The options available for web applications using .NETIDS
상속: IDSBaseSettings
예제 #1
0
 public IDSPageSettings(IDSGlobalSettings GlobalSettings)
 {
     this.CookieExclusions.AddRange(GlobalSettings.CookieExclusions);
     this.DecodeJS    = GlobalSettings.DecodeJS;
     this.DecodeUTF7  = GlobalSettings.DecodeUTF7;
     this.ScanCookies = GlobalSettings.ScanCookies;
     this.ScanGet     = GlobalSettings.ScanGet;
     this.ScanHeaders = GlobalSettings.ScanHeaders;
     this.ScanKeys    = GlobalSettings.ScanKeys;
     this.ScanOutput  = GlobalSettings.ScanOutput;
     this.ScanPost    = GlobalSettings.ScanPost;
 }
예제 #2
0
        /// <summary>
        /// The Secure Page's OnInit event handler
        /// </summary>
        /// <param name="e">The Page Init EventArgs</param>
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            //Create a config object
            IDSGlobalSettings settings = new IDSGlobalSettings();
            IDSPageSettings pageSettings = new IDSPageSettings(settings);

            pageSettings.OnIDSEvent = OnIDSEvent;
            pageSettings.CookieExclusions = _exclusions_cookies;
            pageSettings.PostExclusions = _exclusions_post;
            pageSettings.HeaderExclusions = _exclusions_headers;
            pageSettings.GetExclusions = _exclusions_get;
            pageSettings.DecodeJS = _decodeJS;
            pageSettings.DecodeUTF7 = _decodeUTF7;

            settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings);

            WebScanRunner wsr = new WebScanRunner(settings);
            wsr.Run();
        }
예제 #3
0
        /// <summary>
        /// The Secure Page's OnInit event handler
        /// </summary>
        /// <param name="e">The Page Init EventArgs</param>
        protected override void OnInit(EventArgs e)
        {
            base.OnInit(e);

            //Create a config object
            IDSGlobalSettings settings     = new IDSGlobalSettings();
            IDSPageSettings   pageSettings = new IDSPageSettings(settings);

            pageSettings.OnIDSEvent       = OnIDSEvent;
            pageSettings.CookieExclusions = _exclusions_cookies;
            pageSettings.PostExclusions   = _exclusions_post;
            pageSettings.HeaderExclusions = _exclusions_headers;
            pageSettings.GetExclusions    = _exclusions_get;
            pageSettings.DecodeJS         = _decodeJS;
            pageSettings.DecodeUTF7       = _decodeUTF7;

            settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings);

            WebScanRunner wsr = new WebScanRunner(settings);

            wsr.Run();
        }
예제 #4
0
        void ids_BeginRequest(object sender, EventArgs e)
        {
            //Attempt to read the app's config
            IDSGlobalSettings ims = (IDSGlobalSettings)ConfigurationSettings.GetConfig("dotnetids/idsconfig");

            string filename = System.IO.Path.GetFileName(HttpContext.Current.Request.Url.AbsolutePath).ToLowerInvariant();

            //Look for regex options to exclude
            foreach (RegexSettings rs in ims.ExcludedRegexen)
            {
                RegexOptions ro = new RegexOptions();

                if (rs.IgnoreCase)
                {
                    ro = ro | RegexOptions.IgnoreCase;
                }

                if (Regex.IsMatch(HttpContext.Current.Request.Url.AbsolutePath, rs.Pattern, ro))
                {
                    return;
                }
            }

            //Look for pages to exclude
            foreach (string s in ims.ExcludedPages)
            {
                if (s.ToLowerInvariant() == filename)
                {
                    return;
                }
            }

            //Run the scanner
            WebScanRunner sr = new WebScanRunner(ims);

            sr.Run();
        }
예제 #5
0
        public object Create(object parent,
                             object configContext, System.Xml.XmlNode section)
        {
            IDSGlobalSettings settings = new IDSGlobalSettings();
            IDSBaseSettings   ibs      = (IDSBaseSettings)settings;

            //Load base IDS settings
            LoadBaseSettings(ref ibs, section);

            //Get page exclusions
            XmlNodeList xnl = section.SelectNodes("excludepage");

            foreach (XmlNode n in xnl)
            {
                string pagetoexclude = GetAttribute(n, "page", true);
                settings.ExcludedPages.Add(pagetoexclude);
            }

            //Get regex exclusions
            xnl = section.SelectNodes("excluderegex");

            foreach (XmlNode n in xnl)
            {
                string pattern    = GetAttribute(n, "pattern", true);
                bool   ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true));
                settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase));
            }

            //Get the global callbacks
            xnl = section.SelectNodes("callback");

            foreach (XmlNode n in xnl)
            {
                string method           = GetAttribute(n, "method", true);
                string namespaceandtype = GetAttribute(n, "namespaceandtype", true);
                string assembly         = GetAttribute(n, "assembly", true);

                settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
            }

            //Get page settings
            xnl = section.SelectNodes("pagesetup");

            foreach (XmlNode n in xnl)
            {
                string pagename = GetAttribute(n, "page", true);

                //Create a page settings object
                IDSPageSettings ips = new IDSPageSettings(settings);

                try
                {
                    settings.PageSettings.Add(pagename, ips);
                }
                catch (Exception e)
                {
                    throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e);
                }

                //Populate base data
                IDSBaseSettings pagebase = (IDSBaseSettings)ips;
                LoadBaseSettings(ref pagebase, n);

                //Look for page callbacks
                XmlNodeList pagecallbacks = n.SelectNodes("callback");

                foreach (XmlNode pagecallback in pagecallbacks)
                {
                    string method           = GetAttribute(pagecallback, "method", true);
                    string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true);
                    string assembly         = GetAttribute(pagecallback, "assembly", true);

                    ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
                }
            }

            return(settings);
        }
예제 #6
0
 public WebScanRunner(IDSGlobalSettings settings)
 {
     _settings = settings;
 }
예제 #7
0
 public WebScanRunner(IDSGlobalSettings settings)
 {
     _settings = settings;
 }
예제 #8
0
 public IDSPageSettings(IDSGlobalSettings GlobalSettings)
 {
     this.CookieExclusions.AddRange(GlobalSettings.CookieExclusions);
     this.DecodeJS = GlobalSettings.DecodeJS;
     this.DecodeUTF7 = GlobalSettings.DecodeUTF7;
     this.ScanCookies = GlobalSettings.ScanCookies;
     this.ScanGet = GlobalSettings.ScanGet;
     this.ScanHeaders = GlobalSettings.ScanHeaders;
     this.ScanKeys = GlobalSettings.ScanKeys;
     this.ScanOutput = GlobalSettings.ScanOutput;
     this.ScanPost = GlobalSettings.ScanPost;
 }
예제 #9
0
        public object Create(object parent,
               object configContext, System.Xml.XmlNode section)
        {
            IDSGlobalSettings settings = new IDSGlobalSettings();
            IDSBaseSettings ibs = (IDSBaseSettings)settings;

            //Load base IDS settings
            LoadBaseSettings(ref ibs, section);

            //Get page exclusions
            XmlNodeList xnl = section.SelectNodes("excludepage");

            foreach (XmlNode n in xnl)
            {
                string pagetoexclude = GetAttribute(n, "page", true);
                settings.ExcludedPages.Add(pagetoexclude);
            }

            //Get regex exclusions
            xnl = section.SelectNodes("excluderegex");

            foreach (XmlNode n in xnl)
            {
                string pattern = GetAttribute(n, "pattern", true);
                bool ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true));
                settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase));
            }
            
            //Get the global callbacks
            xnl = section.SelectNodes("callback");

            foreach (XmlNode n in xnl)
            {
                string method = GetAttribute(n, "method", true);
                string namespaceandtype = GetAttribute(n, "namespaceandtype", true);
                string assembly = GetAttribute(n, "assembly", true);

                settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
            }

            //Get page settings
            xnl = section.SelectNodes("pagesetup");

            foreach (XmlNode n in xnl)
            {
                string pagename = GetAttribute(n, "page", true);

                //Create a page settings object
                IDSPageSettings ips = new IDSPageSettings(settings);

                try
                {
                    settings.PageSettings.Add(pagename, ips);
                }
                catch (Exception e)
                {
                    throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e);
                }

                //Populate base data
                IDSBaseSettings pagebase = (IDSBaseSettings)ips;
                LoadBaseSettings(ref pagebase, n);

                //Look for page callbacks
                XmlNodeList pagecallbacks = n.SelectNodes("callback");

                foreach (XmlNode pagecallback in pagecallbacks)
                {
                    string method = GetAttribute(pagecallback, "method", true);
                    string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true);
                    string assembly = GetAttribute(pagecallback, "assembly", true);

                    ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly));
                }
            }
            
            return settings;
        }