public void Inspect(ResponseAnalysisContext context, CancellationToken cancellationToken)
{
if (context.IsHtml())
{
var html = context.ReadAsString();
if (html == null)
{
return;
}
foreach (var query in context.Response.HttpContext.Request.Query)
{
foreach (var value in query.Value)
{
if (ShouldEncode(value))
{
if (html.Contains(value, StringComparison.Ordinal))
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.QueryString(query.Key)));
}
}
}
}
}
}
public void Inspect(ResponseAnalysisContext context, CancellationToken cancellationToken)
{
if (context.IsTextLike())
{
var content = context.ReadAsString();
foreach (var found in ResponseBody.Where(b => content.Contains(b.Term)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.ResponseBody));
if (Options.CurrentValue.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
}
public void Inspect(ResponseAnalysisContext context, CancellationToken cancellationToken)
{
if (context.Response.Headers.TryGetValue("Set-Cookie", out var setCookies))
{
// inspect cookies
foreach (var setCookie in setCookies)
{
// parse name
int delimiterIndex = setCookie.IndexOf('=');
var name = new StringSegment(setCookie, 0, delimiterIndex);
if (!name.Contains("sess", StringComparison.OrdinalIgnoreCase))
{
continue;
}
// parse value
int semicolonIndex = setCookie.IndexOf(';', delimiterIndex + 1);
var value = new StringSegment(setCookie, delimiterIndex + 1, semicolonIndex != -1 ? semicolonIndex : (setCookie.Length - delimiterIndex - 1));
if (value.Length < MinimumCookieLength)
{
continue;
}
// match to query string
foreach (var query in context.HttpContext.Request.Query)
{
foreach (var queryValue in query.Value)
{
if (value.Contains(queryValue))
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.QueryString(query.Key)));
return;
}
}
}
}
}
}