private void StackScanner(ConcurrentQueue <string> queue)
{
while (true)
{
queue.TryDequeue(out var changedObjectPath);
if (string.IsNullOrEmpty(changedObjectPath))
{
continue;
}
PluginResult scanResult = PluginProxy.Instance(_config).Scan(changedObjectPath, PluginType.File);
if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
{
bool?sendCommandResult = _pipeServer?.SendCommandToUI(new BeSafePipeCommand
{
CommandId = Guid.NewGuid(),
Command = PipeCommands.PluginScanResult,
PluginScanResult = scanResult
});
// Log threat
ThreatLog.Log(scanResult);
}
Thread.Sleep(500);
}
}
private void StackScanner(ConcurrentQueue <ChangedValueInfo> queue)
{
while (true)
{
queue.TryDequeue(out var valueInfo);
if (valueInfo == null)
{
continue;
}
PluginResult scanResult = PluginProxy.Instance(_config).Scan(valueInfo, PluginType.Registry);
if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
{
bool?sendCommandResult = _pipeServer?.SendCommandToUI(new BeSafePipeCommand
{
CommandId = Guid.NewGuid(),
Command = PipeCommands.PluginScanResult,
PluginScanResult = scanResult
});
// Log threat
ThreatLog.Log(scanResult);
}
Thread.Sleep(500);
}
}
private async Task RespondWithAnError(HttpContext context)
{
// Log the threat
using (MemoryStream ms = new MemoryStream(2048))
{
await context.Request.Body.CopyToAsync(ms);
ms.Position = 0;
ThreatLog threatLog = new ThreatLog()
{
ThreatIdentifier = Guid.NewGuid(),
ClientIpAddress = context.Connection.RemoteIpAddress.ToString(),
Url = context.Request.Host + context.Request.Path,
QueryString = context.Request.QueryString.ToString(),
ThreatContent = AntiXss.Sanitize(await new StreamReader(ms, Encoding.UTF8).ReadToEndAsync()),
ThreatTypeId = ThreatFactory.GetThreat(ThreatType.Xss).Id
};
_sap1EmuContext.ThreatLogs.Add(threatLog);
_sap1EmuContext.SaveChanges();
}
// Send Client-Side Response
context.Response.Clear();
context.Response.Headers.AddHeaders();
context.Response.ContentType = "application/json; charset=utf-8";
context.Response.StatusCode = _statusCode;
if (_error == null)
{
_error = new ErrorResponse
{
Description = "XSS Detected",
ErrorCode = _statusCode,
ThreatInfo = new ThreatInfo
{
Action = "Incident Recorded",
ClientIp = context.Connection.RemoteIpAddress.ToString()
}
};
}
await context.Response.WriteAsync(_error.ToJSON());
}
private ThreatRiskRates OnFileAccessRequestEvent(string filePath)
{
PluginResult scanResult = PluginProxy.Instance(_config).Scan(filePath, PluginType.File);
if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
{
bool?sendCommandResult = _pipeServer?.SendCommandToUI(new BeSafePipeCommand
{
CommandId = Guid.NewGuid(),
Command = PipeCommands.PluginScanResult,
PluginScanResult = scanResult
});
// Log threat
ThreatLog.Log(scanResult);
}
return(scanResult.RiskRate);
}
