Exemple #1
0
        public void ApplyConfig()
        {
            HttpResource notfound = new HttpResource(ResourceMappingType.FILE);

            notfound.BasePath = $"{Environment.CurrentDirectory}/web/404.html";
            notfound.MIMEType = "text/html";


            serverConfig = new ServerConfig();
            serverConfig.DocumentRoot                  = $"{Environment.CurrentDirectory}/web/";
            serverConfig.MaxCleanUpNumber              = 5;
            serverConfig.MaxConnectionAccepted         = 100;
            serverConfig.ServerPort                    = 8080;
            serverConfig.DeadConnectionCleanUpInterval = 4000;
            serverConfig.IdleConnectionCleanUpInterval = 4000;
            serverConfig.NotFound404Page
                = new ResourceLocator("", "", notfound);
        }
Exemple #2
0
        /// <summary>
        /// Cleans up after configuration has been performed.
        /// </summary>
        /// <param name="WebServer">Current Web Server object.</param>
        public override Task CleanupAfterConfiguration(HttpServer WebServer)
        {
            Task Result = base.CleanupAfterConfiguration(WebServer);

            if (this.connectToHost != null)
            {
                WebServer.Unregister(this.connectToHost);
                this.connectToHost = null;
            }

            if (this.randomizePassword != null)
            {
                WebServer.Unregister(this.randomizePassword);
                this.randomizePassword = null;
            }

            return(Result);
        }
        public async Task <JsonResult> TitleFromUri()
        {
            if (VoatSettings.Instance.OutgoingTraffic.Enabled)
            {
                var uri = Request.Query["uri"].FirstOrDefault();
                uri = uri.TrimSafe();

                if (!string.IsNullOrEmpty(uri) && UrlUtility.IsUriValid(uri, true, true))
                {
                    //Old Code:
                    //string title = UrlUtility.GetTitleFromUri(uri);
                    using (var httpResource = new HttpResource(
                               new Uri(uri),
                               new HttpResourceOptions()
                    {
                        AllowAutoRedirect = true
                    },
                               VoatSettings.Instance.OutgoingTraffic.Proxy.ToWebProxy()))
                    {
                        await httpResource.GiddyUp();

                        string title = httpResource.Title;

                        if (title != null)
                        {
                            title = title.StripUnicode();
                            var resultList = new List <string>
                            {
                                title
                            };

                            return(Json(resultList /* CORE_PORT: Removed , JsonRequestBehavior.AllowGet */));
                        }
                    }
                }
            }
            Response.StatusCode = (int)HttpStatusCode.BadRequest;
            return(Json("Bad request." /* CORE_PORT: Removed , JsonRequestBehavior.AllowGet */));
        }
Exemple #4
0
        public async Task TestRedirect()
        {
            Uri testUri = new Uri("http://stackoverflow.com/questions/1348683/will-the-b-and-i-tags-ever-become-deprecated");

            using (var httpResource = new HttpResource(testUri.ToString()))
            {
                await httpResource.GiddyUp();

                Assert.AreEqual(false, httpResource.Redirected);
                Assert.AreEqual(HttpStatusCode.MovedPermanently, httpResource.Response.StatusCode);
            }

            using (var httpResource = new HttpResource(testUri.ToString(), new HttpResourceOptions()
            {
                AllowAutoRedirect = true
            }))
            {
                await httpResource.GiddyUp();

                Assert.AreEqual(true, httpResource.Redirected);
                Assert.AreEqual(HttpStatusCode.OK, httpResource.Response.StatusCode);
            }
        }
        /// <summary>
        /// Initializes the setup object.
        /// </summary>
        /// <param name="WebServer">Current Web Server object.</param>
        public override async Task InitSetup(HttpServer WebServer)
        {
            XmlSchema       Schema       = XSL.LoadSchema(typeof(Gateway).Namespace + ".Schema.Theme.xsd", typeof(Gateway).Assembly);
            string          ThemesFolder = Path.Combine(Gateway.AppDataFolder, "Root", "Themes");
            ThemeDefinition Def;

            await base.InitSetup(WebServer);

            WebServer.ETagSalt = this.Updated.Ticks.ToString();

            if (Directory.Exists(ThemesFolder))
            {
                foreach (string FileName in Directory.GetFiles(ThemesFolder, "*.xml", SearchOption.AllDirectories))
                {
                    try
                    {
                        XmlDocument Doc = new XmlDocument();
                        Doc.Load(FileName);

                        XSL.Validate(FileName, Doc, "Theme", "http://waher.se/Schema/Theme.xsd", Schema);

                        Def = new ThemeDefinition(Doc);
                        themeDefinitions[Def.Id] = Def;
                    }
                    catch (Exception ex)
                    {
                        Log.Critical(ex, FileName);
                        continue;
                    }
                }
            }

            bool Update = false;

            if (!string.IsNullOrEmpty(this.themeId) && !themeDefinitions.ContainsKey(this.themeId))
            {
                this.themeId   = string.Empty;
                this.Step      = 0;
                this.Completed = DateTime.MinValue;
                this.Complete  = false;

                Update = true;
            }

            if (string.IsNullOrEmpty(this.themeId) && themeDefinitions.Count == 1)
            {
                foreach (ThemeDefinition Def2 in themeDefinitions.Values)
                {
                    this.themeId = Def2.Id;

                    await this.MakeCompleted();

                    Update = false;

                    break;
                }
            }

            if (Update)
            {
                this.Updated = DateTime.Now;
                await Database.Update(this);
            }

            if (!string.IsNullOrEmpty(this.themeId) && themeDefinitions.TryGetValue(this.themeId, out Def))
            {
                Theme.CurrerntTheme = Def;
            }
            else if (themeDefinitions.TryGetValue("CactusRose", out Def))
            {
                Theme.CurrerntTheme = Def;
            }
            else
            {
                foreach (ThemeDefinition Def2 in themeDefinitions.Values)
                {
                    Theme.CurrerntTheme = Def2;
                    break;
                }
            }

            this.setTheme = WebServer.Register("/Settings/SetTheme", null, this.SetTheme, true, false, true);
        }
        /// <summary>
        /// Initializes the setup object.
        /// </summary>
        /// <param name="WebServer">Current Web Server object.</param>
        public override Task InitSetup(HttpServer WebServer)
        {
            this.testAddresses = WebServer.Register("/Settings/TestNotificationAddresses", null, this.TestNotificationAddresses, false, false, true);

            return(base.InitSetup(WebServer));
        }
Exemple #7
0
        /// <summary>
        /// Waits for the user to provide configuration.
        /// </summary>
        /// <param name="WebServer">Current Web Server object.</param>
        /// <returns>If all system configuration objects must be reloaded from the database.</returns>
        public override Task <bool> SetupConfiguration(HttpServer WebServer)
        {
            this.simplified = WebServer.Register("/Settings/Simplified", null, this.Simplified, false, false, true);

            return(base.SetupConfiguration(WebServer));
        }
Exemple #8
0
 public HttpResource ToResource() => HttpResource.From(_name);
Exemple #9
0
        private void Refresh(App app, string path)
        {
            var cssFolder = Path.Combine(app.LocalDirectory, "css");
            if (!Directory.Exists(cssFolder))
                Directory.CreateDirectory(cssFolder);

            var cssFiles = Directory
                .GetFiles(cssFolder)
                .Where(f => f.EndsWith(".css"));

            if (cssFiles
                .Where(f => !TimeMap.ContainsKey(f) || File.GetLastWriteTimeUtc(f) != TimeMap[f])
                .Any())
            {
                // Combine CSS
                var combinedCss = cssFiles
                    .OrderBy(f => f.Substring(0, f.Length-4))
                    .Select(f => File.ReadAllText(f))
                    .Where(t => !t.StartsWith("/* Auto-Combine: Exclude", StringComparison.InvariantCultureIgnoreCase))
                    .Aggregate((a, b) => a + Environment.NewLine + b);

                // Minify CSS
                var cachedCss = new HttpResource(
                    DateTime.UtcNow,
                    Encoding.UTF8.GetBytes(
                        new Minifier().MinifyStyleSheet(combinedCss)
                        ), "text/css");

                // Update write times
                foreach (var cssFile in cssFiles)
                    TimeMap.AddOrUpdate(cssFile, File.GetLastWriteTimeUtc(cssFile),
                        (f, d) => File.GetLastWriteTimeUtc(f));

                // Add or update the combined css.
                this.Cache.AddOrUpdate(path, cachedCss, (s, o) => cachedCss);
            }
        }
        public override async Task SummaryRunOnce(VulnerabilitySummary summary)
        {
            ZapJsonReport report         = null;
            var           jsonReportPath = Path.Combine(WorkingDirectory, OwaspZapPlugin.JSON_REPORT_FILE);

            if (File.Exists(jsonReportPath))
            {
                using (var sr = new StreamReader(jsonReportPath))
                {
                    report = JsonConvert.DeserializeObject <ZapJsonReport>(await sr.ReadToEndAsync());
                }
            }
            else
            {
                Logger.LogCritical("JSON report from this plugin was not found! Aborting...");
                return;
            }

            if (report == null)
            {
                Logger.LogCritical("JSON report from this plugin was not valid! Aborting...");
                return;
            }

            foreach (var alert in report.Site.First().Alerts)
            {
                var item = new VulnerabilityItem
                {
                    PluginResults = new List <PluginResult> {
                        this
                    },
                    PluginPointer       = PluginPointer,
                    PluginRawScore      = alert.RiskCode * alert.Confidence,
                    PluginAdjustedScore = alert.RiskCode * alert.Confidence / (3.0 * 5.0) * 100,
                    Description         = alert.Desc,
                    Resources           = alert.Instances.Select(instance =>
                    {
                        var newResource = new HttpResource {
                            Method = instance.Method, Url = instance.Uri
                        };
                        var newFingerprint =
                            newResource.Fingerprint(skippedFields: new[] { "resourceId", "fields", "headers" });
                        if (ResourceManager.Instance.ContainsFingerprint(newFingerprint))
                        {
                            return(ResourceManager.Instance.GetByFingerprint <HttpResource>(newFingerprint));
                        }

                        ResourceManager.Instance.Register(newResource);
                        return(newResource);
                    }).Cast <Resource>().ToList()
                };

                item.Extras["OWASPZAP"] = new
                {
                    alert.Alert,
                    alert.Confidence,
                    alert.Count,
                    alert.CWEId,
                    alert.Desc,
                    alert.Name,
                    alert.OtherInfo,
                    alert.PluginId,
                    alert.Reference,
                    alert.RiskCode,
                    alert.RiskDesc,
                    alert.Solution,
                    alert.SourceId,
                    alert.WASCId
                };

                string[] skipFields  = { "pluginResults", "extras" };
                var      fingerprint = item.Fingerprint(skippedFields: skipFields);
                if (summary.VulnerabilityItems.All(i => i.Fingerprint(skippedFields: skipFields) != fingerprint))
                {
                    summary.VulnerabilityItems.Add(item);
                }
                else // correlation -- multiple plugins see this
                {
                    var correlatedItem = summary.VulnerabilityItems.FirstOrDefault(v =>
                                                                                   v.Fingerprint(skippedFields: skipFields) == fingerprint);
                    if (correlatedItem != null && !correlatedItem.PluginResults.Contains(this))
                    {
                        correlatedItem.PluginResults.Add(this);
                        correlatedItem.Extras["OWASPZAP"] = item.Extras["OWASPZAP"];
                    }
                }
            }

            // TODO: Migrate HTML report into AzDO plugin?
        }
Exemple #11
0
        public void ProcessRequest(App site, HttpContext context, string resource, string query)
        {
            HttpRequest request = context.Request;
            HttpResponse response = context.Response;

            var file = new FileInfo(Path.Combine(site.LocalDirectory, resource));
            var mime = site.Mime.GetMime(file.Extension);
            if (!file.Exists || mime == null || file.Name.EndsWith("web.config.xml"))
            {
                response.Status = "404";
                return;
            }

            // Check if we have dpr in the cookie
            var dprString = request.Cookies.GetString("dpr");

            // Check if we have dpr bigger than one in the cookie
            if (dprString != null && dprString != "1" && mime.StartsWith("image/"))
            {
                // Get the dpr value
                int dpr = 1;

                // Check if it's an image and if it exists
                if (Int32.TryParse(dprString, out dpr))
                {
                    // If dpr is bigger than one
                    if (dpr > 1)
                    {
                        var fullname = file.FullName;
                        var namebase = fullname.Remove(fullname.Length - file.Extension.Length);
                        var newfile = namebase + "@2x" + file.Extension;

                        // Set the new file to a 2x one
                        if (File.Exists(newfile))
                            file = new FileInfo(newfile);
                    }
                }
            }

            // Add Vary for javascript & css
            if (mime == "application/javascript" || mime == "application/x-javascript" || mime == "text/javascript" || mime == "text/css")
                response.Headers.Set("Vary", "Accept-Encoding");

            // Create a new resource from file and write to the response
            HttpResource content = new HttpResource(file);
            response.Status = "200";
            content.WriteTo(context);
        }
Exemple #12
0
 public HttpResource ToResource()
 {
     return(Region.ToResource().Then(HttpResource.From(Name)));
 }