// static public void ProcessRequest_Debug(object sender, EventArgs e)
// {
// ///object send= sender;
//
// HttpApplication ht = (HttpApplication)sender;
// string pageType = ht.Request.FilePath;
// ht.Request.RawUrl
// Console.WriteLine(pageType);
// }
public static void ProcessRequest_Handler(object sender, EventArgs e)
{
HttpApplication currentHttpApplication = (HttpApplication)sender;
LogRequestData objLogRequestData = new LogRequestData();
HttpRequest currentHttpRequest = currentHttpApplication.Request;
RequestToValidate objRequestToValidate = new RequestToValidate();
objRequestToValidate.HttpRequestToAnalyse = currentHttpRequest;
/// handle Output Of Log Request Data
switch (objRequestToValidate.HttpRequestToAnalyse.QueryString["mode"])
{
case "debug":
{
currentHttpApplication.Session["ShowOutputMessage"] = "yes";
break;
}
case "normal":
{
currentHttpApplication.Session["ShowOutputMessage"] = "no";
break;
}
case "disable":
{
currentHttpApplication.Session["DisableValidator.Net"] = "yes";
break;
}
case "enable":
{
currentHttpApplication.Session["DisableValidator.Net"] = "no";
break;
}
}
if ("yes" != (string)currentHttpApplication.Session["DisableValidator.Net"])
{
objLogRequestData.addEntry("Starting ProcessRequest_Handler Processing Page: " + objRequestToValidate.HttpRequestToAnalyse.Path);
objRequestToValidate.pageClassName= resolvePageClassName((string)currentHttpRequest.QueryString["Function"]);
objLogRequestData.addEntry("Page's class identified has: <b>" + objRequestToValidate.pageClassName+"</b>");
// NOTE1: The current version of HacmeBank needs to run with FullTrust (the following two comments refer to HacmeBank version 1
// if you want to test the GAC usage, register the ValidatorNET_GAC_Assembly.dll control in the GAC and delete it from the bin directory
// Note2: this call will not work if the website is NOT in Full Trust
// if (makeTheRequestFormDataEditable())
// NOte3: this one will work because the code will be executed with Full Trust due to it's GAC location)
if (objValidatorNET_GAC_Assembly.makeTheRequestFormDataEditable())
{
objValidatorNET_GAC_Assembly.makeTheRequestQueryStringDataEditable();
objLogRequestData.addEntry("the private method HttpContext.Current.Request.Form.MakeReadWrite() was successfully invoked (the same for the QueryString)");
}
else
{
objLogRequestData.addEntry("ERROR!!: makeTheRequestFormDataEditable failed");
}
if (objRequestToValidate.validateCurrentPage(pagesToProcess))
{
objLogRequestData.addEntry((string)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName].ToString());
objLogRequestData.addEntry("Validating Current Page");
if (objRequestToValidate.pageHasItemsToValidate())
{
objLogRequestData.addEntry("Page has Items to Validated");
ArrayList listOfRulesProcessed = objRequestToValidate.validateAndHandleMaliciousInput((XmlElement)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName],hashtableWithValidator_FormRules);
if (0 == listOfRulesProcessed.Count)
{
// Hardcoded rule to check for SQL Injections and XssAttacks
objRequestToValidate.protectAndMitigateSQLInjections();
objRequestToValidate.protectAndMitigateXSSAttacks();
}
else
{
foreach (string item in listOfRulesProcessed)
{
objLogRequestData.addEntry(item);
}
}
}
else
{
objLogRequestData.addEntry("Nothing to Validate");
}
}
else
{
// Hardcoded rule to check for SQL Injections and XSS attacks
objRequestToValidate.protectAndMitigateSQLInjections();
objRequestToValidate.protectAndMitigateXSSAttacks();
objLogRequestData.addEntry("Not Validating this page");
}
}
else
{
objLogRequestData.addEntry("Validator.Net is Disabled");
}
if ((string)currentHttpApplication.Session["ShowOutputMessage"]== "yes")
objLogRequestData.outputMessage();
}
// static public void ProcessRequest_Debug(object sender, EventArgs e)
// {
// ///object send= sender;
//
// HttpApplication ht = (HttpApplication)sender;
// string pageType = ht.Request.FilePath;
// ht.Request.RawUrl
// Console.WriteLine(pageType);
// }
static public void ProcessRequest_Handler(object sender, EventArgs e)
{
HttpApplication currentHttpApplication = (HttpApplication)sender;
LogRequestData objLogRequestData = new LogRequestData();
HttpRequest currentHttpRequest = currentHttpApplication.Request;
RequestToValidate objRequestToValidate = new RequestToValidate();
objRequestToValidate.HttpRequestToAnalyse = currentHttpRequest;
/// handle Output Of Log Request Data
switch (objRequestToValidate.HttpRequestToAnalyse.QueryString["mode"])
{
case "debug":
{
currentHttpApplication.Session["ShowOutputMessage"] = "yes";
break;
}
case "normal":
{
currentHttpApplication.Session["ShowOutputMessage"] = "no";
break;
}
case "disable":
{
currentHttpApplication.Session["DisableValidator.Net"] = "yes";
break;
}
case "enable":
{
currentHttpApplication.Session["DisableValidator.Net"] = "no";
break;
}
}
if ("yes" != (string)currentHttpApplication.Session["DisableValidator.Net"])
{
objLogRequestData.addEntry("Starting ProcessRequest_Handler Processing Page: " + objRequestToValidate.HttpRequestToAnalyse.Path);
objRequestToValidate.pageClassName = resolvePageClassName((string)currentHttpRequest.QueryString["Function"]);
objLogRequestData.addEntry("Page's class identified has: <b>" + objRequestToValidate.pageClassName + "</b>");
// NOTE1: The current version of HacmeBank needs to run with FullTrust (the following two comments refer to HacmeBank version 1
// if you want to test the GAC usage, register the ValidatorNET_GAC_Assembly.dll control in the GAC and delete it from the bin directory
// Note2: this call will not work if the website is NOT in Full Trust
// if (makeTheRequestFormDataEditable())
// NOte3: this one will work because the code will be executed with Full Trust due to it's GAC location)
if (objValidatorNET_GAC_Assembly.makeTheRequestFormDataEditable())
{
objValidatorNET_GAC_Assembly.makeTheRequestQueryStringDataEditable();
objLogRequestData.addEntry("the private method HttpContext.Current.Request.Form.MakeReadWrite() was successfully invoked (the same for the QueryString)");
}
else
{
objLogRequestData.addEntry("ERROR!!: makeTheRequestFormDataEditable failed");
}
if (objRequestToValidate.validateCurrentPage(pagesToProcess))
{
objLogRequestData.addEntry((string)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName].ToString());
objLogRequestData.addEntry("Validating Current Page");
if (objRequestToValidate.pageHasItemsToValidate())
{
objLogRequestData.addEntry("Page has Items to Validated");
ArrayList listOfRulesProcessed = objRequestToValidate.validateAndHandleMaliciousInput((XmlElement)hashtableWithValidator_FormMappings[objRequestToValidate.pageClassName], hashtableWithValidator_FormRules);
if (0 == listOfRulesProcessed.Count)
{
// Hardcoded rule to check for SQL Injections and XssAttacks
objRequestToValidate.protectAndMitigateSQLInjections();
objRequestToValidate.protectAndMitigateXSSAttacks();
}
else
{
foreach (string item in listOfRulesProcessed)
{
objLogRequestData.addEntry(item);
}
}
}
else
{
objLogRequestData.addEntry("Nothing to Validate");
}
}
else
{
// Hardcoded rule to check for SQL Injections and XSS attacks
objRequestToValidate.protectAndMitigateSQLInjections();
objRequestToValidate.protectAndMitigateXSSAttacks();
objLogRequestData.addEntry("Not Validating this page");
}
}
else
{
objLogRequestData.addEntry("Validator.Net is Disabled");
}
if ((string)currentHttpApplication.Session["ShowOutputMessage"] == "yes")
{
objLogRequestData.outputMessage();
}
}