private void RunScan()
{
//Determine if we already have a Page Settings object
IDSPageSettings ips;
_settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);
if (ips == null)
{
ips = new IDSPageSettings(_settings);
_settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
}
RunScan(ips);
}
private void RunScan()
{
//Determine if we already have a Page Settings object
IDSPageSettings ips;
_settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);
if (ips == null)
{
ips = new IDSPageSettings(_settings);
_settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
}
RunScan(ips);
}
public void Run()
{
//Determine if we already have a Page Settings object
IDSPageSettings ips;
_settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);
if (ips == null)
{
ips = new IDSPageSettings(_settings);
_settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
}
//Wire up the web.config page callbacks
foreach (IDSCallback callback in ips.Callbacks)
{
Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
SetupBinding(t, callback.Method);
}
if (ips.OnIDSEvent != null)
{
foreach (Delegate d in ips.OnIDSEvent.GetInvocationList())
{
OnIDSEvents += (IDSEvent)d;
}
}
//Wire up the web.config global callbacks
foreach (IDSCallback callback in _settings.Callbacks)
{
Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
SetupBinding(t, callback.Method);
}
//If _callScan is false then the firing mechanism will run in
//the page_preinit event of a page/page subclass
if (!_callScan)
{
return;
}
RunScan(ips);
}
/// <summary>
/// The Secure Page's OnInit event handler
/// </summary>
/// <param name="e">The Page Init EventArgs</param>
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
//Create a config object
IDSGlobalSettings settings = new IDSGlobalSettings();
IDSPageSettings pageSettings = new IDSPageSettings(settings);
pageSettings.OnIDSEvent = OnIDSEvent;
pageSettings.CookieExclusions = _exclusions_cookies;
pageSettings.PostExclusions = _exclusions_post;
pageSettings.HeaderExclusions = _exclusions_headers;
pageSettings.GetExclusions = _exclusions_get;
pageSettings.DecodeJS = _decodeJS;
pageSettings.DecodeUTF7 = _decodeUTF7;
settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings);
WebScanRunner wsr = new WebScanRunner(settings);
wsr.Run();
}
/// <summary>
/// The Secure Page's OnInit event handler
/// </summary>
/// <param name="e">The Page Init EventArgs</param>
protected override void OnInit(EventArgs e)
{
base.OnInit(e);
//Create a config object
IDSGlobalSettings settings = new IDSGlobalSettings();
IDSPageSettings pageSettings = new IDSPageSettings(settings);
pageSettings.OnIDSEvent = OnIDSEvent;
pageSettings.CookieExclusions = _exclusions_cookies;
pageSettings.PostExclusions = _exclusions_post;
pageSettings.HeaderExclusions = _exclusions_headers;
pageSettings.GetExclusions = _exclusions_get;
pageSettings.DecodeJS = _decodeJS;
pageSettings.DecodeUTF7 = _decodeUTF7;
settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings);
WebScanRunner wsr = new WebScanRunner(settings);
wsr.Run();
}
public object Create(object parent,
object configContext, System.Xml.XmlNode section)
{
IDSGlobalSettings settings = new IDSGlobalSettings();
IDSBaseSettings ibs = (IDSBaseSettings)settings;
//Load base IDS settings
LoadBaseSettings(ref ibs, section);
//Get page exclusions
XmlNodeList xnl = section.SelectNodes("excludepage");
foreach (XmlNode n in xnl)
{
string pagetoexclude = GetAttribute(n, "page", true);
settings.ExcludedPages.Add(pagetoexclude);
}
//Get regex exclusions
xnl = section.SelectNodes("excluderegex");
foreach (XmlNode n in xnl)
{
string pattern = GetAttribute(n, "pattern", true);
bool ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true));
settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase));
}
//Get the global callbacks
xnl = section.SelectNodes("callback");
foreach (XmlNode n in xnl)
{
string method = GetAttribute(n, "method", true);
string namespaceandtype = GetAttribute(n, "namespaceandtype", true);
string assembly = GetAttribute(n, "assembly", true);
settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
}
//Get page settings
xnl = section.SelectNodes("pagesetup");
foreach (XmlNode n in xnl)
{
string pagename = GetAttribute(n, "page", true);
//Create a page settings object
IDSPageSettings ips = new IDSPageSettings(settings);
try
{
settings.PageSettings.Add(pagename, ips);
}
catch (Exception e)
{
throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e);
}
//Populate base data
IDSBaseSettings pagebase = (IDSBaseSettings)ips;
LoadBaseSettings(ref pagebase, n);
//Look for page callbacks
XmlNodeList pagecallbacks = n.SelectNodes("callback");
foreach (XmlNode pagecallback in pagecallbacks)
{
string method = GetAttribute(pagecallback, "method", true);
string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true);
string assembly = GetAttribute(pagecallback, "assembly", true);
ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
}
}
return(settings);
}
private void RunScan(IDSPageSettings ips)
{
HttpRequest Request = HttpContext.Current.Request;
HttpResponse Response = HttpContext.Current.Response;
//Perform scanning
//Add some default exclusions
if (HttpContext.Current.Request.Url.Host == "localhost")
{
_settings.HeaderExclusions.Add("Host");
}
//Hook the output
if (ips.ScanOutput)
{
/*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath);
* _oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady);
* _oF.JSDecode = _settings.DecodeJS;
* _oF.UTF7Decode = _settings.DecodeUTF7;
* Response.Filter = _oF;*/
}
//Pass GET, POST, COOKIES and HEADERS through the IDS
DOTNETIDS.IDS ids_get;
if (_settings.FilterXmlPath != string.Empty)
{
//Load from file
ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath);
}
else
{
//Load from embedded resource
ids_get = new DOTNETIDS.IDS(Request.QueryString);
}
DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post);
DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get);
DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header);
ips.GetExclusions.AddRange(ips.Exclusions);
ips.PostExclusions.AddRange(ips.Exclusions);
ips.CookieExclusions.AddRange(ips.Exclusions);
ips.HeaderExclusions.AddRange(ips.Exclusions);
ips.GetExclusions.AddRange(_settings.Exclusions);
ips.PostExclusions.AddRange(_settings.Exclusions);
ips.CookieExclusions.AddRange(_settings.Exclusions);
ips.HeaderExclusions.AddRange(_settings.Exclusions);
ips.GetExclusions.AddRange(_settings.GetExclusions);
ips.HeaderExclusions.AddRange(_settings.HeaderExclusions);
ips.PostExclusions.AddRange(_settings.PostExclusions);
ips.CookieExclusions.AddRange(_settings.CookieExclusions);
ids_get.Exclusions.AddRange(ips.GetExclusions);
ids_post.Exclusions.AddRange(ips.PostExclusions);
ids_cookies.Exclusions.AddRange(ips.CookieExclusions);
ids_headers.Exclusions.AddRange(ips.HeaderExclusions);
ids_get.JSDecode = ips.DecodeJS;
ids_post.JSDecode = ips.DecodeJS;
ids_cookies.JSDecode = ips.DecodeJS;
ids_headers.JSDecode = ips.DecodeJS;
ids_get.UTF7Decode = ips.DecodeUTF7;
ids_post.UTF7Decode = ips.DecodeUTF7;
ids_cookies.UTF7Decode = ips.DecodeUTF7;
ids_headers.UTF7Decode = ips.DecodeUTF7;
//Run the IDS on each component
if (ips.ScanGet)
{
ids_get.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_get.Report, this);
}
}
if (ips.ScanPost)
{
ids_post.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_post.Report, this);
}
}
if (ips.ScanCookies)
{
ids_cookies.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_cookies.Report, this);
}
}
if (ips.ScanHeaders)
{
ids_headers.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_headers.Report, this);
}
}
}
private void RunScan(IDSPageSettings ips)
{
HttpRequest Request = HttpContext.Current.Request;
HttpResponse Response = HttpContext.Current.Response;
//Perform scanning
//Add some default exclusions
if (HttpContext.Current.Request.Url.Host == "localhost")
{
_settings.HeaderExclusions.Add("Host");
}
//Hook the output
if (ips.ScanOutput)
{
/*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath);
_oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady);
_oF.JSDecode = _settings.DecodeJS;
_oF.UTF7Decode = _settings.DecodeUTF7;
Response.Filter = _oF;*/
}
//Pass GET, POST, COOKIES and HEADERS through the IDS
DOTNETIDS.IDS ids_get;
if (_settings.FilterXmlPath != string.Empty)
{
//Load from file
ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath);
}
else
{
//Load from embedded resource
ids_get = new DOTNETIDS.IDS(Request.QueryString);
}
DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post);
DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get);
DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header);
ips.GetExclusions.AddRange(ips.Exclusions);
ips.PostExclusions.AddRange(ips.Exclusions);
ips.CookieExclusions.AddRange(ips.Exclusions);
ips.HeaderExclusions.AddRange(ips.Exclusions);
ips.GetExclusions.AddRange(_settings.Exclusions);
ips.PostExclusions.AddRange(_settings.Exclusions);
ips.CookieExclusions.AddRange(_settings.Exclusions);
ips.HeaderExclusions.AddRange(_settings.Exclusions);
ips.GetExclusions.AddRange(_settings.GetExclusions);
ips.HeaderExclusions.AddRange(_settings.HeaderExclusions);
ips.PostExclusions.AddRange(_settings.PostExclusions);
ips.CookieExclusions.AddRange(_settings.CookieExclusions);
ids_get.Exclusions.AddRange(ips.GetExclusions);
ids_post.Exclusions.AddRange(ips.PostExclusions);
ids_cookies.Exclusions.AddRange(ips.CookieExclusions);
ids_headers.Exclusions.AddRange(ips.HeaderExclusions);
ids_get.JSDecode = ips.DecodeJS;
ids_post.JSDecode = ips.DecodeJS;
ids_cookies.JSDecode = ips.DecodeJS;
ids_headers.JSDecode = ips.DecodeJS;
ids_get.UTF7Decode = ips.DecodeUTF7;
ids_post.UTF7Decode = ips.DecodeUTF7;
ids_cookies.UTF7Decode = ips.DecodeUTF7;
ids_headers.UTF7Decode = ips.DecodeUTF7;
//Run the IDS on each component
if (ips.ScanGet)
{
ids_get.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_get.Report, this);
}
if (ips.ScanPost)
{
ids_post.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_post.Report, this);
}
if (ips.ScanCookies)
{
ids_cookies.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_cookies.Report, this);
}
if (ips.ScanHeaders)
{
ids_headers.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_headers.Report, this);
}
}
public void Run()
{
//Determine if we already have a Page Settings object
IDSPageSettings ips;
_settings.PageSettings.TryGetValue(Misc.GetCurrentPageName(), out ips);
if (ips == null)
{
ips = new IDSPageSettings(_settings);
_settings.PageSettings.Add(Misc.GetCurrentPageName(), ips);
}
//Wire up the web.config page callbacks
foreach (IDSCallback callback in ips.Callbacks)
{
Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
SetupBinding(t, callback.Method);
}
if (ips.OnIDSEvent != null)
{
foreach (Delegate d in ips.OnIDSEvent.GetInvocationList())
{
OnIDSEvents += (IDSEvent)d;
}
}
//Wire up the web.config global callbacks
foreach (IDSCallback callback in _settings.Callbacks)
{
Type t = Misc.ResolveType(callback.Assembly, callback.Namespaceandcallback);
SetupBinding(t, callback.Method);
}
//If _callScan is false then the firing mechanism will run in
//the page_preinit event of a page/page subclass
if (!_callScan) return;
RunScan(ips);
}
public object Create(object parent,
object configContext, System.Xml.XmlNode section)
{
IDSGlobalSettings settings = new IDSGlobalSettings();
IDSBaseSettings ibs = (IDSBaseSettings)settings;
//Load base IDS settings
LoadBaseSettings(ref ibs, section);
//Get page exclusions
XmlNodeList xnl = section.SelectNodes("excludepage");
foreach (XmlNode n in xnl)
{
string pagetoexclude = GetAttribute(n, "page", true);
settings.ExcludedPages.Add(pagetoexclude);
}
//Get regex exclusions
xnl = section.SelectNodes("excluderegex");
foreach (XmlNode n in xnl)
{
string pattern = GetAttribute(n, "pattern", true);
bool ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true));
settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase));
}
//Get the global callbacks
xnl = section.SelectNodes("callback");
foreach (XmlNode n in xnl)
{
string method = GetAttribute(n, "method", true);
string namespaceandtype = GetAttribute(n, "namespaceandtype", true);
string assembly = GetAttribute(n, "assembly", true);
settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
}
//Get page settings
xnl = section.SelectNodes("pagesetup");
foreach (XmlNode n in xnl)
{
string pagename = GetAttribute(n, "page", true);
//Create a page settings object
IDSPageSettings ips = new IDSPageSettings(settings);
try
{
settings.PageSettings.Add(pagename, ips);
}
catch (Exception e)
{
throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e);
}
//Populate base data
IDSBaseSettings pagebase = (IDSBaseSettings)ips;
LoadBaseSettings(ref pagebase, n);
//Look for page callbacks
XmlNodeList pagecallbacks = n.SelectNodes("callback");
foreach (XmlNode pagecallback in pagecallbacks)
{
string method = GetAttribute(pagecallback, "method", true);
string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true);
string assembly = GetAttribute(pagecallback, "assembly", true);
ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
}
}
return settings;
}