private void RunScan(IDSPageSettings ips) { HttpRequest Request = HttpContext.Current.Request; HttpResponse Response = HttpContext.Current.Response; //Perform scanning //Add some default exclusions if (HttpContext.Current.Request.Url.Host == "localhost") { _settings.HeaderExclusions.Add("Host"); } //Hook the output if (ips.ScanOutput) { /*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath); * _oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady); * _oF.JSDecode = _settings.DecodeJS; * _oF.UTF7Decode = _settings.DecodeUTF7; * Response.Filter = _oF;*/ } //Pass GET, POST, COOKIES and HEADERS through the IDS DOTNETIDS.IDS ids_get; if (_settings.FilterXmlPath != string.Empty) { //Load from file ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath); } else { //Load from embedded resource ids_get = new DOTNETIDS.IDS(Request.QueryString); } DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post); DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get); DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header); ips.GetExclusions.AddRange(ips.Exclusions); ips.PostExclusions.AddRange(ips.Exclusions); ips.CookieExclusions.AddRange(ips.Exclusions); ips.HeaderExclusions.AddRange(ips.Exclusions); ips.GetExclusions.AddRange(_settings.Exclusions); ips.PostExclusions.AddRange(_settings.Exclusions); ips.CookieExclusions.AddRange(_settings.Exclusions); ips.HeaderExclusions.AddRange(_settings.Exclusions); ips.GetExclusions.AddRange(_settings.GetExclusions); ips.HeaderExclusions.AddRange(_settings.HeaderExclusions); ips.PostExclusions.AddRange(_settings.PostExclusions); ips.CookieExclusions.AddRange(_settings.CookieExclusions); ids_get.Exclusions.AddRange(ips.GetExclusions); ids_post.Exclusions.AddRange(ips.PostExclusions); ids_cookies.Exclusions.AddRange(ips.CookieExclusions); ids_headers.Exclusions.AddRange(ips.HeaderExclusions); ids_get.JSDecode = ips.DecodeJS; ids_post.JSDecode = ips.DecodeJS; ids_cookies.JSDecode = ips.DecodeJS; ids_headers.JSDecode = ips.DecodeJS; ids_get.UTF7Decode = ips.DecodeUTF7; ids_post.UTF7Decode = ips.DecodeUTF7; ids_cookies.UTF7Decode = ips.DecodeUTF7; ids_headers.UTF7Decode = ips.DecodeUTF7; //Run the IDS on each component if (ips.ScanGet) { ids_get.Run(); if (OnIDSEvents != null) { OnIDSEvents(ids_get.Report, this); } } if (ips.ScanPost) { ids_post.Run(); if (OnIDSEvents != null) { OnIDSEvents(ids_post.Report, this); } } if (ips.ScanCookies) { ids_cookies.Run(); if (OnIDSEvents != null) { OnIDSEvents(ids_cookies.Report, this); } } if (ips.ScanHeaders) { ids_headers.Run(); if (OnIDSEvents != null) { OnIDSEvents(ids_headers.Report, this); } } }
private void RunScan(IDSPageSettings ips) { HttpRequest Request = HttpContext.Current.Request; HttpResponse Response = HttpContext.Current.Response; //Perform scanning //Add some default exclusions if (HttpContext.Current.Request.Url.Host == "localhost") { _settings.HeaderExclusions.Add("Host"); } //Hook the output if (ips.ScanOutput) { /*_oF = new DOTNETIDS.OutputFilter(Response.Filter, null, System.Text.Encoding.ASCII, _settings.OutputFilterXmlPath); _oF.OnPageReady += new DOTNETIDS.OutputFilter.PageReadyEvent(_oF_OnPageReady); _oF.JSDecode = _settings.DecodeJS; _oF.UTF7Decode = _settings.DecodeUTF7; Response.Filter = _oF;*/ } //Pass GET, POST, COOKIES and HEADERS through the IDS DOTNETIDS.IDS ids_get; if (_settings.FilterXmlPath != string.Empty) { //Load from file ids_get = new DOTNETIDS.IDS(Request.QueryString, _settings.FilterXmlPath); } else { //Load from embedded resource ids_get = new DOTNETIDS.IDS(Request.QueryString); } DOTNETIDS.IDS ids_post = new DOTNETIDS.IDS(Request.Form, ids_get, DOTNETIDS.RequestType.Post); DOTNETIDS.IDS ids_cookies = new DOTNETIDS.IDS(Request.Cookies, ids_get); DOTNETIDS.IDS ids_headers = new DOTNETIDS.IDS(Request.Headers, ids_get, DOTNETIDS.RequestType.Header); ips.GetExclusions.AddRange(ips.Exclusions); ips.PostExclusions.AddRange(ips.Exclusions); ips.CookieExclusions.AddRange(ips.Exclusions); ips.HeaderExclusions.AddRange(ips.Exclusions); ips.GetExclusions.AddRange(_settings.Exclusions); ips.PostExclusions.AddRange(_settings.Exclusions); ips.CookieExclusions.AddRange(_settings.Exclusions); ips.HeaderExclusions.AddRange(_settings.Exclusions); ips.GetExclusions.AddRange(_settings.GetExclusions); ips.HeaderExclusions.AddRange(_settings.HeaderExclusions); ips.PostExclusions.AddRange(_settings.PostExclusions); ips.CookieExclusions.AddRange(_settings.CookieExclusions); ids_get.Exclusions.AddRange(ips.GetExclusions); ids_post.Exclusions.AddRange(ips.PostExclusions); ids_cookies.Exclusions.AddRange(ips.CookieExclusions); ids_headers.Exclusions.AddRange(ips.HeaderExclusions); ids_get.JSDecode = ips.DecodeJS; ids_post.JSDecode = ips.DecodeJS; ids_cookies.JSDecode = ips.DecodeJS; ids_headers.JSDecode = ips.DecodeJS; ids_get.UTF7Decode = ips.DecodeUTF7; ids_post.UTF7Decode = ips.DecodeUTF7; ids_cookies.UTF7Decode = ips.DecodeUTF7; ids_headers.UTF7Decode = ips.DecodeUTF7; //Run the IDS on each component if (ips.ScanGet) { ids_get.Run(); if (OnIDSEvents != null) OnIDSEvents(ids_get.Report, this); } if (ips.ScanPost) { ids_post.Run(); if (OnIDSEvents != null) OnIDSEvents(ids_post.Report, this); } if (ips.ScanCookies) { ids_cookies.Run(); if (OnIDSEvents != null) OnIDSEvents(ids_cookies.Report, this); } if (ips.ScanHeaders) { ids_headers.Run(); if (OnIDSEvents != null) OnIDSEvents(ids_headers.Report, this); } }