ToString();
                var ar = Auditor.Audit(request.AuditCode, $"{{trnk:{request.TransactionKey}}}");
                if (ar.IsSucceeded())
                {
                    if (response.Status == "Success")
                    {
                        response.Succeeded();
                    }
                }
                else
                {
                    response.Exception = ar.Exception;
                    response.Status    = "AuditError";
                }
            }
            else
            {
                response.Failed(dbr.Exception);
            }

            return(response);
        }
Ejemplo n.º 5
0
        public MultiTraderCreditProviderEndTransferResponse EndTransfer(MultiTraderCreditProviderEndTransferRequest request)
        {
            var response = new MultiTraderCreditProviderEndTransferResponse();
            var args     = new
            {
                Result         = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80),
                TraderKey      = request.TraderKey,
                TransactionKey = request.TransactionKey
            };
            var dbr = Db.ExecuteNonQuery("usp1_CreditTransaction_end_transfer", args);

            if (dbr.Success)
            {
                response.Status = args.Result.Value?.ToString();
                var ar = Auditor.Audit("CRD_ENDTRNSFR", $"{{tk:{request.TraderKey},trnk:{request.TransactionKey}}}");
                if (ar.IsSucceeded())
                {
                    if (response.Status == "Success")
                    {
                        response.Succeeded();
                    }
                }
                else
                {
                    response.Exception = ar.Exception;
                    response.Status    = "AuditError";
                }
            }
            else
            {
                response.Failed(dbr.Exception);
            }

            return(response);
        }
Ejemplo n.º 6
0
        private IEnumerable <DownloadToken> GetTransfersForResourceImpl(string virtualFilePath)
        {
            var context = FileSystemTask.DownloadTransfersByResourceQuery;
            var eventId = AuditEvent.ResourceDownloadsQuery;

            var tokens = TransferStore.GetRunningTransfersForResource(virtualFilePath).Select(t => t.Token);

            string msg = "Queried transfers for resource [{0}] and returned [{1}] download tokens.";

            msg = String.Format(msg, virtualFilePath, tokens.Count());

            Auditor.Audit(AuditLevel.Info, context, eventId, msg);
            return(tokens);
        }
Ejemplo n.º 7
0
        private UploadToken GetTransferForResourceImpl(string virtualFilePath)
        {
            const FileSystemTask context = FileSystemTask.UploadTransferByResourceQuery;
            const AuditEvent     eventId = AuditEvent.ResourceUploadQuery;

            var token = TransferStore.GetRunningTransfersForResource(virtualFilePath)
                        .Select(t => t.Token)
                        .SingleOrDefault();

            string msg = "Queried upload transfer for resource [{0}]. Token found: [{1}].";

            msg = String.Format(msg, virtualFilePath, token != null);

            Auditor.Audit(AuditLevel.Info, context, eventId, msg);
            return(token);
        }
Ejemplo n.º 8
0
        public MultiTraderCreditProviderBeginTransferResponse BeginTransfer(MultiTraderCreditProviderBeginTransferRequest request)
        {
            var response = new MultiTraderCreditProviderBeginTransferResponse();
            var args     = new
            {
                Result    = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80),
                Key       = CommandParameter.Output(System.Data.SqlDbType.VarChar, 50),
                TraderKey = request.TraderKey,
                request.FromUserName,
                request.ToUserName,
                request.Amount,
                request.FromInfo,
                request.ToInfo
            };
            var dbr = Db.ExecuteNonQuery("usp1_CreditTransaction_begin_transfer", args);

            if (dbr.Success)
            {
                response.Status = args.Result.Value?.ToString();
                var ar = Auditor.Audit("CRD_BGNTRNSFR", $"{{tk:{request.TraderKey},fu:{request.FromUserName},tu:{request.ToUserName},m:{request.Amount}}}");
                if (ar.IsSucceeded())
                {
                    if (response.Status == "Success")
                    {
                        response.Succeeded(args.Key.Value);
                    }
                }
                else
                {
                    response.Exception = ar.Exception;
                    response.Status    = "AuditError";
                }
            }
            else
            {
                response.Failed(dbr.Exception);
            }

            return(response);
        }
Ejemplo n.º 9
0
        private MultiTraderCreditProviderBeginApplyResponse BeginApply(MultiTraderCreditProviderBeginApplyRequest request)
        {
            var response = new MultiTraderCreditProviderBeginApplyResponse();
            var args     = new
            {
                Result    = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80),
                Key       = CommandParameter.Output(System.Data.SqlDbType.VarChar, 50),
                TraderKey = request.TraderKey,
                UserName  = request.UserName,
                Amount    = request.Amount,
                Info      = request.Info
            };
            var dbr = Db.ExecuteNonQuery("usp1_CreditTransaction_begin_apply", args);

            if (dbr.Success)
            {
                response.Status = args.Result.Value?.ToString();
                var ar = Auditor.Audit(request.AuditCode, $"{{tk:{request.TraderKey},u:{request.UserName},m:{request.Amount}}}");
                if (ar.IsSucceeded())
                {
                    if (response.Status == "Success")
                    {
                        response.Succeeded(args.Key.Value);
                    }
                }
                else
                {
                    response.Exception = ar.Exception;
                    response.Status    = "AuditError";
                }
            }
            else
            {
                response.Failed(dbr.Exception);
            }

            return(response);
        }
        // -------------------------- Transfer --------------------------
        public SingleTraderCreditProviderTransferResponse Transfer(SingleTraderCreditProviderTransferRequest request)
        {
            var response = new SingleTraderCreditProviderTransferResponse();
            var args     = new
            {
                Result = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80),
                request.FromUserName,
                request.ToUserName,
                request.Amount,
                request.FromInfo,
                request.ToInfo
            };
            var dbr = Db.ExecuteNonQuery("usp1_Credit_singletrader_transfer", args);

            if (dbr.Success)
            {
                response.Status = args.Result.Value?.ToString();
                var ar = Auditor.Audit("CRD_TRNSFR", $"{{fu:{request.FromUserName},tu:{request.ToUserName},m:{request.Amount}}}");
                if (ar.IsSucceeded())
                {
                    if (response.Status == "Success")
                    {
                        response.Succeeded();
                    }
                }
                else
                {
                    response.Exception = ar.Exception;
                    response.Status    = "AuditError";
                }
            }
            else
            {
                response.Failed(dbr.Exception);
            }

            return(response);
        }
Ejemplo n.º 11
0
        private static void ExecuteAuditor(Auditor auditor, XmlElement el)
        {
            XmlElement element = GetComponent(el, auditor.Component, 0);

            auditor.Audit(element);
        }