public DateTimeType5(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 33; SaniType = SaniTypes.MinMax; }
public UsingASCII(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.AllowedList; }
public LongType1(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.MinMax; }
public DecimalType2(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 15; SaniType = SaniTypes.MinMax; }
public BooleanType4(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 5; SaniType = SaniTypes.MinMax; }
public IntegerType3(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.MinMax; }
public Truncate(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.Truncate; }
public NormalizeOrLimit(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.NormalizeOrLimit; }
public UsingASCII(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 15; SaniType = SaniTypes.FileNameCleanse; }
public RestrictedList(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.RestrictedList; ASCII = new UsingASCII(saniCore); }
public FileNameCleanse(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 15; SaniType = SaniTypes.FileNameCleanse; ASCII = new UsingASCII(saniCore); }
public AllowedList(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.AllowedList; ASCII = new UsingASCII(saniCore); Unicode = new UsingUnicode(saniCore); }
public MinMax(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.MinMax; LongType = new LongType1(saniCore); DecimalType = new DecimalType2(saniCore); IntegerType = new IntegerType3(saniCore); BooleanType = new BooleanType4(saniCore); DateTimeType = new DateTimeType5(saniCore); }
public Sanitizer(Approach sanitizerApproach, bool compileRegex) { SaniCore = new SaniCore(); SaniCore.SanitizerApproach = sanitizerApproach; SanitizerApproach = SaniCore.SanitizerApproach; SaniCore.SaniExceptions = new Dictionary <Guid, KeyValuePair <SaniTypes, string> >(); SaniExceptions = SaniCore.SaniExceptions; SaniCore.CompileRegex = compileRegex; SaniCore.Truncate = new Truncate(SaniCore); Truncate = SaniCore.Truncate; SaniCore.NormalizeOrLimit = new NormalizeOrLimit(SaniCore); NormalizeOrLimit = SaniCore.NormalizeOrLimit; SaniCore.MinMax = new MinMax(SaniCore); MinMax = SaniCore.MinMax; SaniCore.FileNameCleanse = new FileNameCleanse(SaniCore); FileNameCleanse = SaniCore.FileNameCleanse; SaniCore.AllowedList = new AllowedList(SaniCore); AllowedList = SaniCore.AllowedList; SaniCore.RestrictedList = new RestrictedList(SaniCore); RestrictedList = SaniCore.RestrictedList; }
public static void TrackOrThrowException(int truncateLength, SaniTypes saniType, SaniCore saniCore, string msgTitle, string msg, string strToClean, Exception ex) //"Filename: " { string exceptionValue = String.Empty; //Truncate length to protect the log if (string.IsNullOrWhiteSpace(strToClean)) { exceptionValue = String.Empty; } else { if (strToClean.Length >= truncateLength) { exceptionValue = strToClean.Substring(0, truncateLength); } else { exceptionValue = strToClean; } } //Limit to ASCII Only and remove possible malicious characters - apply a limited allowedList to protect the log exceptionValue = (new string(exceptionValue.ToCharArray().Where(c => ((32 <= (int)c && (int)c <= 126) && ((int)c != 37) && //% sign - could be part of hexadecimal character ((int)c != 47) && //forward slash - could be part of a malicious URL ((int)c != 64) && //@ symbol - could be part of a malicious email address ((int)c != 92) //backslash - could be part of a null byte or unicode bypass character )).ToArray())); if (saniCore.SanitizerApproach == Approach.TrackExceptionsInList) { string exceptionMsg = String.Empty; if (ex != null && ex.Message != null) { exceptionMsg = ex.Message; } saniCore.SaniExceptions.Add(Guid.NewGuid(), new KeyValuePair <SaniTypes, string>(saniType, msgTitle + exceptionValue + " Exception: " + exceptionMsg)); } else { throw new SanitizerException(msg + (exceptionValue ?? String.Empty), ex); } }