public DateTimeType5(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 33;
SaniType = SaniTypes.MinMax;
}
public UsingASCII(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.AllowedList;
}
public LongType1(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.MinMax;
}
public DecimalType2(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 15;
SaniType = SaniTypes.MinMax;
}
public BooleanType4(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 5;
SaniType = SaniTypes.MinMax;
}
public IntegerType3(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.MinMax;
}
public Truncate(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.Truncate;
}
public NormalizeOrLimit(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.NormalizeOrLimit;
}
public UsingASCII(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 15;
SaniType = SaniTypes.FileNameCleanse;
}
public RestrictedList(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.RestrictedList;
ASCII = new UsingASCII(saniCore);
}
public FileNameCleanse(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 15;
SaniType = SaniTypes.FileNameCleanse;
ASCII = new UsingASCII(saniCore);
}
public AllowedList(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.AllowedList;
ASCII = new UsingASCII(saniCore);
Unicode = new UsingUnicode(saniCore);
}
public MinMax(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.MinMax;
LongType = new LongType1(saniCore);
DecimalType = new DecimalType2(saniCore);
IntegerType = new IntegerType3(saniCore);
BooleanType = new BooleanType4(saniCore);
DateTimeType = new DateTimeType5(saniCore);
}
public Sanitizer(Approach sanitizerApproach, bool compileRegex)
{
SaniCore = new SaniCore();
SaniCore.SanitizerApproach = sanitizerApproach;
SanitizerApproach = SaniCore.SanitizerApproach;
SaniCore.SaniExceptions = new Dictionary <Guid, KeyValuePair <SaniTypes, string> >();
SaniExceptions = SaniCore.SaniExceptions;
SaniCore.CompileRegex = compileRegex;
SaniCore.Truncate = new Truncate(SaniCore);
Truncate = SaniCore.Truncate;
SaniCore.NormalizeOrLimit = new NormalizeOrLimit(SaniCore);
NormalizeOrLimit = SaniCore.NormalizeOrLimit;
SaniCore.MinMax = new MinMax(SaniCore);
MinMax = SaniCore.MinMax;
SaniCore.FileNameCleanse = new FileNameCleanse(SaniCore);
FileNameCleanse = SaniCore.FileNameCleanse;
SaniCore.AllowedList = new AllowedList(SaniCore);
AllowedList = SaniCore.AllowedList;
SaniCore.RestrictedList = new RestrictedList(SaniCore);
RestrictedList = SaniCore.RestrictedList;
}
public static void TrackOrThrowException(int truncateLength, SaniTypes saniType, SaniCore saniCore, string msgTitle, string msg, string strToClean, Exception ex) //"Filename: "
{
string exceptionValue = String.Empty;
//Truncate length to protect the log
if (string.IsNullOrWhiteSpace(strToClean))
{
exceptionValue = String.Empty;
}
else
{
if (strToClean.Length >= truncateLength)
{
exceptionValue = strToClean.Substring(0, truncateLength);
}
else
{
exceptionValue = strToClean;
}
}
//Limit to ASCII Only and remove possible malicious characters - apply a limited allowedList to protect the log
exceptionValue = (new string(exceptionValue.ToCharArray().Where(c => ((32 <= (int)c && (int)c <= 126) &&
((int)c != 37) && //% sign - could be part of hexadecimal character
((int)c != 47) && //forward slash - could be part of a malicious URL
((int)c != 64) && //@ symbol - could be part of a malicious email address
((int)c != 92) //backslash - could be part of a null byte or unicode bypass character
)).ToArray()));
if (saniCore.SanitizerApproach == Approach.TrackExceptionsInList)
{
string exceptionMsg = String.Empty;
if (ex != null && ex.Message != null)
{
exceptionMsg = ex.Message;
}
saniCore.SaniExceptions.Add(Guid.NewGuid(), new KeyValuePair <SaniTypes, string>(saniType, msgTitle + exceptionValue + " Exception: " + exceptionMsg));
}
else
{
throw new SanitizerException(msg + (exceptionValue ?? String.Empty), ex);
}
}
