public UsingASCII(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.AllowedList; }
public DateTimeType5(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 33; SaniType = SaniTypes.MinMax; }
public LongType1(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.MinMax; }
public IntegerType3(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.MinMax; }
public BooleanType4(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 5; SaniType = SaniTypes.MinMax; }
public DecimalType2(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 15; SaniType = SaniTypes.MinMax; }
public Truncate(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.Truncate; }
public NormalizeOrLimit(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 10; SaniType = SaniTypes.NormalizeOrLimit; }
public UsingASCII(SaniCore saniCore) { SaniCore = saniCore; TruncateLength = 15; SaniType = SaniTypes.FileNameCleanse; }
public static void TrackOrThrowException(int truncateLength, SaniTypes saniType, SaniCore saniCore, string msgTitle, string msg, string strToClean, Exception ex) //"Filename: " { string exceptionValue = String.Empty; //Truncate length to protect the log if (string.IsNullOrWhiteSpace(strToClean)) { exceptionValue = String.Empty; } else { if (strToClean.Length >= truncateLength) { exceptionValue = strToClean.Substring(0, truncateLength); } else { exceptionValue = strToClean; } } //Limit to ASCII Only and remove possible malicious characters - apply a limited allowedList to protect the log exceptionValue = (new string(exceptionValue.ToCharArray().Where(c => ((32 <= (int)c && (int)c <= 126) && ((int)c != 37) && //% sign - could be part of hexadecimal character ((int)c != 47) && //forward slash - could be part of a malicious URL ((int)c != 64) && //@ symbol - could be part of a malicious email address ((int)c != 92) //backslash - could be part of a null byte or unicode bypass character )).ToArray())); if (saniCore.SanitizerApproach == Approach.TrackExceptionsInList) { string exceptionMsg = String.Empty; if (ex != null && ex.Message != null) { exceptionMsg = ex.Message; } saniCore.SaniExceptions.Add(Guid.NewGuid(), new KeyValuePair <SaniTypes, string>(saniType, msgTitle + exceptionValue + " Exception: " + exceptionMsg)); } else { throw new SanitizerException(msg + (exceptionValue ?? String.Empty), ex); } }