public Configuration(ConfigData configData) : this()
{
if (configData.TaintTypes != null)
{
RegisterTaintTypes(configData.TaintTypes);
}
ReportAnalysisCompletion = configData.ReportAnalysisCompletion ?? false;
AuditMode = configData.AuditMode ?? false;
MinimumPasswordValidatorProperties = configData.MinimumPasswordValidatorProperties ?? 0;
PasswordValidatorRequiredLength = configData.PasswordValidatorRequiredLength ?? 0;
if (configData.PasswordValidatorRequiredProperties != null)
{
foreach (var data in configData.PasswordValidatorRequiredProperties)
{
_PasswordValidatorRequiredProperties.Add(data);
}
}
foreach (var data in configData.Behavior)
{
ConfigurationBehavior[data.Key] = CreateBehavior(data.Value);
}
foreach (var source in configData.TaintEntryPoints)
{
if (source.Value?.Method?.ArgTypes != null)
{
throw new Exception("Taint entry point ArgTypes are not supported.");
}
_TaintEntryPoints.Add(MethodBehaviorHelper.GetMethodBehaviorKey(source.Value.Namespace,
source.Value.ClassName,
source.Value.Name,
source.Value?.Method?.ArgTypes));
}
foreach (var data in configData.CsrfProtection)
{
AddCsrfProtectionToConfiguration(data);
}
if (configData.PasswordFields != null)
{
foreach (var data in configData.PasswordFields)
{
_PasswordFields.Add(data.ToUpperInvariant());
}
}
foreach (var data in configData.ConstantFields)
{
_ConstantFields.Add(data);
}
}
private KeyValuePair <string, MethodBehavior> CreateBehavior(object behavior)
{
var behaviorDict = (Dictionary <object, object>)behavior;
string nameSpace = null;
if (behaviorDict.TryGetValue("Namespace", out object value))
{
nameSpace = (string)value;
}
string className = null;
if (behaviorDict.TryGetValue("ClassName", out value))
{
className = (string)value;
}
string name = null;
if (behaviorDict.TryGetValue("Name", out value))
{
name = (string)value;
}
string argTypes = null;
Dictionary <object, object> ifCondition = null;
IReadOnlyList <object> injectableArguments = null;
Dictionary <object, object> condition = null;
Dictionary <object, object> method = null;
if (behaviorDict.TryGetValue("Method", out value))
{
method = (Dictionary <object, object>)value;
if (method.TryGetValue("ArgTypes", out value))
{
argTypes = (string)value;
ValidateArgTypes(argTypes, nameSpace, className, name);
}
if (method.TryGetValue("If", out value))
{
ifCondition = (Dictionary <object, object>)value;
}
if (method.TryGetValue("InjectableArguments", out value))
{
injectableArguments = (IReadOnlyList <object>)value;
}
if (method.TryGetValue("Condition", out value))
{
condition = (Dictionary <object, object>)value;
ValidateCondition(condition);
}
}
object injectable = null;
if (behaviorDict.TryGetValue("Field", out value))
{
var field = (Dictionary <object, object>)value;
if (field.TryGetValue("Injectable", out value))
{
injectable = value;
}
}
var key = MethodBehaviorHelper.GetMethodBehaviorKey(nameSpace, className, name, argTypes);
var mainPostConditions = GetPostConditions(method);
return(new KeyValuePair <string, MethodBehavior>(key, new MethodBehavior(condition,
GetPreConditions(ifCondition, mainPostConditions),
mainPostConditions,
GetInjectableArguments(injectableArguments),
GetField(injectable))));
}
public void MergeWith(ConfigData config)
{
if (config.TaintTypes != null)
{
RegisterTaintTypes(config.TaintTypes);
}
if (config.ReportAnalysisCompletion.HasValue)
{
ReportAnalysisCompletion = config.ReportAnalysisCompletion.Value;
}
if (config.AuditMode.HasValue)
{
AuditMode = config.AuditMode.Value;
}
if (config.MinimumPasswordValidatorProperties.HasValue)
{
MinimumPasswordValidatorProperties = config.MinimumPasswordValidatorProperties.Value;
}
if (config.PasswordValidatorRequiredLength.HasValue)
{
PasswordValidatorRequiredLength = config.PasswordValidatorRequiredLength.Value;
}
if (config.PasswordValidatorRequiredProperties != null)
{
foreach (var property in config.PasswordValidatorRequiredProperties)
{
_PasswordValidatorRequiredProperties.Add(property);
}
}
if (config.Behavior != null)
{
foreach (var behavior in config.Behavior)
{
if (behavior.Value == default(MethodBehaviorData))
{
ConfigurationBehavior.Remove(behavior.Key);
}
else
{
ConfigurationBehavior[behavior.Key] = CreateBehavior(behavior.Value);
}
}
}
if (config.TaintEntryPoints != null)
{
foreach (var source in config.TaintEntryPoints)
{
if (source.Value == default(TaintEntryPointData))
{
_TaintEntryPoints.Remove(source.Key);
}
else
{
if (source.Value?.Method?.ArgTypes != null)
{
throw new Exception("Taint entry point ArgTypes are not supported.");
}
_TaintEntryPoints.Add(MethodBehaviorHelper.GetMethodBehaviorKey(source.Value.Namespace,
source.Value.ClassName,
source.Value.Name,
source.Value?.Method?.ArgTypes));
}
}
}
if (config.CsrfProtection != null)
{
foreach (var data in config.CsrfProtection)
{
if (data.Class == null && data.AntiCsrfAttributes == null && data.Method == null && data.Parameter == null)
{
if (_CsrfGroups.TryGetValue(data.Name, out var node))
{
_CsrfGroupsList.Remove(node);
_CsrfGroups.Remove(data.Name);
}
}
else
{
AddCsrfProtectionToConfiguration(data);
}
}
}
if (config.PasswordFields != null)
{
foreach (var field in config.PasswordFields)
{
_PasswordFields.Add(field.ToUpperInvariant());
}
}
if (config.WebConfigFiles != null)
{
WebConfigFilesRegex = new Regex(config.WebConfigFiles, RegexOptions.IgnoreCase | RegexOptions.Compiled);
}
if (config.ConstantFields != null)
{
foreach (var field in config.ConstantFields)
{
_ConstantFields.Add(field);
}
}
}
public void MergeWith(ConfigData config)
{
if (config.TaintTypes != null)
{
RegisterTaintTypes(config.TaintTypes);
}
if (config.AuditMode.HasValue)
{
AuditMode = config.AuditMode.Value;
}
if (config.MinimumPasswordValidatorProperties.HasValue)
{
MinimumPasswordValidatorProperties = config.MinimumPasswordValidatorProperties.Value;
}
if (config.PasswordValidatorRequiredLength.HasValue)
{
PasswordValidatorRequiredLength = config.PasswordValidatorRequiredLength.Value;
}
if (config.PasswordValidatorRequiredProperties != null)
{
foreach (var property in config.PasswordValidatorRequiredProperties)
{
_PasswordValidatorRequiredProperties.Add(property);
}
}
if (config.Behavior != null)
{
foreach (var behavior in config.Behavior)
{
if (behavior.Value == default(MethodBehaviorData))
{
ConfigurationBehavior.Remove(behavior.Key);
}
else
{
ConfigurationBehavior[behavior.Key] = CreateBehavior(behavior.Value);
}
}
}
if (config.TaintEntryPoints != null)
{
foreach (var source in config.TaintEntryPoints)
{
if (source.Value == default(TaintEntryPointData))
{
_TaintEntryPoints.Remove(source.Key);
}
else
{
if (source.Value?.Method?.ArgTypes != null)
{
throw new Exception("Taint entry point ArgTypes are not supported.");
}
_TaintEntryPoints.Add(MethodBehaviorHelper.GetMethodBehaviorKey(source.Value.Namespace,
source.Value.ClassName,
source.Value.Name,
source.Value?.Method?.ArgTypes));
}
}
}
if (config.CsrfProtectionAttributes != null)
{
foreach (var data in config.CsrfProtectionAttributes)
{
AddAntiCsrfTAttributeToConfiguration(data);
}
}
if (config.PasswordFields != null)
{
foreach (var field in config.PasswordFields)
{
_PasswordFields.Add(field.ToUpperInvariant());
}
}
if (config.ConstantFields != null)
{
foreach (var field in config.ConstantFields)
{
_ConstantFields.Add(field);
}
}
}