public void Inspect(ResponseAnalysisContext context, CancellationToken cancellationToken)
{
if (context.Response.Headers.TryGetValue("Content-Encoding", out var contentEncoding))
{
foreach (var encoding in contentEncoding.SelectMany(v => new StringTokenizer(v, Separators)))
{
if (encoding.Equals("gzip", StringComparison.OrdinalIgnoreCase))
{
using var gzip = new GZipStream(context.ReadAsStream().Rewind(), CompressionMode.Decompress, leaveOpen: true);
var buffer = new MemoryStream();
gzip.CopyTo(buffer);
context.SetBodyFromStream(buffer.Rewind());
}
else if (encoding.Equals("deflate", StringComparison.OrdinalIgnoreCase))
{
using var gzip = new DeflateStream(context.ReadAsStream().Rewind(), CompressionMode.Decompress, leaveOpen: true);
var buffer = new MemoryStream();
gzip.CopyTo(buffer);
context.SetBodyFromStream(buffer.Rewind());
}
else if (encoding.Equals("br", StringComparison.OrdinalIgnoreCase))
{
using var gzip = new BrotliStream(context.ReadAsStream().Rewind(), CompressionMode.Decompress, leaveOpen: true);
var buffer = new MemoryStream();
gzip.CopyTo(buffer);
context.SetBodyFromStream(buffer.Rewind());
}
}
}
}
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
var options = Options.Value;
context.Request.EnableBuffering();
// analyze request
var requestAnalysisContext = new RequestAnalysisContext(context.Request);
AnalyzeRequest(requestAnalysisContext, context.RequestAborted);
if (requestAnalysisContext.IsMalicious && options.Depth == AnalysisDepth.FindFirst)
{
await Handle(requestAnalysisContext.Diagnostics);
return;
}
await AnalyzeRequestAsync(requestAnalysisContext, context.RequestAborted);
if (requestAnalysisContext.IsMalicious && options.Depth == AnalysisDepth.FindFirst)
{
await Handle(requestAnalysisContext.Diagnostics);
return;
}
// switch body to buffer
var original = context.Response.Body;
var buffer = MemoryStreamPool.Get();
context.Response.Body = buffer;
var responseAnalysisContext = new ResponseAnalysisContext(context.Response);
try
{
// execute
await next(context);
// analyze response
AnalyzeResponse(responseAnalysisContext, context.RequestAborted);
if (responseAnalysisContext.IsMalicious && options.Depth == AnalysisDepth.FindFirst)
{
await Handle(responseAnalysisContext.Diagnostics);
return;
}
await AnalyzeResponseAsync(responseAnalysisContext, context.RequestAborted);
if (responseAnalysisContext.IsMalicious && options.Depth == AnalysisDepth.FindFirst)
{
await Handle(responseAnalysisContext.Diagnostics);
return;
}
}
finally
{
context.Response.Body = original;
}
// write response
if (responseAnalysisContext.Version != 0)
{
// remove content-related headers, because may be outdated
if (context.Response.Headers.ContainsKey("Content-Encoding"))
{
context.Response.Headers.Remove("Content-Encoding");
}
if (context.Response.Headers.ContainsKey("Content-MD5"))
{
context.Response.Headers.Remove("Content-MD5");
}
// based on body type
switch (responseAnalysisContext.SnapshotBodyType)
{
case ResponseBodyType.String:
{
var body = responseAnalysisContext.ReadAsString(applyPendingChanges: true);
byte[] buffer1 = Encoding.UTF8.GetBytes(body);
context.Response.ContentLength = buffer1.Length;
context.Response.Headers["Content-Length"] = buffer1.Length.ToString();
await context.Response.Body.WriteAsync(buffer1, 0, buffer1.Length);
}
break;
case ResponseBodyType.Stream:
{
var body = responseAnalysisContext.ReadAsStream();
context.Response.ContentLength = body.Length;
context.Response.Headers["Content-Length"] = body.Length.ToString();
await body.CopyToAsync(context.Response.Body);
}
break;
case ResponseBodyType.ByteArray:
{
var body = responseAnalysisContext.ReadAsByteArray();
context.Response.ContentLength = body.Length;
context.Response.Headers["Content-Length"] = body.Length.ToString();
await context.Response.Body.WriteAsync(body, 0, body.Length);
}
break;
}
}
else
{
// write original response
if (buffer.Length > 0)
{
await buffer.Rewind().CopyToAsync(context.Response.Body);
}
}
async Task Handle(IReadOnlyCollection <Diagnostic> diagnostics)
{
if (diagnostics.Count == 1)
{
var diagnostic = diagnostics.Single();
Logger.LogWarning($"Request denied. {diagnostic.Rule.Category} ({diagnostic.Rule.Id}) attack found in {diagnostic.Location}: {diagnostic.Rule.Description}.");
}
else
{
Logger.LogWarning($"Request denied. Found {diagnostics.Count} diagnostics.");
}
if (options.Mode == FirewallMode.Prevention)
{
context.Response.StatusCode = options.DeniedResponseStatusCode;
}
var settings = new JsonSerializerOptions();
settings.PropertyNamingPolicy = JsonNamingPolicy.CamelCase;
settings.WriteIndented = true;
var dto = new { diagnostics };
var json = JsonSerializer.Serialize(dto, settings);
context.Response.ContentLength = Encoding.UTF8.GetByteCount(json);
context.Response.ContentType = "application/json";
await context.Response.WriteAsync(json);
}
}