/// <summary>
/// Analyse transformation for deprecated custom macros.
/// </summary>
/// <param name="transformationId">ID of the transformation.</param>
/// <param name="transformationName">Name of the transformation.</param>
/// <param name="transformationCode">Code of the transformation.</param>
/// <param name="result">Result of deprecated custom macro analysis (not modified if none found).</param>
private void AnalyseCustomMacros(TransformationInfo transformationInfo, List <string> report)
{
if (!string.IsNullOrWhiteSpace(transformationInfo.Code))
{
// Check if transformation code contains deprecated custom macros
bool customMacrosFound = MacroValidator.Current.ContainsMacros(transformationInfo.Code, MacroValidator.MacroType.Custom);
// If custom macros have been found, set appropriate result
UpdateReport(transformationInfo, report, customMacrosFound);
}
}
private void UpdateReport(TransformationInfo transformationInfo, List <string> report, bool issueFound)
{
if (issueFound)
{
report.Add(GetTransformationReportLink(transformationInfo));
}
else
{
report.Add($"Identified no issues in <em>{transformationInfo.FullName}</em> ({transformationInfo.ID})");
}
}
/// <summary>
/// Gets the transformation report links.
/// </summary>
/// <param name="transformationId">ID of the transformation.</param>
/// <param name="transformationName">Name of the transformation.</param>
/// <param name="transformationCode">Code of the transformation.</param>
/// <returns>Report with possible links for given transformation.</returns>
private string GetTransformationReportLink(TransformationInfo transformationInfo)
{
StringBuilder res = new StringBuilder();
res.Append("<a href=\"").Append(instanceInfo.Uri)
.Append("/CMSModules/DocumentTypes/Pages/Development/DocumentType_Edit_Transformation_Edit.aspx?objectid=")
.Append(transformationInfo.ID)
.Append("\" target=\"_blank\">")
.Append(transformationInfo.FullName)
.Append("</a> ");
return(res.ToString());
}
/// <summary>
/// Analysis transformation code for XSS vulnerabilities.
/// </summary>
/// <param name="transformationId">ID of the transformation.</param>
/// <param name="transformationName">Name of the transformation.</param>
/// <param name="transformationCode">Code of the transformation.</param>
/// <param name="result">Result of XSS vulnerability analysis (not modified if none found).</param>
private void AnalyseXss(TransformationInfo transformationInfo, List <string> report)
{
var result = string.Empty;
if (!string.IsNullOrWhiteSpace(transformationInfo.Code))
{
// Check if transformation code contains the malicious input
bool potentialXssFound = regexPatterns.Any(p => p.IsMatch(transformationInfo.Code));
// If potential XSS has been found, set appropriate result
UpdateReport(transformationInfo, report, potentialXssFound);
}
}
private List <TransformationInfo> GetTransformationInfo(IEnumerable <string> fullTransformationNames)
{
var transformationInfos = new List <TransformationInfo>();
foreach (var fullTransformationName in fullTransformationNames)
{
var name = fullTransformationName.Substring(fullTransformationName.LastIndexOf('.') + 1);
var className = fullTransformationName.Substring(0, fullTransformationName.LastIndexOf('.'));
var transformationInfo = new TransformationInfo()
{
FullName = fullTransformationName,
Name = name,
ClassName = className,
};
transformationInfos.Add(transformationInfo);
}
var classNames = transformationInfos.Select(x => x.ClassName).Distinct();
var classDetails = GetClassInfo(classNames);
foreach (var transformationInfo in transformationInfos)
{
int classID = 0;
classDetails.TryGetValue(transformationInfo.ClassName, out classID);
transformationInfo.ClassID = classID;
}
var transformationTable = GetTransformationListTable(transformationInfos);
var transformationInfoData = GetDataWhereInTable(transformationTable);
foreach (DataRow item in transformationInfoData.Rows)
{
var id = int.Parse(item["TransformationID"].ToString());
var classID = int.Parse(item["TransformationClassID"].ToString());
var name = item["TransformationName"].ToString();
var code = item["TransformationCode"].ToString();
var index = transformationInfos.FindIndex(ti => ti.Name.ToLower() == name.ToLower() && ti.ClassID == classID);
transformationInfos[index].ID = id;
transformationInfos[index].Code = code;
}
return(transformationInfos);
}