public UsingASCII(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.AllowedList;
}
public DateTimeType5(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 33;
SaniType = SaniTypes.MinMax;
}
public LongType1(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.MinMax;
}
public IntegerType3(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.MinMax;
}
public BooleanType4(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 5;
SaniType = SaniTypes.MinMax;
}
public DecimalType2(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 15;
SaniType = SaniTypes.MinMax;
}
public Truncate(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.Truncate;
}
public NormalizeOrLimit(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 10;
SaniType = SaniTypes.NormalizeOrLimit;
}
public UsingASCII(SaniCore saniCore)
{
SaniCore = saniCore;
TruncateLength = 15;
SaniType = SaniTypes.FileNameCleanse;
}
public static void TrackOrThrowException(int truncateLength, SaniTypes saniType, SaniCore saniCore, string msgTitle, string msg, string strToClean, Exception ex) //"Filename: "
{
string exceptionValue = String.Empty;
//Truncate length to protect the log
if (string.IsNullOrWhiteSpace(strToClean))
{
exceptionValue = String.Empty;
}
else
{
if (strToClean.Length >= truncateLength)
{
exceptionValue = strToClean.Substring(0, truncateLength);
}
else
{
exceptionValue = strToClean;
}
}
//Limit to ASCII Only and remove possible malicious characters - apply a limited allowedList to protect the log
exceptionValue = (new string(exceptionValue.ToCharArray().Where(c => ((32 <= (int)c && (int)c <= 126) &&
((int)c != 37) && //% sign - could be part of hexadecimal character
((int)c != 47) && //forward slash - could be part of a malicious URL
((int)c != 64) && //@ symbol - could be part of a malicious email address
((int)c != 92) //backslash - could be part of a null byte or unicode bypass character
)).ToArray()));
if (saniCore.SanitizerApproach == Approach.TrackExceptionsInList)
{
string exceptionMsg = String.Empty;
if (ex != null && ex.Message != null)
{
exceptionMsg = ex.Message;
}
saniCore.SaniExceptions.Add(Guid.NewGuid(), new KeyValuePair <SaniTypes, string>(saniType, msgTitle + exceptionValue + " Exception: " + exceptionMsg));
}
else
{
throw new SanitizerException(msg + (exceptionValue ?? String.Empty), ex);
}
}
