Ejemplo n.º 1
0
        /// <inheritdoc cref="Owasp.Esapi.Interfaces.IAccessReferenceMap.AddDirectReference(object)"/>
        public string AddDirectReference(object direct)
        {
            if (direct == null)
            {
                throw new ArgumentNullException("direct");
            }

            string indirect = random.GetRandomString(6, CharSetValues.Alphanumerics);

            itod[indirect] = direct;
            dtoi[direct]   = indirect;
            return(indirect);
        }
Ejemplo n.º 2
0
        /// <summary> Adds a direct reference and a new random indirect reference, overwriting any existing values.</summary>
        /// <param name="direct">
        ///     The direct reference.
        /// </param>
        public void AddDirectReference(string direct)
        {
            string indirect = random.GetRandomString(6, Encoder.CHAR_ALPHANUMERICS);

            itod[indirect] = direct;
            dtoi[direct]   = indirect;
        }
Ejemplo n.º 3
0
        public void Test_GetRandomString()
        {
            System.Console.Out.WriteLine("GetRandomString");
            int         length     = 20;
            IRandomizer randomizer = Esapi.Randomizer;

            for (int i = 0; i < 100; i++)
            {
                string result = randomizer.GetRandomString(length, Owasp.Esapi.CharSetValues.Alphanumerics);
                Assert.AreEqual(length, result.Length);
            }
        }
Ejemplo n.º 4
0
        private string GenerateStrongPassword(string oldPassword)
        {
            IRandomizer randomizer  = Owasp.Esapi.Esapi.Randomizer();
            string      newPassword = "";
            int         num         = 10;

            for (int index = 0; index < num; ++index)
            {
                try
                {
                    newPassword = randomizer.GetRandomString(8, Encoder.CHAR_PASSWORD);
                    VerifyPasswordStrength(newPassword, oldPassword);
                    return(newPassword);
                }
                catch (AuthenticationException ex)
                {
                    Authenticator.logger.LogDebug(ILogger_Fields.SECURITY, "Password generator created weak password: "******". Regenerating.", (Exception)ex);
                }
            }
            Authenticator.logger.LogCritical(ILogger_Fields.SECURITY, "Strong password generation failed after  " + (object)num + " attempts");
            return((string)null);
        }
Ejemplo n.º 5
0
        /// <summary> Generates a strong password, different from the previous password.
        ///
        /// </summary>
        /// <param name="oldPassword">The old password for the user.
        /// </param>
        /// <returns> The cryptographically strong password.
        /// </returns>
        private string GenerateStrongPassword(string oldPassword)
        {
            IRandomizer r           = Esapi.Randomizer();
            string      newPassword = "";
            int         limit       = 10;

            for (int i = 0; i < limit; i++)
            {
                try
                {
                    newPassword = r.GetRandomString(8, Encoder.CHAR_PASSWORD);
                    VerifyPasswordStrength(newPassword, oldPassword);
                    return(newPassword);
                }
                catch (AuthenticationException e)
                {
                    logger.LogDebug(ILogger_Fields.SECURITY, "Password generator created weak password: "******". Regenerating.", e);
                }
            }
            logger.LogCritical(ILogger_Fields.SECURITY, "Strong password generation failed after  " + limit + " attempts");
            return(null);
        }