private void StackScanner(ConcurrentQueue <string> queue)
        {
            while (true)
            {
                queue.TryDequeue(out var changedObjectPath);

                if (string.IsNullOrEmpty(changedObjectPath))
                {
                    continue;
                }

                PluginResult scanResult = PluginProxy.Instance(_config).Scan(changedObjectPath, PluginType.File);

                if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
                {
                    bool?sendCommandResult = _pipeServer?.SendCommandToUI(new BeSafePipeCommand
                    {
                        CommandId        = Guid.NewGuid(),
                        Command          = PipeCommands.PluginScanResult,
                        PluginScanResult = scanResult
                    });

                    // Log threat
                    ThreatLog.Log(scanResult);
                }

                Thread.Sleep(500);
            }
        }
        private void StackScanner(ConcurrentQueue <ChangedValueInfo> queue)
        {
            while (true)
            {
                queue.TryDequeue(out var valueInfo);

                if (valueInfo == null)
                {
                    continue;
                }

                PluginResult scanResult = PluginProxy.Instance(_config).Scan(valueInfo, PluginType.Registry);

                if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
                {
                    bool?sendCommandResult = _pipeServer?.SendCommandToUI(new BeSafePipeCommand
                    {
                        CommandId        = Guid.NewGuid(),
                        Command          = PipeCommands.PluginScanResult,
                        PluginScanResult = scanResult
                    });

                    // Log threat
                    ThreatLog.Log(scanResult);
                }

                Thread.Sleep(500);
            }
        }
Exemple #3
0
        private async Task RespondWithAnError(HttpContext context)
        {
            // Log the threat
            using (MemoryStream ms = new MemoryStream(2048))
            {
                await context.Request.Body.CopyToAsync(ms);

                ms.Position = 0;
                ThreatLog threatLog = new ThreatLog()
                {
                    ThreatIdentifier = Guid.NewGuid(),
                    ClientIpAddress  = context.Connection.RemoteIpAddress.ToString(),
                    Url           = context.Request.Host + context.Request.Path,
                    QueryString   = context.Request.QueryString.ToString(),
                    ThreatContent = AntiXss.Sanitize(await new StreamReader(ms, Encoding.UTF8).ReadToEndAsync()),
                    ThreatTypeId  = ThreatFactory.GetThreat(ThreatType.Xss).Id
                };
                _sap1EmuContext.ThreatLogs.Add(threatLog);
                _sap1EmuContext.SaveChanges();
            }


            // Send Client-Side Response
            context.Response.Clear();
            context.Response.Headers.AddHeaders();
            context.Response.ContentType = "application/json; charset=utf-8";
            context.Response.StatusCode  = _statusCode;

            if (_error == null)
            {
                _error = new ErrorResponse
                {
                    Description = "XSS Detected",
                    ErrorCode   = _statusCode,
                    ThreatInfo  = new ThreatInfo
                    {
                        Action   = "Incident Recorded",
                        ClientIp = context.Connection.RemoteIpAddress.ToString()
                    }
                };
            }

            await context.Response.WriteAsync(_error.ToJSON());
        }
Exemple #4
0
        private ThreatRiskRates OnFileAccessRequestEvent(string filePath)
        {
            PluginResult scanResult = PluginProxy.Instance(_config).Scan(filePath, PluginType.File);

            if (scanResult.RiskRate != ThreatRiskRates.NoRisk)
            {
                bool?sendCommandResult = _pipeServer?.SendCommandToUI(new BeSafePipeCommand
                {
                    CommandId        = Guid.NewGuid(),
                    Command          = PipeCommands.PluginScanResult,
                    PluginScanResult = scanResult
                });

                // Log threat
                ThreatLog.Log(scanResult);
            }

            return(scanResult.RiskRate);
        }