public void AddException(Exception e) { if (e is EnterpriseSecurityException) { IntrusionDetector.logger.LogWarning(ILogger_Fields.SECURITY, ((EnterpriseSecurityException)e).LogMessage, e); } else { IntrusionDetector.logger.LogWarning(ILogger_Fields.SECURITY, e.Message, e); } User currentUser = (User)Owasp.Esapi.Esapi.Authenticator().GetCurrentUser(); string fullName = e.GetType().FullName; if (e is IntrusionException) { return; } try { currentUser.AddSecurityEvent(fullName); } catch (IntrusionException ex) { Threshold quota = Owasp.Esapi.Esapi.SecurityConfiguration().GetQuota(fullName); foreach (string action in (IEnumerable)quota.Actions) { string message = "User exceeded quota of " + (object)quota.Count + " per " + (object)quota.Interval + " seconds for event " + fullName + ". Taking actions " + quota.Actions.ToString(); this.TakeSecurityAction(action, message); } } }
public virtual void AddEvent(string eventName) { IntrusionDetector.logger.LogWarning(ILogger_Fields.SECURITY, "Security event " + eventName + " received"); User currentUser = (User)Owasp.Esapi.Esapi.Authenticator().GetCurrentUser(); try { currentUser.AddSecurityEvent("event." + eventName); } catch (IntrusionException ex) { Threshold quota = Owasp.Esapi.Esapi.SecurityConfiguration().GetQuota("event." + eventName); foreach (string action in (IEnumerable)quota.Actions) { string message = "User exceeded quota of " + (object)quota.Count + " per " + (object)quota.Interval + " seconds for event " + eventName + ". Taking actions " + quota.Actions.ToString(); this.TakeSecurityAction(action, message); } } }
// FIXME: ENHANCE consider allowing both per-user and per-application quotas // e.g. number of failed logins per hour is a per-application quota /// <summary> This implementation uses an exception store in each User object to track /// exceptions. /// </summary> /// <param name="e">The exception to add. /// </param> /// <seealso cref="Owasp.Esapi.Interfaces.IIntrusionDetector.AddException(Exception)"> /// </seealso> public void AddException(Exception e) { if (e is EnterpriseSecurityException) { logger.LogWarning(ILogger_Fields.SECURITY, ((EnterpriseSecurityException)e).LogMessage, e); } else { logger.LogWarning(ILogger_Fields.SECURITY, e.Message, e); } // add the exception to the current user, which may trigger a detector User user = (User)Esapi.Authenticator().GetCurrentUser(); String eventName = e.GetType().FullName; // FIXME: AAA Rethink this - IntrusionExceptions which shouldn't get added to the IntrusionDetector if (e is IntrusionException) { return; } // add the exception to the user's store, handle IntrusionException if thrown try { user.AddSecurityEvent(eventName); } catch (IntrusionException ex) { Threshold quota = Esapi.SecurityConfiguration().GetQuota(eventName); IEnumerator i = quota.Actions.GetEnumerator(); while (i.MoveNext()) { string action = (string)i.Current; string message = "User exceeded quota of " + quota.Count + " per " + quota.Interval + " seconds for event " + eventName + ". Taking actions " + quota.Actions.ToString(); TakeSecurityAction(action, message); } } }
/// <summary> Adds the event to the IntrusionDetector. /// /// </summary> /// <param name="eventName">The event to add. /// </param> /// <seealso cref="Owasp.Esapi.Interfaces.IIntrusionDetector.AddEvent(string)"> /// </seealso> public virtual void AddEvent(string eventName) { logger.LogWarning(ILogger_Fields.SECURITY, "Security event " + eventName + " received"); // add the event to the current user, which may trigger a detector User user = (User)Esapi.Authenticator().GetCurrentUser(); try { user.AddSecurityEvent("event." + eventName); } catch (IntrusionException ex) { Threshold quota = Esapi.SecurityConfiguration().GetQuota("event." + eventName); IEnumerator i = quota.Actions.GetEnumerator(); while (i.MoveNext()) { string action = (string)i.Current; string message = "User exceeded quota of " + quota.Count + " per " + quota.Interval + " seconds for event " + eventName + ". Taking actions " + quota.Actions.ToString(); TakeSecurityAction(action, message); } } }