private static EFTracingConnection CreateTracingConnection(string connectionString, string providerInvariantName)
{
// based on the example at http://jkowalski.com/2010/04/23/logging-sql-statements-in-entity-frameworkcode-first/
string wrapperConnectionString =
String.Format(@"wrappedProvider={0};{1}", providerInvariantName, connectionString);
EFTracingConnection connection = new DbTracingConnection {
ConnectionString = wrapperConnectionString
};
// set up an event which will be raised whenever command has finished executing
connection.CommandFinished += (sender, e) =>
{
try
{
LogEntryData.LogEntryAsync("SQL sucess:" + e.ToTraceString(), LogSeverity.Tracing, LogCategory.DataAccess);
}
catch (Exception ex)
{
}
};
connection.CommandFailed += (sender, e) =>
{
try
{
LogEntryData.LogEntryAsync("SQL failed:" + e.ToTraceString(), LogSeverity.Tracing, LogCategory.DataAccess);
}
catch (Exception ex)
{
}
};
return(connection);
}
public void Test_LogNoRule()
{
// Arrange
var eventLogStub = Isolate.Fake.Instance <EventLog>(Members.MustSpecifyReturnValues);
fltLib.SetGetMessageReturn(0, new ACCESS_REQUEST {
Path = "c:\\test.txt", MessageId = 123
});
var ExpectedBytes = LogEntryData.Serialize(new LogEntryData
(
DateTime.Now.ToLongDateString() + " " + DateTime.Now.ToShortTimeString(),
true,
AccessType.FILESYSTEM,
"c:\\test.txt",
"Idle"
));
core.Start(ruleset, serviceInterface, eventLogStub);
// Act
core.WaitRequest();
// Assert
Isolate.Verify.WasCalledWithExactArguments(() => eventLogStub.WriteEntry("Please use FileWall to view this log.", EventLogEntryType.Information, 0, 0, ExpectedBytes));
}
/*void ScrollCellIndex(int idx)
* {
* textView.text = LogManager.Instance.Entries[idx].Text;
* }*/
public override void SetData(object data)
{
LogEntryData logEntryData = (LogEntryData)data;
textView.text = logEntryData.Text;
timeTextView.text = logEntryData.Time.ToString("HH:mm:ss");
}
public void Initialize(LogEntryData data)
{
// Fill with information
infoText.text = data.Text;
switch (data.Type)
{
case LogEntryType.Info:
infoText.color = Color.blue;
break;
case LogEntryType.Warning:
infoText.color = Color.yellow;
break;
case LogEntryType.Error:
infoText.color = Color.red;
break;
case LogEntryType.Undefined:
default:
throw new ArgumentOutOfRangeException();
}
// Set on top of log list
transform.SetSiblingIndex(0);
// Delete script
Destroy(this);
}
public void Serialize_Desirialize()
{
// NOTE: Watch that all properties LogEntryData have non default values.
var serialized = new LogEntryData("somedate", true, AccessType.REGISTRY, @"d:\my documents\pics", @"c:\win\malware.exe");
var data = LogEntryData.Serialize(serialized);
var deserialized = LogEntryData.Deserialize(data);
Assert.IsTrue(PropertyComparer.AreEqual(serialized, deserialized));
}
public void Constructor()
{
var data = new LogEntryData("somedate", true, AccessType.REGISTRY, @"d:\my documents\pics", @"c:\win\malware.exe");
Assert.AreEqual(data.Date, "somedate");
Assert.AreEqual(data.IsAllowed, true);
Assert.AreEqual(data.Path, @"d:\my documents\pics");
Assert.AreEqual(data.ProcessPath, @"c:\win\malware.exe");
Assert.AreEqual(data.AccessType, AccessType.REGISTRY);
}
public void Deserialize_WrongData()
{
var wrongData = new byte[450];
for (var i = 0; i < 450; i++)
{
wrongData[i] = (byte)i;
}
AdvAssert.ThrowsArgument(() => LogEntryData.Deserialize(new byte[] {}), "data");
}
public void TestInitialize()
{
eventLog = new EventLog("APTest");
eventLog.Clear();
var bytes = LogEntryData.Serialize(new LogEntryData(DateTime.Now.ToShortTimeString(),
false, AccessType.FILESYSTEM, "c:\\test.txt", "c:\\malware.exe"));
EventLog.WriteEntry("APTester", "Hello world!", EventLogEntryType.Information, 0, 0, bytes);
bytes = LogEntryData.Serialize(new LogEntryData(DateTime.Now.ToShortTimeString(),
false, AccessType.REGISTRY, "HKLM\\classes\\glavriba", "c:\\trojan.exe"));
EventLog.WriteEntry("APTester", "Hello world!", EventLogEntryType.Information, 0, 0, bytes);
}
private void WriteLog(LogEntryType type, string text)
{
var data = new LogEntryData
{
Type = type,
Text = text,
CreateTime = DateTime.Now,
};
var logEntryGo = Instantiate(logEntryPrefab, logHolder);
logEntryGo.GetComponent <LogEntryController>().Initialize(data);
}
/// <summary>Refreshes <see cref="Data"/>.</summary>
public virtual void Refresh()
{
//Data.Clear();
// Fill the data of view.
foreach (EventLogEntry entry in EventLog.Entries)
{
if (entry.Index <= _LastIndex)
{
continue;
}
_LastIndex = entry.Index;
Data.Add(LogEntryData.Deserialize(entry.Data));
}
}
public void Refresh()
{
var logViewModel = new LogViewModel(eventLog);
// This entry will not be displayed, until user not clicked "Refresh".
var bytes =
LogEntryData.Serialize(new LogEntryData(DateTime.Now.ToShortTimeString(), false, AccessType.FILESYSTEM,
"hello", "hello2"));
EventLog.WriteEntry("APTester", "Hello world!", EventLogEntryType.Information, 0, 0, bytes);
// Emulate click on "Refresh" button.
logViewModel.Refresh();
// Assert
// Check the equality of logView.Data and eventLog.Entries.
for (var i = 0; i < eventLog.Entries.Count; i++)
{
Assert.IsTrue(PropertyComparer.AreEqual(LogEntryData.Deserialize(eventLog.Entries[i].Data),
logViewModel.Data[i]));
}
}
private LogEntryData Create_EntryData <TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func <TState, Exception, string> formatter)
{
LogEntryData result = new LogEntryData()
{
LogLevel = logLevel.ToString(),
EventId = eventId.Id.ToString(),
EventName = eventId.Name,
Timestamp = DateTime.UtcNow
};
if (state != null)
{
result.State = state.ToString();
}
if (exception != null)
{
result.Exception = this.Create_ExceptionData(exception);
}
return(result);
}
public void Deserialize_Null()
{
AdvAssert.ThrowsArgumentNull(() => LogEntryData.Deserialize(null), "data");
}
public void Deserialize_EmptyArray()
{
AdvAssert.ThrowsArgument(() => LogEntryData.Deserialize(new byte[] {}), "data");
}
/// <summary>
/// Write the XML log entry.
/// </summary>
/// <typeparam name="TState"></typeparam>
/// <param name="logLevel"></param>
/// <param name="eventId"></param>
/// <param name="state"></param>
/// <param name="exception"></param>
/// <param name="formatter"></param>
void ILogger.Log <TState>(LogLevel logLevel, EventId eventId, TState state, Exception exception, Func <TState, Exception, string> formatter)
{
XmlElement xEleNew = null;
XmlNode xLogEntries = null;
XmlAttribute xa = null;
long rowCount = 0;
// only log at the specified level and below
if ((int)this.LogLevel <= (int)logLevel && logLevel != LogLevel.None)
{
// Make sure requests do not bump into each other.
while (Busy == true)
{
System.Threading.Thread.Sleep(250);
}
Busy = true;
try
{
LogDocument = this.LoadOrCreateLogDocument(OutputPath);
// Get row information from file.
xLogEntries = (from XmlNode xn in LogDocument.ChildNodes where xn.Name == "logEntries" select xn).First();
rowCount = Convert.ToInt64(xLogEntries.Attributes.GetNamedItem(@"entryCount").Value);
if (rowCount > MaxLogRows)
{
this.LogRotate();
// get the important info again.
xLogEntries = null;
xLogEntries = (from XmlNode xn in LogDocument.ChildNodes where xn.Name == "logEntries" select xn).First();
rowCount = Convert.ToInt64(xLogEntries.Attributes.GetNamedItem(@"entryCount").Value);
}
// Write the element items
xEleNew = LogDocument.CreateElement(@"logEntry");
xa = LogDocument.CreateAttribute("id");
xa.Value = rowCount.ToString();
xEleNew.Attributes.Append(xa);
// Create the object data and serialise it.
LogEntryData le = this.Create_EntryData(logLevel, eventId, state, exception, formatter);
using (XMLSerializer serializer = new XMLSerializer())
{
xEleNew.InnerXml += serializer.Serialize(le.GetType(), le, @"logEntry").InnerXml;
}
rowCount++;
xLogEntries.Attributes.GetNamedItem(@"entryCount").Value = rowCount.ToString();
xLogEntries.AppendChild(xEleNew);
try
{
using (FileStream fs = new FileStream(OutputPath, FileMode.OpenOrCreate, FileAccess.Write))
{
LogDocument.Save(fs);
// Cleardown items to prevent file lock.
fs.Flush();
fs.Dispose();
}
}
finally
{
LogDocument = null;
}
}
catch (Exception ex)
{
// TODO own exceptions are being logged!
// throw new LoggerException(@"Something went wrong while logging using " + this.GetType().ToString() + " see inner exception for details.", ex);
}
finally
{
Busy = false;
xEleNew = null;
xLogEntries = null;
xa = null;
}
}
}
public LogService()
{
_logEntryData = new LogEntryData();
_methodData = new MethodData();
_classData = new ClassData();
}
public void Add(LogEntryData logEntry)
{
throw new NotImplementedException();
}
public void WaitRequest()
{
if (!_IsStarted)
{
throw new InvalidOperationException("Can't execute while Core is stopped.");
}
var request = _Driver.GetRequest();
var allow = false;
Ruleset.RulesRow rule;
if (Ruleset.Processes.FindByPath(request.ProcessPath) != null)
{
rule = Ruleset.GetRulesRow(request.RuleID, request.ProcessPath);
if (rule == null && Ruleset.Processes.FindByPath("*") != null)
{
rule = Ruleset.GetRulesRow(request.RuleID, "*");
}
}
else if (Ruleset.Processes.FindByPath("*") != null)
{
rule = Ruleset.GetRulesRow(request.RuleID, "*");
}
else
{
rule = null;
}
if (rule == null) // No rule found - just allow this request.
{
allow = true;
}
else
{
if (rule.Action == RuleAction.Allow)
{
allow = true;
}
else if (rule.Action == RuleAction.Block)
{
// ReSharper disable RedundantAssignment
allow = false;
}
// ReSharper restore RedundantAssignment
else if (rule.Action == RuleAction.Ask)
{
var ea = new CoreAccessRequestedEventArgs("", request.Path, request.ProcessPath);
_ServiceInterface.OnAccessRequested(ea);
allow = ea.Allow;
if (ea.CreateRule)
{
var processRow = Ruleset.Processes.FindByPath(request.ProcessPath) ??
Ruleset.Processes.AddProcessesRow(request.ProcessPath);
if (rule.ProcessPath == "*")
{
var newRule = Ruleset.GetRulesRow(request.RuleID, request.ProcessPath);
if (newRule == null)
{
Ruleset.Rules.AddRulesRow(
(allow ? "Allow" : "Block") + " access to " + Path.GetFileName(request.Path) +
" for " +
Path.GetFileName(request.ProcessPath),
RuleAction.FromBoolean(allow),
true,
rule.PathsRow,
processRow,
rule.ItemsRow);
}
else
{
newRule.Action = RuleAction.FromBoolean(allow);
}
}
else
{
rule.Action = RuleAction.FromBoolean(allow);
}
}
}
}
IncrementCounter(request.AccessType, allow);
// Log the data about request to event log.
if ((rule == null || rule.Log) && _EventLog != null)
{
var entryData =
new LogEntryData(DateTime.Now.ToLongDateString() + " " + DateTime.Now.ToShortTimeString(),
allow, (AccessType)request.AccessType, request.Path, request.ProcessPath);
_EventLog.WriteEntry("Please use FileWall to view this log.", EventLogEntryType.Information, 0, 0, LogEntryData.Serialize(entryData));
}
_Driver.ReplyRequest(request, allow);
}
