public MemoryFilter(Stream stream,ViewStateStatus viewStateStatus)
     : this(stream,viewStateStatus.ViewStateStorage)
 {
     this.method = viewStateStatus.GetActiveMethod();
 }
Exemple #2
0
 public DefenceMainSettings(ViewStateStatus viewStateStatus)
     : this()
 {
     log.Info("Initializing The DefenceMainSetting Object");
     this.viewStateStatus = viewStateStatus;
 }
Exemple #3
0
        /// <summary>
        /// Used By The Configuration Parser To Parser The Config Section
        /// </summary>
        /// <param name="parent"></param>
        /// <param name="configContext"></param>
        /// <param name="section"></param>
        /// <returns></returns>
        public object Create(object parent, object configContext, XmlNode section)
        {
            log.Info("Beginning with the parsing of the web.config");

            #region XmlElement Creation Section

                XmlElement activation = section["Activation"];
                XmlElement FoundStone = section["FoundStoneModule"];
                XmlElement Plugin = section["Plugins"];
                XmlElement ViewStateHiding = section["ViewStateHiding"];

            #endregion

            log.Info("Reading The Main Attributes");

            #region Debug Handling Section

            //BasicConfigurator.Configure(new FileAppender(pat, "c:\\defapplog.log", true));
            bool debug = XmlConvert.ToBoolean(activation.Attributes["Debug"].Value);
            if ((debug))
            {
                string debugFile = activation.Attributes["DebugFile"].Value;
                if (debugFile != null && debugFile.Length > 0)
                {
                    try
                    {
                        BasicConfigurator.Configure(new FileAppender(pat, debugFile, true));
                    }
                    catch
                    {
                    }
                }
                //Configures The MemoryAppender
                BasicConfigurator.Configure(new HttpAppender(pat, MemoryLogs));
                //Configures The Trace Appender
                BasicConfigurator.Configure(new TraceAppender(pat));
            }

            #endregion

            #region General Settings And Handling Orders

            string active = activation.Attributes["Active"].Value;
            //string keywordcheck = activation.Attributes["KeywordCheck"].Value;
            //string regexcheck = activation.Attributes["RegExCheck"].Value;
            string cookies = "";
            string formfields = "";
            string querystring = "";
            string headers = "";
            for (int ixy=0;ixy<section["Handlers"].ChildNodes.Count;ixy++)
            {
                string Name = section["Handlers"].ChildNodes[ixy].Name;
                switch(Name)
                {
                    case "HandleCookies":
                            cookies = section["Handlers"].ChildNodes[ixy].Attributes["Action"].Value;
                                    break;
                    case "HandleFormFields":
                            formfields = section["Handlers"].ChildNodes[ixy].Attributes["Action"].Value;
                                    break;
                    case "HandleQueryString":
                            querystring = section["Handlers"].ChildNodes[ixy].Attributes["Action"].Value;
                                    break;
                    case "HandleHeaders":
                            headers = section["Handlers"].ChildNodes[ixy].Attributes["Action"].Value;
                                    break;
                    default:
                            break;
                }
            }
            DefenceMainSettings settings = new DefenceMainSettings();

            if (!GeneralUtilities.IsNull(ViewStateHiding))
            {
                if (ViewStateHiding.Attributes.Count == 2)
                {
                    if (!GeneralUtilities.IsNull(ViewStateHiding.Attributes["Active"]))
                    {
                        bool tmpActivation =
                        XmlConvert.ToBoolean(ViewStateHiding.Attributes["Active"].Value);
                        string tmpMethod = ViewStateHiding.Attributes["Method"].Value;
                        ViewStateStatus viewStateHiding = null;
                        switch(tmpMethod)
                        {
                            case "MD5":
                                viewStateHiding = new ViewStateStatus(tmpActivation,ViewStateStatus.Method.MD5);
                                break;
                            case "GUID":
                                viewStateHiding = new ViewStateStatus(tmpActivation,ViewStateStatus.Method.SHA1);
                                break;
                            case "SHA1":
                                viewStateHiding = new ViewStateStatus(tmpActivation,ViewStateStatus.Method.GUID);
                                break;
                            default:
                                viewStateHiding = new ViewStateStatus(tmpActivation,ViewStateStatus.Method.NONE);
                                break;
                        }
                        settings = new DefenceMainSettings(viewStateHiding);
                    }
                }
            }

            settings.HandleCookies = int.Parse(cookies);
            settings.HandleForms = int.Parse(formfields);
            settings.HandleQueries = int.Parse(querystring);
            settings.HandleHeaders = int.Parse(headers);
            settings.IsDebug = debug;
            settings.IsActive = XmlConvert.ToBoolean(active);

            //settings
            #endregion

            #region Handle FoundStone Settings

            //log.Debug(AppDomain.CurrentDomain.BaseDirectory + "/bin/" + "DefAppPluginTest.dll");
            //ArrayList lists =
            //Plugins.DefAppPlugin.XmlToPlugin(AppDomain.CurrentDomain.BaseDirectory + "/bin/" + "DefAppPluginTest.dll",10);
            //log.Debug(defApp.PluginName());

            log.Info("Begin Parsing Dinis Attributes");
            if (!GeneralUtilities.IsNull(FoundStone) && !GeneralUtilities.IsNull(FoundStone.Attributes["Active"]))
            {
                string dinisActive = FoundStone.Attributes["Active"].Value;
                settings.IsFoundStoneActive = XmlConvert.ToBoolean(dinisActive);
                if (!GeneralUtilities.IsNull(FoundStone.Attributes["ValidatorFormMappings"]))
                    settings.FS_HttpModule_Validator_FormMappings = FoundStone.Attributes["ValidatorFormMappings"].Value;
                if (!GeneralUtilities.IsNull(FoundStone.Attributes["ValidatorRules"]))
                    settings.FS_HttpModule_Validator_Rules = FoundStone.Attributes["ValidatorRules"].Value;
                if (!GeneralUtilities.IsNull(FoundStone.Attributes["XMLRulesDatabase"]))
                    settings.FS_HttpModule_XMLRulesDatabase = FoundStone.Attributes["XMLRulesDatabase"].Value;
                if (!GeneralUtilities.IsNull(FoundStone.Attributes["FSPageOutput"]))
                    settings.FSPageOutput = XmlConvert.ToBoolean(FoundStone.Attributes["FSPageOutput"].Value);
            }
            log.Info("End Parsing Dinis Attributes");

            #endregion

            #region Plugin Handling Section

            if (GeneralUtilities.CheckNode(Plugin))
            {
                ArrayList pluginArray = settings.PluginList;
                IEnumerator pluginEnum = Plugin.ChildNodes.GetEnumerator();
                while (pluginEnum.MoveNext())
                {
                    XmlNode Pluginen = (XmlNode) pluginEnum.Current;
                    if (!GeneralUtilities.IsNull(Pluginen.Attributes["assembly"].Value))
                    {
                        string paths = AppDomain.CurrentDomain.BaseDirectory + "/bin/" + Pluginen.Attributes["assembly"].Value;
                        log.Info(paths);
                        DefAppPlugin.XmlToPlugin(paths, 999, pluginArray);
                    }
                }
            }

            #endregion

            log.Info("Finished successfully Mapping The Main Attributes");

            #region Rule Processing Section

            ArrayList ary = settings.DenyList;
            XmlNode Rulenode = section["RuleList"];
            if (GeneralUtilities.CheckNode(Rulenode))
            {
                IEnumerator enums = Rulenode.ChildNodes.GetEnumerator();
                while (enums.MoveNext())
                {
                    XmlNode Rules = (XmlNode) enums.Current;
                    Rule.XmlToRule(Rules, ary);
                }
            }

            #endregion

            log.Info("Finished Parsing of The Web.Config");

            return settings;
        }
Exemple #4
0
 public object OldCreate(object parent, object configContext, XmlNode section)
 {
     log.Info("Beginning with the parsing of the web.config");
     //Read The Debug and Activity Attributes Before Creating The
     //Configuration Storage Object
     XmlElement activation = section["Activation"];
     log.Info("Reading The Main Attributes");
     string debug = activation.Attributes["Debug"].Value;
     if (XmlConvert.ToBoolean(debug))
         BasicConfigurator.Configure(new TraceAppender(pat));
     string active = activation.Attributes["Active"].Value;
     string keywordcheck = activation.Attributes["KeywordCheck"].Value;
     string regexcheck = activation.Attributes["RegExCheck"].Value;
     string cookies = section["Handlers"].ChildNodes[0].Attributes["Action"].Value;
     string formfields = section["Handlers"].ChildNodes[1].Attributes["Action"].Value;
     string querystring = section["Handlers"].ChildNodes[2].Attributes["Action"].Value;
     log.Info("Finished successfully Mapping The Main Attributes");
     //DefenceMainSettings settings = new DefenceMainSettings();
     ViewStateStatus viewStateHiding = new ViewStateStatus(true,ViewStateStatus.Method.GUID);
     DefenceMainSettings settings = new DefenceMainSettings(viewStateHiding);
     ArrayList ary = settings.DenyList;
     if (keywordcheck == "true")
     {
         if (section["KeywordList"] != null && section["KeywordList"].ChildNodes != null)
         {
             for (int i = 0; i < section["KeywordList"].ChildNodes.Count; i++)
             {
                 string patterns = section["KeywordList"].ChildNodes[i].InnerText;
                 if (GeneralUtilities.CheckString(patterns))
                 {
                     try
                     {
                         string names = section["KeywordList"].ChildNodes[i].Attributes["name"].Value;
                         ary.Add(new Textrule(names, patterns, Rule.ActionTypes.Deny));
                     }
                     catch (Exception ex)
                     {
                         log.Error("Error in keywordlist configuration parsing", ex);
                     }
                 }
             }
         }
     }
     if (regexcheck == "true")
     {
         for (int x = 0; x < section["RegExDeny"].ChildNodes.Count; x++)
         {
             string patterns = section["RegExDeny"].ChildNodes[x].InnerText;
             if (GeneralUtilities.CheckString(patterns))
             {
                 try
                 {
                     ary.Add(new Regexrule(section["RegExDeny"].ChildNodes[x].Attributes["name"].Value, patterns, Rule.ActionTypes.Deny));
                 }
                 catch (Exception ex)
                 {
                     log.Error("Error in regex configuration parsing", ex);
                 }
             }
         }
     }
     settings.HandleCookies = int.Parse(cookies);
     settings.HandleForms = int.Parse(formfields);
     settings.HandleQueries = int.Parse(querystring);
     //Disabled Prior To Release v0.3
     //settings.IsSqlInjectionBlock = (sqlinjection == "true"?true:false);
     settings.IsDebug = XmlConvert.ToBoolean(debug);
     settings.IsActive = XmlConvert.ToBoolean(active);
     log.Info("Finished Parsing of The Web.Config");
     return settings;
 }
 public CookieRule(string name,string pattern,ViewStateStatus.Method encryptionMethod,Hashtable storage)
     : base(name,pattern,ActionTypes.Clean)
 {
     this.encryptionMethod = encryptionMethod;
     this.storage = storage;
 }