public void ApplyConfig() { HttpResource notfound = new HttpResource(ResourceMappingType.FILE); notfound.BasePath = $"{Environment.CurrentDirectory}/web/404.html"; notfound.MIMEType = "text/html"; serverConfig = new ServerConfig(); serverConfig.DocumentRoot = $"{Environment.CurrentDirectory}/web/"; serverConfig.MaxCleanUpNumber = 5; serverConfig.MaxConnectionAccepted = 100; serverConfig.ServerPort = 8080; serverConfig.DeadConnectionCleanUpInterval = 4000; serverConfig.IdleConnectionCleanUpInterval = 4000; serverConfig.NotFound404Page = new ResourceLocator("", "", notfound); }
/// <summary> /// Cleans up after configuration has been performed. /// </summary> /// <param name="WebServer">Current Web Server object.</param> public override Task CleanupAfterConfiguration(HttpServer WebServer) { Task Result = base.CleanupAfterConfiguration(WebServer); if (this.connectToHost != null) { WebServer.Unregister(this.connectToHost); this.connectToHost = null; } if (this.randomizePassword != null) { WebServer.Unregister(this.randomizePassword); this.randomizePassword = null; } return(Result); }
public async Task <JsonResult> TitleFromUri() { if (VoatSettings.Instance.OutgoingTraffic.Enabled) { var uri = Request.Query["uri"].FirstOrDefault(); uri = uri.TrimSafe(); if (!string.IsNullOrEmpty(uri) && UrlUtility.IsUriValid(uri, true, true)) { //Old Code: //string title = UrlUtility.GetTitleFromUri(uri); using (var httpResource = new HttpResource( new Uri(uri), new HttpResourceOptions() { AllowAutoRedirect = true }, VoatSettings.Instance.OutgoingTraffic.Proxy.ToWebProxy())) { await httpResource.GiddyUp(); string title = httpResource.Title; if (title != null) { title = title.StripUnicode(); var resultList = new List <string> { title }; return(Json(resultList /* CORE_PORT: Removed , JsonRequestBehavior.AllowGet */)); } } } } Response.StatusCode = (int)HttpStatusCode.BadRequest; return(Json("Bad request." /* CORE_PORT: Removed , JsonRequestBehavior.AllowGet */)); }
public async Task TestRedirect() { Uri testUri = new Uri("http://stackoverflow.com/questions/1348683/will-the-b-and-i-tags-ever-become-deprecated"); using (var httpResource = new HttpResource(testUri.ToString())) { await httpResource.GiddyUp(); Assert.AreEqual(false, httpResource.Redirected); Assert.AreEqual(HttpStatusCode.MovedPermanently, httpResource.Response.StatusCode); } using (var httpResource = new HttpResource(testUri.ToString(), new HttpResourceOptions() { AllowAutoRedirect = true })) { await httpResource.GiddyUp(); Assert.AreEqual(true, httpResource.Redirected); Assert.AreEqual(HttpStatusCode.OK, httpResource.Response.StatusCode); } }
/// <summary> /// Initializes the setup object. /// </summary> /// <param name="WebServer">Current Web Server object.</param> public override async Task InitSetup(HttpServer WebServer) { XmlSchema Schema = XSL.LoadSchema(typeof(Gateway).Namespace + ".Schema.Theme.xsd", typeof(Gateway).Assembly); string ThemesFolder = Path.Combine(Gateway.AppDataFolder, "Root", "Themes"); ThemeDefinition Def; await base.InitSetup(WebServer); WebServer.ETagSalt = this.Updated.Ticks.ToString(); if (Directory.Exists(ThemesFolder)) { foreach (string FileName in Directory.GetFiles(ThemesFolder, "*.xml", SearchOption.AllDirectories)) { try { XmlDocument Doc = new XmlDocument(); Doc.Load(FileName); XSL.Validate(FileName, Doc, "Theme", "http://waher.se/Schema/Theme.xsd", Schema); Def = new ThemeDefinition(Doc); themeDefinitions[Def.Id] = Def; } catch (Exception ex) { Log.Critical(ex, FileName); continue; } } } bool Update = false; if (!string.IsNullOrEmpty(this.themeId) && !themeDefinitions.ContainsKey(this.themeId)) { this.themeId = string.Empty; this.Step = 0; this.Completed = DateTime.MinValue; this.Complete = false; Update = true; } if (string.IsNullOrEmpty(this.themeId) && themeDefinitions.Count == 1) { foreach (ThemeDefinition Def2 in themeDefinitions.Values) { this.themeId = Def2.Id; await this.MakeCompleted(); Update = false; break; } } if (Update) { this.Updated = DateTime.Now; await Database.Update(this); } if (!string.IsNullOrEmpty(this.themeId) && themeDefinitions.TryGetValue(this.themeId, out Def)) { Theme.CurrerntTheme = Def; } else if (themeDefinitions.TryGetValue("CactusRose", out Def)) { Theme.CurrerntTheme = Def; } else { foreach (ThemeDefinition Def2 in themeDefinitions.Values) { Theme.CurrerntTheme = Def2; break; } } this.setTheme = WebServer.Register("/Settings/SetTheme", null, this.SetTheme, true, false, true); }
/// <summary> /// Initializes the setup object. /// </summary> /// <param name="WebServer">Current Web Server object.</param> public override Task InitSetup(HttpServer WebServer) { this.testAddresses = WebServer.Register("/Settings/TestNotificationAddresses", null, this.TestNotificationAddresses, false, false, true); return(base.InitSetup(WebServer)); }
/// <summary> /// Waits for the user to provide configuration. /// </summary> /// <param name="WebServer">Current Web Server object.</param> /// <returns>If all system configuration objects must be reloaded from the database.</returns> public override Task <bool> SetupConfiguration(HttpServer WebServer) { this.simplified = WebServer.Register("/Settings/Simplified", null, this.Simplified, false, false, true); return(base.SetupConfiguration(WebServer)); }
public HttpResource ToResource() => HttpResource.From(_name);
private void Refresh(App app, string path) { var cssFolder = Path.Combine(app.LocalDirectory, "css"); if (!Directory.Exists(cssFolder)) Directory.CreateDirectory(cssFolder); var cssFiles = Directory .GetFiles(cssFolder) .Where(f => f.EndsWith(".css")); if (cssFiles .Where(f => !TimeMap.ContainsKey(f) || File.GetLastWriteTimeUtc(f) != TimeMap[f]) .Any()) { // Combine CSS var combinedCss = cssFiles .OrderBy(f => f.Substring(0, f.Length-4)) .Select(f => File.ReadAllText(f)) .Where(t => !t.StartsWith("/* Auto-Combine: Exclude", StringComparison.InvariantCultureIgnoreCase)) .Aggregate((a, b) => a + Environment.NewLine + b); // Minify CSS var cachedCss = new HttpResource( DateTime.UtcNow, Encoding.UTF8.GetBytes( new Minifier().MinifyStyleSheet(combinedCss) ), "text/css"); // Update write times foreach (var cssFile in cssFiles) TimeMap.AddOrUpdate(cssFile, File.GetLastWriteTimeUtc(cssFile), (f, d) => File.GetLastWriteTimeUtc(f)); // Add or update the combined css. this.Cache.AddOrUpdate(path, cachedCss, (s, o) => cachedCss); } }
public override async Task SummaryRunOnce(VulnerabilitySummary summary) { ZapJsonReport report = null; var jsonReportPath = Path.Combine(WorkingDirectory, OwaspZapPlugin.JSON_REPORT_FILE); if (File.Exists(jsonReportPath)) { using (var sr = new StreamReader(jsonReportPath)) { report = JsonConvert.DeserializeObject <ZapJsonReport>(await sr.ReadToEndAsync()); } } else { Logger.LogCritical("JSON report from this plugin was not found! Aborting..."); return; } if (report == null) { Logger.LogCritical("JSON report from this plugin was not valid! Aborting..."); return; } foreach (var alert in report.Site.First().Alerts) { var item = new VulnerabilityItem { PluginResults = new List <PluginResult> { this }, PluginPointer = PluginPointer, PluginRawScore = alert.RiskCode * alert.Confidence, PluginAdjustedScore = alert.RiskCode * alert.Confidence / (3.0 * 5.0) * 100, Description = alert.Desc, Resources = alert.Instances.Select(instance => { var newResource = new HttpResource { Method = instance.Method, Url = instance.Uri }; var newFingerprint = newResource.Fingerprint(skippedFields: new[] { "resourceId", "fields", "headers" }); if (ResourceManager.Instance.ContainsFingerprint(newFingerprint)) { return(ResourceManager.Instance.GetByFingerprint <HttpResource>(newFingerprint)); } ResourceManager.Instance.Register(newResource); return(newResource); }).Cast <Resource>().ToList() }; item.Extras["OWASPZAP"] = new { alert.Alert, alert.Confidence, alert.Count, alert.CWEId, alert.Desc, alert.Name, alert.OtherInfo, alert.PluginId, alert.Reference, alert.RiskCode, alert.RiskDesc, alert.Solution, alert.SourceId, alert.WASCId }; string[] skipFields = { "pluginResults", "extras" }; var fingerprint = item.Fingerprint(skippedFields: skipFields); if (summary.VulnerabilityItems.All(i => i.Fingerprint(skippedFields: skipFields) != fingerprint)) { summary.VulnerabilityItems.Add(item); } else // correlation -- multiple plugins see this { var correlatedItem = summary.VulnerabilityItems.FirstOrDefault(v => v.Fingerprint(skippedFields: skipFields) == fingerprint); if (correlatedItem != null && !correlatedItem.PluginResults.Contains(this)) { correlatedItem.PluginResults.Add(this); correlatedItem.Extras["OWASPZAP"] = item.Extras["OWASPZAP"]; } } } // TODO: Migrate HTML report into AzDO plugin? }
public void ProcessRequest(App site, HttpContext context, string resource, string query) { HttpRequest request = context.Request; HttpResponse response = context.Response; var file = new FileInfo(Path.Combine(site.LocalDirectory, resource)); var mime = site.Mime.GetMime(file.Extension); if (!file.Exists || mime == null || file.Name.EndsWith("web.config.xml")) { response.Status = "404"; return; } // Check if we have dpr in the cookie var dprString = request.Cookies.GetString("dpr"); // Check if we have dpr bigger than one in the cookie if (dprString != null && dprString != "1" && mime.StartsWith("image/")) { // Get the dpr value int dpr = 1; // Check if it's an image and if it exists if (Int32.TryParse(dprString, out dpr)) { // If dpr is bigger than one if (dpr > 1) { var fullname = file.FullName; var namebase = fullname.Remove(fullname.Length - file.Extension.Length); var newfile = namebase + "@2x" + file.Extension; // Set the new file to a 2x one if (File.Exists(newfile)) file = new FileInfo(newfile); } } } // Add Vary for javascript & css if (mime == "application/javascript" || mime == "application/x-javascript" || mime == "text/javascript" || mime == "text/css") response.Headers.Set("Vary", "Accept-Encoding"); // Create a new resource from file and write to the response HttpResource content = new HttpResource(file); response.Status = "200"; content.WriteTo(context); }
public HttpResource ToResource() { return(Region.ToResource().Then(HttpResource.From(Name))); }