public IActionResult GetTransactions([FromQuery] int start, [FromQuery] int length, [FromQuery(Name = "search[value]")] string search)
{
DataTableResp <TransactionResp> dataTableResp = _transactionBL.GetTransactions(
HttpContext.GetUserName(), search, start, length);
return(Ok(dataTableResp));
}
public virtual async Task <DataTableResp <StoreItem> > GetStoreItems()
{
List <StoreItem> storeItems = await _storeAPICalls.GetStoreItemsAsync();
DataTableResp <StoreItem> dataTableResp = new DataTableResp <StoreItem>(
recordsTotal: storeItems.Count,
recordsFiltered: storeItems.Count,
data: storeItems);
return(dataTableResp);
}
public async Task <IActionResult> GetStoreItems()
{
DataTableResp <StoreItem> dataTableResp = await _adminStoreBL.GetStoreItems();
if (dataTableResp == null)
{
return(BadRequest());
}
return(Ok(dataTableResp));
}
public override DataTableResp <TransactionResp> GetTransactions(string userName, string search, int start, int lenght)
{
CtfChallangeModel sqlInjectionChallange = _ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.SqlInjection)
.Single();
DataTableResp <TransactionResp> paginatedTransactions = base.GetTransactions(userName, search, start, lenght);
if (paginatedTransactions == null)
{
paginatedTransactions = new DataTableResp <TransactionResp>();
}
string validSearch = search;
if (search == null || search.All(x => "%".Contains(x)))
{
validSearch = null;
}
List <TransactionResp> validTransactions = _transactionDAO.GetTransactionsCtfCheck(userName, validSearch);
if (validTransactions.Count != paginatedTransactions.RecordsTotal)
{
_httpContextAccessor.HttpContext.Response.Headers.Add(sqlInjectionChallange.FlagKey, sqlInjectionChallange.Flag);
}
else
{
foreach (TransactionResp transaction in paginatedTransactions.Data)
{
if (!validTransactions.Any(x => x.IsEqual(transaction)))
{
_httpContextAccessor.HttpContext.Response.Headers.Add(sqlInjectionChallange.FlagKey, sqlInjectionChallange.Flag);
break;
}
}
}
bool xss = paginatedTransactions.Data.Any(x => CtfConstants.XXS_KEYVORDS.Any(c =>
(x.SenderId?.Contains(c) ?? false) || (x.ReceiverId?.Contains(c) ?? false) || (x.Reason?.Contains(c) ?? false) || (x.Reference?.Contains(c) ?? false)));
if (xss)
{
CtfChallangeModel xxsChallange = _ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.Xss)
.Single();
_httpContextAccessor.HttpContext.Response.Headers.Add(xxsChallange.FlagKey, xxsChallange.Flag);
}
return(base.GetTransactions(userName, search, start, lenght));
}
public override async Task <DataTableResp <StoreItem> > GetStoreItems()
{
DataTableResp <StoreItem> storeItems = await base.GetStoreItems();
bool xss = storeItems.Data.Any(x => CtfConstants.XXS_KEYVORDS.Any(c => (x.Name?.Contains(c) ?? false) || (x.Description?.Contains(c) ?? false)));
if (xss)
{
CtfChallangeModel xxsChallange = _ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.Xss)
.Single();
_httpContextAccessor.HttpContext.Response.Headers.Add(xxsChallange.FlagKey, xxsChallange.Flag);
}
return(storeItems);
}
public override DataTableResp <AdminUserInfoResp> GetUsers()
{
DataTableResp <AdminUserInfoResp> users = base.GetUsers();
bool xss = users.Data.Any(x => CtfConstants.XXS_KEYVORDS.Any(c =>
(x.Name?.Contains(c) ?? false) || (x.Surname?.Contains(c) ?? false) || (x.Username?.Contains(c) ?? false)));
if (xss)
{
CtfChallangeModel xxsChallange = _ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.Xss)
.Single();
_httpContextAccessor.HttpContext.Response.Headers.Add(xxsChallange.FlagKey, xxsChallange.Flag);
}
return(users);
}
public override DataTableResp <TransactionResp> GetTransactions()
{
DataTableResp <TransactionResp> transactions = base.GetTransactions();
bool xss = transactions.Data.Any(x => CtfConstants.XXS_KEYVORDS.Any(c =>
(x.SenderId?.Contains(c) ?? false) || (x.ReceiverId?.Contains(c) ?? false) || (x.Reason?.Contains(c) ?? false) || (x.Reference?.Contains(c) ?? false) ||
(x.SenderName?.Contains(c) ?? false) || (x.SenderSurname?.Contains(c) ?? false) || (x.ReceiverName?.Contains(c) ?? false) ||
(x.ReceiverSurname?.Contains(c) ?? false)));
if (xss)
{
CtfChallangeModel xssChallange = _ctfOptions.CtfChallanges
.Where(x => x.Type == CtfChallengeTypes.Xss)
.Single();
_httpContextAccessor.HttpContext.Response.Headers.Add(xssChallange.FlagKey, xssChallange.Flag);
}
return(transactions);
}
public IActionResult GetAllUsers()
{
DataTableResp <AdminUserInfoResp> users = _adminBL.GetUsers();
return(Ok(users));
}
public IActionResult Transactions()
{
DataTableResp <TransactionResp> transactions = _adminBL.GetTransactions();
return(Ok(transactions));
}
