public void Inspect(RequestAnalysisContext context, CancellationToken cancellationToken)
{
var method = context.Request.Method;
if (!HttpMethods.IsGet(method) &&
!HttpMethods.IsHead(method) &&
!HttpMethods.IsOptions(method) &&
!HttpMethods.IsPost(method) &&
!HttpMethods.IsDelete(method) &&
!HttpMethods.IsPut(method) &&
!HttpMethods.IsPatch(method) &&
!HttpMethods.IsConnect(method)
)
{
// TRACE must be disabled
if (HttpMethods.IsTrace(method))
{
context.ReportDiagnostic(new Diagnostic(RuleTrace, Location.Method));
return;
}
// unknown method
context.ReportDiagnostic(new Diagnostic(Rule, Location.Method));
// Apache directory listing exploit
if (method.Equals("GETS", StringComparison.OrdinalIgnoreCase))
{
context.ReportDiagnostic(new Diagnostic(RuleGets, Location.Method));
}
}
}
public void Inspect(RequestAnalysisContext context, CancellationToken cancellationToken)
{
if (context.Request.Headers.ContainsKey("X-Scanner"))
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.RequestHeader("X-Scanner")));
}
}
public void Inspect(RequestAnalysisContext context, CancellationToken cancellationToken)
{
if (context.Request.Path.Value.Any(Char.IsControl))
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.Path));
return;
}
if (context.Request.QueryString.Value.Any(Char.IsControl))
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.QueryString()));
return;
}
foreach (var header in context.Request.Headers.Where(h => h.Key.Any(Char.IsControl) || h.Value.Any(v => v.Any(Char.IsControl))))
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.RequestHeader(header.Key)));
return;
}
}
public async Task InspectAsync(RequestAnalysisContext context, CancellationToken cancellationToken)
{
if (context.Request.Method.Equals("post", StringComparison.OrdinalIgnoreCase) && context.Request.HasFormContentType)
{
bool valid = await Antiforgery.IsRequestValidAsync(context.HttpContext);
if (!valid)
{
context.ReportDiagnostic(new Diagnostic(Rule, Location.RequestBody));
}
}
}
public void Inspect(RequestAnalysisContext context, CancellationToken cancellationToken)
{
var options = Options.CurrentValue;
// inspect file extension
var file = context.TokenizedPath.LastOrDefault();
if (file != null && file.Contains('.'))
{
foreach (var found in Extensions.Where(e => file.EndsWith(e.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.Path));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
// inspect directories
foreach (var found in Folders.Where(s => context.TokenizedPath.Any(d => d.Equals(s.Term, StringComparison.OrdinalIgnoreCase))))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.Path));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
// inspect file name
if (file != null)
{
foreach (var found in Files.Where(e => file.Equals(e.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.Path));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
// inspect path
var path = context.Request.Path.Value;
foreach (var found in RequestBody.Where(i => path.Contains(i.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.Path));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
// inspect query string
var queryString = context.Request.QueryString.Value;
if (!String.IsNullOrEmpty(queryString))
{
foreach (var found in RequestBody.Where(i => queryString.Contains(i.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.QueryString()));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
// inspect headers
foreach (var header in context.Request.Headers)
{
foreach (var value in header.Value)
{
foreach (var found in RequestBody.Where(i => value.Contains(i.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.RequestHeader(header.Key)));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
}
// inspect user agent
if (context.Request.Headers.TryGetValue("User-Agent", out var userAgent))
{
foreach (var ua in userAgent)
{
foreach (var found in UserAgents.Where(u => ua.Contains(u.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.RequestHeader("User-Agent")));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
}
// inspect headers
if (context.Request.HasFormContentType && context.Request.Form != null)
{
// inspect files
foreach (var formFile in context.Request.Form.Files)
{
var fileName = Path.GetFileName(formFile.FileName);
// inspect file extension
foreach (var found in FormFileNameExtension.Where(i => fileName.EndsWith(i.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.RequestFormFile(formFile.FileName)));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
// inspect file name
foreach (var found in FormFileName.Where(i => fileName.Equals(i.Term, StringComparison.OrdinalIgnoreCase)))
{
context.ReportDiagnostic(new Diagnostic(Rule.With(found), Location.RequestFormFile(formFile.FileName)));
if (options.Depth == AnalysisDepth.FindFirst)
{
return;
}
}
}
}
}
