private void RunScan(IDSPageSettings ips)
{
HttpRequest Request = HttpContext.Current.Request;
HttpResponse Response = HttpContext.Current.Response;
//Perform scanning
//Add some default exclusions
if (HttpContext.Current.Request.Url.Host == "localhost")
{
_settings.HeaderExclusions.Add("Host");
}
//Hook the output
if (ips.ScanOutput)
{
/*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath);
* _oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady);
* _oF.JSDecode = _settings.DecodeJS;
* _oF.UTF7Decode = _settings.DecodeUTF7;
* Response.Filter = _oF;*/
}
//Pass GET, POST, COOKIES and HEADERS through the IDS
DOTNETIDS.IDS ids_get;
if (_settings.FilterXmlPath != string.Empty)
{
//Load from file
ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath);
}
else
{
//Load from embedded resource
ids_get = new DOTNETIDS.IDS(Request.QueryString);
}
DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post);
DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get);
DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header);
ips.GetExclusions.AddRange(ips.Exclusions);
ips.PostExclusions.AddRange(ips.Exclusions);
ips.CookieExclusions.AddRange(ips.Exclusions);
ips.HeaderExclusions.AddRange(ips.Exclusions);
ips.GetExclusions.AddRange(_settings.Exclusions);
ips.PostExclusions.AddRange(_settings.Exclusions);
ips.CookieExclusions.AddRange(_settings.Exclusions);
ips.HeaderExclusions.AddRange(_settings.Exclusions);
ips.GetExclusions.AddRange(_settings.GetExclusions);
ips.HeaderExclusions.AddRange(_settings.HeaderExclusions);
ips.PostExclusions.AddRange(_settings.PostExclusions);
ips.CookieExclusions.AddRange(_settings.CookieExclusions);
ids_get.Exclusions.AddRange(ips.GetExclusions);
ids_post.Exclusions.AddRange(ips.PostExclusions);
ids_cookies.Exclusions.AddRange(ips.CookieExclusions);
ids_headers.Exclusions.AddRange(ips.HeaderExclusions);
ids_get.JSDecode = ips.DecodeJS;
ids_post.JSDecode = ips.DecodeJS;
ids_cookies.JSDecode = ips.DecodeJS;
ids_headers.JSDecode = ips.DecodeJS;
ids_get.UTF7Decode = ips.DecodeUTF7;
ids_post.UTF7Decode = ips.DecodeUTF7;
ids_cookies.UTF7Decode = ips.DecodeUTF7;
ids_headers.UTF7Decode = ips.DecodeUTF7;
//Run the IDS on each component
if (ips.ScanGet)
{
ids_get.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_get.Report, this);
}
}
if (ips.ScanPost)
{
ids_post.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_post.Report, this);
}
}
if (ips.ScanCookies)
{
ids_cookies.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_cookies.Report, this);
}
}
if (ips.ScanHeaders)
{
ids_headers.Run();
if (OnIDSEvents != null)
{
OnIDSEvents(ids_headers.Report, this);
}
}
}
private void RunScan(IDSPageSettings ips)
{
HttpRequest Request = HttpContext.Current.Request;
HttpResponse Response = HttpContext.Current.Response;
//Perform scanning
//Add some default exclusions
if (HttpContext.Current.Request.Url.Host == "localhost")
{
_settings.HeaderExclusions.Add("Host");
}
//Hook the output
if (ips.ScanOutput)
{
/*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath);
_oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady);
_oF.JSDecode = _settings.DecodeJS;
_oF.UTF7Decode = _settings.DecodeUTF7;
Response.Filter = _oF;*/
}
//Pass GET, POST, COOKIES and HEADERS through the IDS
DOTNETIDS.IDS ids_get;
if (_settings.FilterXmlPath != string.Empty)
{
//Load from file
ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath);
}
else
{
//Load from embedded resource
ids_get = new DOTNETIDS.IDS(Request.QueryString);
}
DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post);
DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get);
DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header);
ips.GetExclusions.AddRange(ips.Exclusions);
ips.PostExclusions.AddRange(ips.Exclusions);
ips.CookieExclusions.AddRange(ips.Exclusions);
ips.HeaderExclusions.AddRange(ips.Exclusions);
ips.GetExclusions.AddRange(_settings.Exclusions);
ips.PostExclusions.AddRange(_settings.Exclusions);
ips.CookieExclusions.AddRange(_settings.Exclusions);
ips.HeaderExclusions.AddRange(_settings.Exclusions);
ips.GetExclusions.AddRange(_settings.GetExclusions);
ips.HeaderExclusions.AddRange(_settings.HeaderExclusions);
ips.PostExclusions.AddRange(_settings.PostExclusions);
ips.CookieExclusions.AddRange(_settings.CookieExclusions);
ids_get.Exclusions.AddRange(ips.GetExclusions);
ids_post.Exclusions.AddRange(ips.PostExclusions);
ids_cookies.Exclusions.AddRange(ips.CookieExclusions);
ids_headers.Exclusions.AddRange(ips.HeaderExclusions);
ids_get.JSDecode = ips.DecodeJS;
ids_post.JSDecode = ips.DecodeJS;
ids_cookies.JSDecode = ips.DecodeJS;
ids_headers.JSDecode = ips.DecodeJS;
ids_get.UTF7Decode = ips.DecodeUTF7;
ids_post.UTF7Decode = ips.DecodeUTF7;
ids_cookies.UTF7Decode = ips.DecodeUTF7;
ids_headers.UTF7Decode = ips.DecodeUTF7;
//Run the IDS on each component
if (ips.ScanGet)
{
ids_get.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_get.Report, this);
}
if (ips.ScanPost)
{
ids_post.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_post.Report, this);
}
if (ips.ScanCookies)
{
ids_cookies.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_cookies.Report, this);
}
if (ips.ScanHeaders)
{
ids_headers.Run();
if (OnIDSEvents != null) OnIDSEvents(ids_headers.Report, this);
}
}
