private void WriteFragmented(Report report, IScanRunner Sender) { if (report.Events.Count > 0) { string output = ""; //Found a malicious string foreach (Event ev in report.Events) { output += "<div class=\"result\"><h3>found fragmented injection: </h3></div>"; //output += "<div class=\"value\">value: " + Server.HtmlEncode(ev.Value) + "</div>"; int impact = 0; foreach (Filter f in ev.Filters) { impact += f.Impact; if (f.Rule.Length > 60) { output += "<div class=\"result\">rule: " + Server.HtmlEncode(f.Rule.Substring(0, 60)) + "...<br />rule-description: <i>" + Server.HtmlEncode(f.Description) + "</i><br />impact: " + f.Impact + "</div>"; } else { output += "<div class=\"result\">rule: " + Server.HtmlEncode(f.Rule) + "<br />rule-description: <i>" + Server.HtmlEncode(f.Description) + "</i><br />impact: " + f.Impact + "</div>"; } } output += "<div class=\"result\"><h3>Overall impact: <strong style=\"color:red;\">" + ev.Impact + "</strong></h3></div>"; } if (_replace != string.Empty) { string newoutput = PageHTML.Replace(_replace, output); Sender.WriteResponse(newoutput); } else { Sender.WriteResponse(); } } }
public void IDSEventHandler(Report report, IScanRunner Sender) { switch (report.RequestType) { case RequestType.Get: if (!ShowReport(report)) { WriteAllClearGet(report); } else { _found = true; } break; case RequestType.Post: if (!ShowReport(report)) { WriteAllClearPost(report); } else { _found = true; } break; case RequestType.Cookie: if (!ShowReport(report)) { WriteAllClearCookie(report); } else { _found = true; } break; case RequestType.Header: if (!ShowReport(report)) { WriteAllClearHeader(report); } else { _found = true; } if (!_found) { //NOW WRITE THE SPACE FOR THE OUTPUT PARAMETER Literal outputspace = new Literal(); outputspace.Text = WriteAllClearFragmented(); _replace = outputspace.Text; idsoutput.Controls.Add(outputspace); } else { //NOW WRITE THE SPACE FOR THE OUTPUT PARAMETER Literal outputspace = new Literal(); outputspace.Text = "<h3 class=\"clean\">Fragmented input not written because non-fragmented events were detected.</h3><br/>"; _replace = outputspace.Text; idsoutput.Controls.Add(outputspace); } break; case RequestType.Output: if (report.Events.Count == 0) { //Write new output with concaternated strings Sender.WriteResponse(); } else { if (!_found) { WriteFragmented(report, Sender); } else { Sender.WriteResponse(); } } break; } }