Summary description for LogRequestData.
Esempio n. 1
0
        //        static public void ProcessRequest_Debug(object sender, EventArgs e)
        //        {
        //            ///object send= sender;
        //            
        //            HttpApplication ht = (HttpApplication)sender;
        //            string pageType = ht.Request.FilePath;
        //            ht.Request.RawUrl
        //            Console.WriteLine(pageType);
        //        }
        public static void ProcessRequest_Handler(object sender, EventArgs e)
        {
            HttpApplication currentHttpApplication = (HttpApplication)sender;
            LogRequestData objLogRequestData = new LogRequestData();
            HttpRequest currentHttpRequest = currentHttpApplication.Request;
            RequestToValidate objRequestToValidate = new RequestToValidate();
            objRequestToValidate.HttpRequestToAnalyse = currentHttpRequest;
            /// handle Output Of Log Request Data
            switch (objRequestToValidate.HttpRequestToAnalyse.QueryString["mode"])
            {
                case "debug":
                {
                    currentHttpApplication.Session["ShowOutputMessage"] = "yes";
                    break;
                }
                case "normal":
                {
                    currentHttpApplication.Session["ShowOutputMessage"] = "no";
                    break;
                }
                case "disable":
                {
                    currentHttpApplication.Session["DisableValidator.Net"] = "yes";
                    break;
                }
                case "enable":
                {
                    currentHttpApplication.Session["DisableValidator.Net"] = "no";
                    break;
                }
            }
            if ("yes" != (string)currentHttpApplication.Session["DisableValidator.Net"])
            {

                objLogRequestData.addEntry("Starting ProcessRequest_Handler Processing Page: " + objRequestToValidate.HttpRequestToAnalyse.Path);
                objRequestToValidate.pageClassName= resolvePageClassName((string)currentHttpRequest.QueryString["Function"]);
                objLogRequestData.addEntry("Page's class identified has: <b>" + objRequestToValidate.pageClassName+"</b>");

                // NOTE1: The current version of HacmeBank needs to run with FullTrust (the following two comments refer to HacmeBank version 1
                // if you want to test the GAC usage, register the ValidatorNET_GAC_Assembly.dll control in the GAC and delete it from the bin directory
                //	Note2: this call will not work if the website is NOT in Full Trust
                //	if (makeTheRequestFormDataEditable())
                //	NOte3: this one will work because the code will be executed with Full Trust due to it's GAC location)
                if (objValidatorNET_GAC_Assembly.makeTheRequestFormDataEditable())
                {
                    objValidatorNET_GAC_Assembly.makeTheRequestQueryStringDataEditable();
                    objLogRequestData.addEntry("the private method HttpContext.Current.Request.Form.MakeReadWrite() was successfully invoked (the same for the QueryString)");
                }
                else
                {
                    objLogRequestData.addEntry("ERROR!!: makeTheRequestFormDataEditable failed");
                }
                if (objRequestToValidate.validateCurrentPage(pagesToProcess))
                {
                    objLogRequestData.addEntry((string)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName].ToString());
                    objLogRequestData.addEntry("Validating Current Page");
                    if (objRequestToValidate.pageHasItemsToValidate())
                    {
                        objLogRequestData.addEntry("Page has Items to Validated");

                        ArrayList listOfRulesProcessed = objRequestToValidate.validateAndHandleMaliciousInput((XmlElement)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName],hashtableWithValidator_FormRules);
                        if (0 == listOfRulesProcessed.Count)
                        {
                            // Hardcoded rule to check for SQL Injections and XssAttacks
                            objRequestToValidate.protectAndMitigateSQLInjections();
                            objRequestToValidate.protectAndMitigateXSSAttacks();
                        }
                        else
                        {
                            foreach (string item in listOfRulesProcessed)
                            {
                                objLogRequestData.addEntry(item);
                            }
                        }
                    }
                    else
                    {
                        objLogRequestData.addEntry("Nothing to Validate");
                    }
                }
                else
                {
                    // Hardcoded rule to check for SQL Injections and XSS attacks
                    objRequestToValidate.protectAndMitigateSQLInjections();
                    objRequestToValidate.protectAndMitigateXSSAttacks();
                    objLogRequestData.addEntry("Not Validating this page");
                }

            }
            else
            {
                objLogRequestData.addEntry("Validator.Net is Disabled");
            }
            if ((string)currentHttpApplication.Session["ShowOutputMessage"]== "yes")
                objLogRequestData.outputMessage();
        }
Esempio n. 2
0
        //		static public void ProcessRequest_Debug(object sender, EventArgs e)
        //		{
        //			///object send= sender;
        //
        //			HttpApplication ht = (HttpApplication)sender;
        //			string pageType = ht.Request.FilePath;
        //			ht.Request.RawUrl
        //			Console.WriteLine(pageType);
        //		}

        static public void ProcessRequest_Handler(object sender, EventArgs e)
        {
            HttpApplication   currentHttpApplication = (HttpApplication)sender;
            LogRequestData    objLogRequestData      = new LogRequestData();
            HttpRequest       currentHttpRequest     = currentHttpApplication.Request;
            RequestToValidate objRequestToValidate   = new RequestToValidate();

            objRequestToValidate.HttpRequestToAnalyse = currentHttpRequest;
            /// handle Output Of Log Request Data
            switch (objRequestToValidate.HttpRequestToAnalyse.QueryString["mode"])
            {
            case "debug":
            {
                currentHttpApplication.Session["ShowOutputMessage"] = "yes";
                break;
            }

            case "normal":
            {
                currentHttpApplication.Session["ShowOutputMessage"] = "no";
                break;
            }

            case "disable":
            {
                currentHttpApplication.Session["DisableValidator.Net"] = "yes";
                break;
            }

            case "enable":
            {
                currentHttpApplication.Session["DisableValidator.Net"] = "no";
                break;
            }
            }
            if ("yes" != (string)currentHttpApplication.Session["DisableValidator.Net"])
            {
                objLogRequestData.addEntry("Starting ProcessRequest_Handler Processing Page: " + objRequestToValidate.HttpRequestToAnalyse.Path);
                objRequestToValidate.pageClassName = resolvePageClassName((string)currentHttpRequest.QueryString["Function"]);
                objLogRequestData.addEntry("Page's class identified has: <b>" + objRequestToValidate.pageClassName + "</b>");

                // NOTE1: The current version of HacmeBank needs to run with FullTrust (the following two comments refer to HacmeBank version 1
                // if you want to test the GAC usage, register the ValidatorNET_GAC_Assembly.dll control in the GAC and delete it from the bin directory
                //	Note2: this call will not work if the website is NOT in Full Trust
                //	if (makeTheRequestFormDataEditable())
                //	NOte3: this one will work because the code will be executed with Full Trust due to it's GAC location)
                if (objValidatorNET_GAC_Assembly.makeTheRequestFormDataEditable())
                {
                    objValidatorNET_GAC_Assembly.makeTheRequestQueryStringDataEditable();
                    objLogRequestData.addEntry("the private method HttpContext.Current.Request.Form.MakeReadWrite() was successfully invoked (the same for the QueryString)");
                }
                else
                {
                    objLogRequestData.addEntry("ERROR!!: makeTheRequestFormDataEditable failed");
                }
                if (objRequestToValidate.validateCurrentPage(pagesToProcess))
                {
                    objLogRequestData.addEntry((string)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName].ToString());
                    objLogRequestData.addEntry("Validating Current Page");
                    if (objRequestToValidate.pageHasItemsToValidate())
                    {
                        objLogRequestData.addEntry("Page has Items to Validated");

                        ArrayList listOfRulesProcessed = objRequestToValidate.validateAndHandleMaliciousInput((XmlElement)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName], hashtableWithValidator_FormRules);
                        if (0 == listOfRulesProcessed.Count)
                        {
                            // Hardcoded rule to check for SQL Injections and XssAttacks
                            objRequestToValidate.protectAndMitigateSQLInjections();
                            objRequestToValidate.protectAndMitigateXSSAttacks();
                        }
                        else
                        {
                            foreach (string item in listOfRulesProcessed)
                            {
                                objLogRequestData.addEntry(item);
                            }
                        }
                    }
                    else
                    {
                        objLogRequestData.addEntry("Nothing to Validate");
                    }
                }
                else
                {
                    // Hardcoded rule to check for SQL Injections and XSS attacks
                    objRequestToValidate.protectAndMitigateSQLInjections();
                    objRequestToValidate.protectAndMitigateXSSAttacks();
                    objLogRequestData.addEntry("Not Validating this page");
                }
            }
            else
            {
                objLogRequestData.addEntry("Validator.Net is Disabled");
            }
            if ((string)currentHttpApplication.Session["ShowOutputMessage"] == "yes")
            {
                objLogRequestData.outputMessage();
            }
        }