Example #1
0
            public DateTimeType5(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 33;
                SaniType       = SaniTypes.MinMax;
            }
Example #2
0
            public UsingASCII(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 10;
                SaniType       = SaniTypes.AllowedList;
            }
Example #3
0
            public LongType1(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 10;
                SaniType       = SaniTypes.MinMax;
            }
Example #4
0
            public DecimalType2(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 15;
                SaniType       = SaniTypes.MinMax;
            }
Example #5
0
            public BooleanType4(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 5;
                SaniType       = SaniTypes.MinMax;
            }
Example #6
0
            public IntegerType3(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 10;
                SaniType       = SaniTypes.MinMax;
            }
Example #7
0
        public Truncate(SaniCore saniCore)
        {
            SaniCore = saniCore;

            TruncateLength = 10;
            SaniType       = SaniTypes.Truncate;
        }
Example #8
0
        public NormalizeOrLimit(SaniCore saniCore)
        {
            SaniCore = saniCore;

            TruncateLength = 10;
            SaniType       = SaniTypes.NormalizeOrLimit;
        }
            public UsingASCII(SaniCore saniCore)
            {
                SaniCore = saniCore;

                TruncateLength = 15;
                SaniType       = SaniTypes.FileNameCleanse;
            }
        public RestrictedList(SaniCore saniCore)
        {
            SaniCore = saniCore;

            TruncateLength = 10;
            SaniType       = SaniTypes.RestrictedList;

            ASCII = new UsingASCII(saniCore);
        }
        public FileNameCleanse(SaniCore saniCore)
        {
            SaniCore = saniCore;

            TruncateLength = 15;
            SaniType       = SaniTypes.FileNameCleanse;

            ASCII = new UsingASCII(saniCore);
        }
Example #12
0
        public AllowedList(SaniCore saniCore)
        {
            SaniCore = saniCore;

            TruncateLength = 10;
            SaniType       = SaniTypes.AllowedList;

            ASCII   = new UsingASCII(saniCore);
            Unicode = new UsingUnicode(saniCore);
        }
Example #13
0
        public MinMax(SaniCore saniCore)
        {
            SaniCore = saniCore;

            TruncateLength = 10;
            SaniType       = SaniTypes.MinMax;

            LongType     = new LongType1(saniCore);
            DecimalType  = new DecimalType2(saniCore);
            IntegerType  = new IntegerType3(saniCore);
            BooleanType  = new BooleanType4(saniCore);
            DateTimeType = new DateTimeType5(saniCore);
        }
Example #14
0
        public Sanitizer(Approach sanitizerApproach, bool compileRegex)
        {
            SaniCore = new SaniCore();
            SaniCore.SanitizerApproach = sanitizerApproach;
            SanitizerApproach          = SaniCore.SanitizerApproach;

            SaniCore.SaniExceptions = new Dictionary <Guid, KeyValuePair <SaniTypes, string> >();
            SaniExceptions          = SaniCore.SaniExceptions;

            SaniCore.CompileRegex = compileRegex;
            SaniCore.Truncate     = new Truncate(SaniCore);
            Truncate = SaniCore.Truncate;
            SaniCore.NormalizeOrLimit = new NormalizeOrLimit(SaniCore);
            NormalizeOrLimit          = SaniCore.NormalizeOrLimit;
            SaniCore.MinMax           = new MinMax(SaniCore);
            MinMax = SaniCore.MinMax;
            SaniCore.FileNameCleanse = new FileNameCleanse(SaniCore);
            FileNameCleanse          = SaniCore.FileNameCleanse;
            SaniCore.AllowedList     = new AllowedList(SaniCore);
            AllowedList             = SaniCore.AllowedList;
            SaniCore.RestrictedList = new RestrictedList(SaniCore);
            RestrictedList          = SaniCore.RestrictedList;
        }
Example #15
0
        public static void TrackOrThrowException(int truncateLength, SaniTypes saniType, SaniCore saniCore, string msgTitle, string msg, string strToClean, Exception ex) //"Filename: "
        {
            string exceptionValue = String.Empty;

            //Truncate length to protect the log
            if (string.IsNullOrWhiteSpace(strToClean))
            {
                exceptionValue = String.Empty;
            }
            else
            {
                if (strToClean.Length >= truncateLength)
                {
                    exceptionValue = strToClean.Substring(0, truncateLength);
                }
                else
                {
                    exceptionValue = strToClean;
                }
            }

            //Limit to ASCII Only and remove possible malicious characters - apply a limited allowedList to protect the log
            exceptionValue = (new string(exceptionValue.ToCharArray().Where(c => ((32 <= (int)c && (int)c <= 126) &&
                                                                                  ((int)c != 37) && //% sign - could be part of hexadecimal character
                                                                                  ((int)c != 47) && //forward slash - could be part of a malicious URL
                                                                                  ((int)c != 64) && //@ symbol - could be part of a malicious email address
                                                                                  ((int)c != 92) //backslash - could be part of a null byte or unicode bypass character
                                                                                  )).ToArray()));

            if (saniCore.SanitizerApproach == Approach.TrackExceptionsInList)
            {
                string exceptionMsg = String.Empty;
                if (ex != null && ex.Message != null)
                {
                    exceptionMsg = ex.Message;
                }

                saniCore.SaniExceptions.Add(Guid.NewGuid(), new KeyValuePair <SaniTypes, string>(saniType, msgTitle + exceptionValue + " Exception: " + exceptionMsg));
            }
            else
            {
                throw new SanitizerException(msg + (exceptionValue ?? String.Empty), ex);
            }
        }