public override string SanitizeTextBody(string contentType, string body)
{
JToken jsonO;
// Prevent default behavior where JSON.NET will convert DateTimeOffset
// into a DateTime.
if (!LegacyConvertJsonDateTokens)
{
jsonO = JsonConvert.DeserializeObject <JToken>(body, SerializerSettings);
}
else
{
jsonO = JToken.Parse(body);
}
foreach (JToken token in jsonO.SelectTokens(_jsonPath))
{
// HasValues is false for tokens with children. We will not apply sanitization if that is the case.
if (!token.HasValues)
{
var replacement = StringSanitizer.SanitizeValue(token.Value <string>(), _newValue, _regexValue, _groupForReplace);
// this sanitizer should only apply to actual values
// if we attempt to apply a regex update to a jtoken that has a more complex type, throw
token.Replace(JToken.FromObject(replacement));
}
}
return(JsonConvert.SerializeObject(jsonO, SerializerSettings));
}
// Token: 0x06000D83 RID: 3459 RVA: 0x0005A178 File Offset: 0x00058378
private OwaContext(HttpContext httpContext)
{
this.httpContext = httpContext;
this.FormsRegistryContext = new FormsRegistryContext(ApplicationElement.NotSet, null, null, null);
string pathAndQuery = this.GetModifiedUri().PathAndQuery;
this.latencyDetectionContext = OwaContext.OwaLatencyDetectionContextFactory.CreateContext(Globals.ApplicationVersion, pathAndQuery, new IPerformanceDataProvider[]
{
PerformanceContext.Current,
RpcDataProvider.Instance,
MemoryDataProvider.Instance
});
if (Globals.CollectPerRequestPerformanceStats)
{
this.owaPerformanceData = new OwaPerformanceData(httpContext.Request);
}
if (!StringSanitizer <OwaHtml> .TrustedStringsInitialized)
{
string location = Assembly.GetExecutingAssembly().Location;
StringSanitizer <OwaHtml> .InitializeTrustedStrings(new string[]
{
location
});
}
}
/// <summary>
/// This sanitizer offers regex replace within a returned body. Specifically, this means regex applying to the raw JSON. If you are attempting to simply
/// replace a specific key, the BodyKeySanitizer is probably the way to go. Regardless, there are examples present in SanitizerTests.cs.
/// to
/// </summary>
/// <param name="value">The substitution value.</param>
/// <param name="regex">A regex. Can be defined as a simple regex replace OR if groupForReplace is set, a subsitution operation.</param>
/// <param name="groupForReplace">The capture group that needs to be operated upon. Do not set if you're invoking a simple replacement operation.</param>
/// <param name="condition">
/// A condition that dictates when this sanitizer applies to a request/response pair. The content of this key should be a JSON object that contains configuration keys.
/// Currently, that only includes the key "uriRegex". This translates to an object that looks like '{ "uriRegex": "when this regex matches, apply the sanitizer" }'. Defaults to "apply always."
/// </param>
public BodyRegexSanitizer(string value = "Sanitized", string regex = null, string groupForReplace = null, ApplyCondition condition = null)
{
_newValue = value;
_regexValue = regex;
_groupForReplace = groupForReplace;
Condition = condition;
StringSanitizer.ConfirmValidRegex(regex);
}
// Token: 0x06001C4E RID: 7246 RVA: 0x000A25B4 File Offset: 0x000A07B4
public static SanitizedHtmlString Format(IFormatProvider provider, string format, params object[] args)
{
SanitizedHtmlString sanitizedHtmlString = new SanitizedHtmlString();
sanitizedHtmlString.UntrustedValue = StringSanitizer <OwaHtml> .SanitizeFormat(provider, format, args);
sanitizedHtmlString.DecreeToBeTrusted();
return(sanitizedHtmlString);
}
// Token: 0x06001C4D RID: 7245 RVA: 0x000A2588 File Offset: 0x000A0788
public static SanitizedHtmlString Format(string format, params object[] args)
{
SanitizedHtmlString sanitizedHtmlString = new SanitizedHtmlString();
sanitizedHtmlString.UntrustedValue = StringSanitizer <OwaHtml> .SanitizeFormat(CultureInfo.InvariantCulture, format, args);
sanitizedHtmlString.DecreeToBeTrusted();
return(sanitizedHtmlString);
}
/// <summary>
/// This sanitizer offers regex update of a specific JTokenPath. EG: "TableName" within a json response body having its value replaced by
/// whatever substitution is offered. This simply means that if you are attempting to replace a specific key wholesale, this sanitizer will be
/// simpler than configuring a BodyRegexSanitizer that has to match against the full "KeyName": "Value" that is part of the json structure. Further reading is available
/// <a href="https://www.newtonsoft.com/json/help/html/SelectToken.htm#SelectTokenJSONPath">here.</a> If the body is NOT a JSON object, this sanitizer will NOT be applied.
/// </summary>
/// <param name="jsonPath">The SelectToken path (which could possibly match multiple entries) that will be used to select JTokens for value replacement.</param>
/// <param name="value">The substitution value.</param>
/// <param name="regex">A regex. Can be defined as a simple regex replace OR if groupForReplace is set, a subsitution operation. Defaults to replacing the entire string.</param>
/// <param name="groupForReplace">The regex capture group that needs to be operated upon. Do not set if you're invoking a simple replacement operation.</param>
/// <param name="condition">
/// A condition that dictates when this sanitizer applies to a request/response pair. The content of this key should be a JSON object that contains various configuration keys.
/// Currently, that only includes the key "uriRegex". This translates to an object that looks like '{ "uriRegex": "when this regex matches, apply the sanitizer" }'. Defaults to "apply always."
/// </param>
public BodyKeySanitizer(string jsonPath, string value = "Sanitized", string regex = ".+", string groupForReplace = null, ApplyCondition condition = null)
{
_jsonPath = jsonPath;
_newValue = value;
_regexValue = regex;
_groupForReplace = groupForReplace;
Condition = condition;
StringSanitizer.ConfirmValidRegex(regex);
}
/// <summary>
/// Can be used for multiple purposes:
/// 1) To replace a key with a specific value, do not set "regex" value.
/// 2) To do a simple regex replace operation, define arguments "key", "value", and "regex"
/// 3) To do a targeted substitution of a specific group, define all arguments "key", "value", and "regex"
/// </summary>
/// <param name="key">The name of the header we're operating against.</param>
/// <param name="value">The substitution or whole new header value, depending on "regex" setting.</param>
/// <param name="regex">A regex. Can be defined as a simple regex replace OR if groupForReplace is set, a subsitution operation.</param>
/// <param name="groupForReplace">The capture group that needs to be operated upon. Do not set if you're invoking a simple replacement operation.</param>
/// <param name="condition">
/// A condition that dictates when this sanitizer applies to a request/response pair. The content of this key should be a JSON object that contains configuration keys.
/// Currently, that only includes the key "uriRegex". This translates to an object that looks like '{ "uriRegex": "when this regex matches, apply the sanitizer" }'. Defaults to "apply always."
/// </param>
public HeaderRegexSanitizer(string key, string value = "Sanitized", string regex = ".+", string groupForReplace = null, ApplyCondition condition = null)
{
_targetKey = key;
_newValue = value;
_regexValue = regex;
_groupForReplace = groupForReplace;
Condition = condition;
StringSanitizer.ConfirmValidRegex(regex);
}
public override void SanitizeHeaders(IDictionary <string, string[]> headers)
{
if (headers.ContainsKey(_targetKey))
{
var originalValue = headers[_targetKey][0];
var replacement = StringSanitizer.SanitizeValue(originalValue, _newValue, _regexValue, _groupForReplace);
headers[_targetKey] = new string[] { replacement };
}
}
/// <summary>
/// This sanitizer offers a general regex replace across request/response Body, Headers, and URI. For the body, this means regex applying to the raw JSON.
/// to
/// </summary>
/// <param name="value">The substitution value.</param>
/// <param name="regex">A regex. Can be defined as a simple regex replace OR if groupForReplace is set, a subsitution operation.</param>
/// <param name="groupForReplace">The capture group that needs to be operated upon. Do not set if you're invoking a simple replacement operation.</param>
/// <param name="condition">
/// A condition that dictates when this sanitizer applies to a request/response pair. The content of this key should be a JSON object that contains configuration keys.
/// Currently, that only includes the key "uriRegex". This translates to an object that looks like '{ "uriRegex": "when this regex matches, apply the sanitizer" }'. Defaults to "apply always."
/// </param>
public GeneralRegexSanitizer(string value = "Sanitized", string regex = ".+", string groupForReplace = null, ApplyCondition condition = null)
{
_newValue = value;
_regexValue = regex;
_groupForReplace = groupForReplace;
Condition = condition;
StringSanitizer.ConfirmValidRegex(regex);
_bodySanitizer = new BodyRegexSanitizer(value, regex, groupForReplace);
_uriSanitizer = new UriRegexSanitizer(value, regex, groupForReplace);
}
public override string SanitizeTextBody(string contentType, string body)
{
bool sanitized = false;
JToken jsonO;
try
{
// Prevent default behavior where JSON.NET will convert DateTimeOffset
// into a DateTime.
if (!LegacyConvertJsonDateTokens)
{
jsonO = JsonConvert.DeserializeObject <JToken>(body, SerializerSettings);
}
else
{
jsonO = JToken.Parse(body);
}
}
catch (JsonReaderException)
{
return(body);
}
foreach (JToken token in jsonO.SelectTokens(_jsonPath))
{
// HasValues is false for tokens with children. We will not apply sanitization if that is the case.
if (!token.HasValues)
{
var originalValue = token.Value <string>();
// regex replacement does not support null
if (originalValue == null)
{
continue;
}
var replacement = StringSanitizer.SanitizeValue(originalValue, _newValue, _regexValue, _groupForReplace);
// this sanitizer should only apply to actual values
// if we attempt to apply a regex update to a jtoken that has a more complex type, throw
token.Replace(JToken.FromObject(replacement));
if (originalValue != replacement)
{
sanitized = true;
}
}
}
return(sanitized ? JsonConvert.SerializeObject(jsonO, SerializerSettings) : body);
}
public override void SanitizeHeaders(IDictionary <string, string[]> headers)
{
if (headers.ContainsKey(_targetKey))
{
// Accessing 0th key safe due to the fact that we force header values in without splitting them on ;.
// We do this because letting .NET split and then reassemble header values introduces a space into the header itself
// Ex: "application/json;odata=minimalmetadata" with .NET default header parsing becomes "application/json; odata=minimalmetadata"
// Given this breaks signature verification, we have to avoid it.
var originalValue = headers[_targetKey][0];
var replacement = StringSanitizer.SanitizeValue(originalValue, _newValue, _regexValue, _groupForReplace);
headers[_targetKey] = new string[] { replacement };
}
}
public override void SanitizeHeaders(IDictionary <string, string[]> headers)
{
foreach (var headerKey in headers.Keys)
{
// Accessing 0th key safe due to the fact that we force header values in without splitting them on ;.
// We do this because letting .NET split and then reassemble header values introduces a space into the header itself
// Ex: "application/json;odata=minimalmetadata" with .NET default header parsing becomes "application/json; odata=minimalmetadata"
// Given this breaks signature verification, we have to avoid it.
var originalValue = headers[headerKey][0];
var replacement = StringSanitizer.ReplaceValue(inputValue: originalValue, targetValue: _targetValue, replacementValue: _newValue);
headers[headerKey][0] = replacement;
}
}
/// <summary>
/// Fetches a list of github users from either the api or in the memory cache
/// </summary>
/// <param name="model">list of string username</param>
/// <returns>response object</returns>
public async Task <ResponseObject> GetGitHubUsers(string model)
{
var response = new ResponseObject(ResponseType.Success, string.Empty);
List <string> stringListModel = DataTypeConverter.ConvertStringToList(model);
var gitHubUserList = new List <GitHubUsersDto>();
stringListModel = StringSanitizer.SanitizeStringListByGitHubPolicy(stringListModel);
var modelValuesCount = ValidateArrayString(stringListModel);
if (!modelValuesCount.IsSuccess)
{
return(modelValuesCount);
}
int numberOfCachedRecords = 0;
int numberOfRecordsNotFound = 0;
foreach (var item in stringListModel)
{
if (stringListModel.Any())
{
var sanitizedString = StringSanitizer.ToLowerAndTrim(item);
var gitHubUserDto = new GitHubUsersDto();
var fetchDataFromGithub = await FetchDataByUserName(sanitizedString);
if (fetchDataFromGithub.IsSuccess)
{
gitHubUserDto = _mapper.Map <GitHubUsersDto>(fetchDataFromGithub.Data);
_inMemoryWorkerService.StoreDataInMemory(gitHubUserDto, StringSanitizer.ToLowerAndTrim(gitHubUserDto.Login));
gitHubUserList.Add(gitHubUserDto);
}
else if (fetchDataFromGithub.IsCached)
{
gitHubUserDto = _mapper.Map <GitHubUsersDto>(fetchDataFromGithub.Data);
numberOfCachedRecords++;
gitHubUserList.Add(gitHubUserDto);
}
else
{
numberOfRecordsNotFound++;
}
}
}
response.Data = gitHubUserList.OrderBy(x => x.Name);
response.Message = numberOfCachedRecords + " out of " + modelValuesCount.Data + " is cached and " + numberOfRecordsNotFound + " record(s) were not found. Username that violates github policy were removed.";
return(response);
}
public override string SanitizeUri(string uri)
{
return(StringSanitizer.ReplaceValue(inputValue: uri, targetValue: _targetValue, replacementValue: _newValue));
}
public override string SanitizeTextBody(string contentType, string body)
{
return(StringSanitizer.SanitizeValue(body, _newValue, _regexValue, _groupForReplace));
}
public override byte[] SanitizeBody(string contentType, byte[] body)
{
return(Encoding.UTF8.GetBytes(StringSanitizer.ReplaceValue(inputValue: Encoding.UTF8.GetString(body), targetValue: _targetValue, replacementValue: _newValue)));
}
public override string SanitizeTextBody(string contentType, string body)
{
return(StringSanitizer.ReplaceValue(inputValue: body, targetValue: _targetValue, replacementValue: _newValue));
}
public override byte[] SanitizeBody(string contentType, byte[] body)
{
return(Encoding.UTF8.GetBytes(StringSanitizer.SanitizeValue(Encoding.UTF8.GetString(body), _newValue, _regexValue, _groupForReplace)));
}
public override string SanitizeUri(string uri)
{
return(StringSanitizer.SanitizeValue(uri, _newValue, _regexValue, _groupForReplace));
}
