public ModuleResults GetResults(InstanceInfo instanceInfo)
{
List<string> responses = new List<string>();
var dbService = instanceInfo.DBService;
var taskRowCount = dbService.ExecuteAndGetScalar<int>("SELECT count(*) FROM CMS_WebFarmTask WHERE TaskCreated < DATEADD(hour, -24, GETDATE());");
if (taskRowCount > 0)
{
responses.Add("There are tasks over 24 hours old in the web farm (" + taskRowCount + " tasks exactly).");
return new ModuleResults
{
Result = responses,
ResultComment = "There are tasks that are over 24 hours old in the CMS_WebFarmTask table. Please check the health of the web far",
Status = Status.Error,
};
}
return new ModuleResults
{
ResultComment = "There are no aged tasks pending.",
Status = Status.Good
};
}
public HttpResponseMessage GetSetupModulesMetadata([FromUri]InstanceConfig config)
{
try
{
var instance = new InstanceInfo(config);
var version = instance.Version;
// Get all modules of given version which are in 'Setup' category
var modules = ModuleLoader.Modules
.Select(x => x.GetModuleMetadata())
.Where(x => x.SupportedVersions.Contains(version))
.Where(x => x.Category != null && x.Category.StartsWith("Setup", StringComparison.InvariantCultureIgnoreCase));
if (modules.Count() == 0)
{
return Request.CreateResponse(HttpStatusCode.BadRequest,
String.Format("There are no modules available for version {0}.", version));
}
return Request.CreateResponse(HttpStatusCode.OK, modules);
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, e.Message);
}
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
List<string> report = new List<string>();
bool isWebSite = ProjectCodeFilesHelper.Current.IsWebSiteProject(instanceInfo.Directory);
List<string> customerCodeFiles = ProjectCodeFilesHelper.Current.GetCustomerProjectCodeFiles(instanceInfo.Directory, instanceInfo.Version, isWebSite, true).ToList();
if (customerCodeFiles.Count == 0)
{
return new ModuleResults
{
ResultComment = "No customer files found.",
Status = Status.Good
};
}
report.AddRange(customerCodeFiles);
VulnerabilityAnalysisResults results = new VulnerabilityAnalysisResults();
AnalyseVulnerabilities(instanceInfo.Directory, customerCodeFiles, ref results);
string resultString = PrintResults(results);
if (!String.IsNullOrEmpty(resultString))
{
report.Add(String.Empty);
report.AddRange(resultString.Split(new[] { "<br />" }, StringSplitOptions.None));
}
return new ModuleResults
{
Result = report,
Trusted = true
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
try
{
ProbeHelper.InstallProbe(instanceInfo.Directory);
var uri = new Uri(instanceInfo.Uri, "CMSPages/KInspectorProbe.aspx");
HttpWebRequest request = WebRequest.CreateHttp(uri);
using (WebResponse response = request.GetResponse())
{
DataTable result = new DataTable();
result.ReadXml(response.GetResponseStream());
return new ModuleResults
{
Result = result,
};
}
}
catch (Exception e)
{
// Probably 404
return new ModuleResults
{
Result = e.ToString(),
Status = Status.Error
};
}
finally
{
ProbeHelper.UninstallProbe(instanceInfo.Directory);
}
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("AttachmentsBySizeModule.sql");
return new ModuleResults
{
Result = results,
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("ApplicationRestartsModule.sql");
return new ModuleResults
{
Result = results,
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetDataSetFromFile("Setup/SmtpServerSetupModule.sql");
return new ModuleResults
{
Result = results
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetPrintsFromFile("CMSFileModule.sql");
return new ModuleResults
{
Result = results,
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetPrintsFromFile("Setup/SiteDomainAliasesSetupModule.sql");
return new ModuleResults
{
Result = results
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("SecuritySettingsModule.sql");
List<DataRow> rowsToDelete = new List<DataRow>();
// Iterate through and check int/double settings
foreach (DataRow row in results.Rows)
{
if (!String.IsNullOrEmpty(row["Key value"].ToString()))
{
switch (row["Key name"].ToString())
{
case "CMSResetPasswordInterval":
if (GetValueAndCheckInterval(row, 1, 12))
{
rowsToDelete.Add(row);
}
break;
case "CMSPolicyMinimalLength":
if (GetValueAndCheckInterval(row, 8))
{
rowsToDelete.Add(row);
}
break;
case "CMSPolicyNumberOfNonAlphaNumChars":
if (GetValueAndCheckInterval(row, 2))
{
rowsToDelete.Add(row);
}
break;
case "CMSMaximumInvalidLogonAttempts":
if (GetValueAndCheckInterval(row, 0, 5))
{
rowsToDelete.Add(row);
}
break;
default: break;
}
}
}
foreach(DataRow row in rowsToDelete)
{
results.Rows.Remove(row);
}
return new ModuleResults
{
Result = results,
ResultComment = "",
Status = Status.Warning,
};
}
public void EnsureTrailingSlash(string url, string expected)
{
var instanceConfig = new InstanceConfig
{
Url = url
};
var instanceInfo = new InstanceInfo(instanceConfig);
Assert.AreEqual(expected, instanceInfo.Uri.AbsoluteUri);
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var sitemaps = dbService.ExecuteAndGetDataSetFromFile("SiteMapModule.sql");
// Postprocess sitemaps of all sites
foreach (DataTable sitemap in sitemaps.Tables)
{
bool outputCacheEnabled = dbService.GetSetting<bool>("CMSEnableOutputCache", sitemap.TableName);
// process every row of the sitemap
foreach (DataRow row in sitemap.Rows)
{
// Get effective value of columns that can be inherited
foreach (var column in ColumnsWithInheritance)
{
string origColName = column.Key + "Orig";
// Add new column to the table for storing original column value
if (!sitemap.Columns.Contains(origColName))
{
int colIndex = sitemap.Columns.IndexOf(column.Key);
sitemap.Columns.Add(origColName).SetOrdinal(colIndex);
}
// Copy original value to the new column
row[origColName] = row[column.Key];
if (column.Key == "OutputCache" && !outputCacheEnabled)
{
// Special case - output cache can be disabled in settings and then effective value is always 0
row[column.Key] = 0;
}
else
{
// Set effective value to the column
row[column.Key] = GetEffectiveColumnResult(sitemap, row, column.Key, column.Value);
}
}
}
// All post processing for the table is done - remove columns that might not be visible
sitemap.Columns.Cast<DataColumn>()
.Select(x => x.ColumnName)
.Except(VisibleColumns)
.ToList()
.ForEach(x => sitemap.Columns.Remove(x));
}
return new ModuleResults
{
Result = sitemaps,
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("WebPartsInTransformationsModule.sql");
return new ModuleResults
{
Result = results,
Status = results.Rows.Count > 0 ? Status.Error : Status.Good
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
List<string> responses = new List<string>();
var dbService = instanceInfo.DBService;
var activityCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Activity");
if (activityCount > 10000000)
{
responses.Add("There are over 10 000 000 (" + activityCount + " exactly) activities in the database. Consider using deleting old page visits or setting up the old contact's deletion");
}
var contactsCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact");
if (contactsCount > 1000000)
{
responses.Add("There are over 1 000 000 (" + contactsCount + " exactly) contacts in the database. Consider using old contact's deletion");
var anonymousCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact WHERE ContactLastName LIKE 'Anonymous%'");
var mergedCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact WHERE ContactMergedWithContactID NOT NULL");
responses.Add("Out of these " + contactsCount + " contacts, " + anonymousCount + " are anonymous and " + mergedCount + " are merged");
}
var contactGroupCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_ContactGroup");
if (contactGroupCount > 50)
{
responses.Add("There are over 50 contact groups (" + contactGroupCount + " exactly). This might affect performance, are all of those really neccessary?");
}
var scoringRuleCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Rule");
if (scoringRuleCount > 50)
{
responses.Add("There are over 50 scoring rules (" + scoringRuleCount + " exactly). This might affect performance, are all of those really neccessary?");
}
if (responses.Any())
{
return new ModuleResults
{
Result = responses,
ResultComment = @"Check the counts in the result table. Exceeding the limits doesn't mean it must be wrong.
It depends on other things like traffic, hardware and so on.",
Status = Status.Error,
};
}
else
{
return new ModuleResults
{
ResultComment = "All of critical Online marketing are small enough to use Online marketing without affecting performance.",
Status = Status.Good
};
}
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
int databaseSizeInMB = dbService.ExecuteAndGetScalar<int>("SELECT SUM(reserved_page_count) * 8.0 / 1024 FROM sys.dm_db_partition_stats");
var results = dbService.ExecuteAndGetTableFromFile("BigTablesModule.sql");
return new ModuleResults
{
Result = results,
ResultComment = String.Format("The overall database size is {0} MB", databaseSizeInMB)
};
}
public HttpResponseMessage GetKenticoVersion([FromUri]InstanceConfig config)
{
try
{
var instance = new InstanceInfo(config);
var version = instance.Version;
return Request.CreateResponse(HttpStatusCode.OK, version);
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, e.Message);
}
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
DataTable expiredTokens = new DataTable("Expired account tokens");
expiredTokens.Columns.Add("SocialNetwork");
expiredTokens.Columns.Add("SiteName");
expiredTokens.Columns.Add("AccountName");
var dbService = instanceInfo.DBService;
if (instanceInfo.Version != new Version("8.0"))
{
// LinkedIn integration is in 8.1 and newer
var linResults = dbService.ExecuteAndGetTableFromFile("ExpiredTokensModule-LinkedIn.sql");
foreach (DataRow token in linResults.Rows)
{
var row = expiredTokens.NewRow();
row["SocialNetwork"] = "LinkedIn";
row["SiteName"] = token["SiteName"];
row["AccountName"] = token["AccountName"];
expiredTokens.Rows.Add(row);
}
}
var fbResults = dbService.ExecuteAndGetTableFromFile("ExpiredTokensModule-Facebook.sql");
if (fbResults.Rows.Count > 0)
{
foreach (DataRow token in fbResults.Rows)
{
var row = expiredTokens.NewRow();
row["SocialNetwork"] = "Facebook";
row["SiteName"] = token["SiteName"];
row["AccountName"] = token["AccountName"];
expiredTokens.Rows.Add(row);
}
}
if (expiredTokens.Rows.Count > 0)
{
return new ModuleResults
{
Result = expiredTokens,
Status = Status.Error,
ResultComment = "Tokens have expired, posting stuff on some social markenting accounts doesn't work at all for accounts in results. Tell customer to reauthorize the pages.",
};
}
return new ModuleResults
{
Status = Status.Good,
ResultComment = "There are no expired tokens.",
};
}
public HttpResponseMessage GetModuleExport([FromUri]IEnumerable<string> moduleNames, [FromUri]InstanceConfig config, [FromUri]string exportModuleCodeName)
{
if (config == null)
{
throw new ArgumentNullException(nameof(config));
}
var instanceInfo = new InstanceInfo(config);
if (instanceInfo == null)
{
throw new ArgumentException(nameof(config));
}
if (moduleNames == null)
{
throw new ArgumentNullException(nameof(moduleNames));
}
var module = ExportModuleLoader.Modules.FirstOrDefault(m => m.ModuleMetaData.ModuleCodeName == exportModuleCodeName);
if (module == null)
{
throw new ArgumentException(nameof(exportModuleCodeName));
}
try
{
var stream = module.GetExportStream(moduleNames.Distinct(), instanceInfo);
if (stream == null)
{
throw new Exception("Empty export file");
}
// Send stream
var response = Request.CreateResponse(HttpStatusCode.OK);
response.Content = new StreamContent(stream);
response.Content.Headers.ContentType = new MediaTypeHeaderValue(module.ModuleMetaData.ModuleFileMimeType);
response.Content.Headers.ContentLength = stream.Length;
response.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment")
{
FileName = $"KInspectorExport_{DateTime.Now.ToString("yyyyMMdd_HHmmss")}.{module.ModuleMetaData.ModuleFileExtension}"
};
response.Headers.ConnectionClose = true;
return response;
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, $"Error in processing modules. Error message: {e.Message}");
}
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var urls = dbService.ExecuteAndGetTableFromFile("ScreenshotterModule.sql");
// Start process in separate thread to make website responsive.
Thread t = new Thread(StartScreenshotting);
t.Start(new object[] { instanceInfo, urls });
return new ModuleResults
{
Result = urls
};
}
public HttpResponseMessage GetModuleResult(string moduleName, [FromUri]InstanceConfig config)
{
try
{
var instance = new InstanceInfo(config);
var result = ModuleLoader.GetModule(moduleName).GetResults(instance);
return Request.CreateResponse(HttpStatusCode.OK, result);
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, $"Error in \"{moduleName}\" module. Error message: {e.Message}");
}
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
List<string> report = new List<string>();
mDatabaseService = instanceInfo.DBService;
DataTable webPartsInTransformationsTable = GetPageTemplateWebParts(LikePageTemplateDisplayName);
List<string> whereOrderResults = new List<string>();
List<string> otherResults = new List<string>();
foreach (DataRow webPart in webPartsInTransformationsTable.Rows)
{
string pageTemplateDisplayName = webPart["PageTemplateDisplayName"] as string;
XmlDocument webPartsXmlDoc = new XmlDocument();
webPartsXmlDoc.LoadXml(webPart["PageTemplateWebParts"] as string);
whereOrderResults.AddRange(AnalyseWhereAndOrderByConditionsInPageTemplateWebParts(webPartsXmlDoc, pageTemplateDisplayName));
otherResults.AddRange(AnalysePageTemplateWebParts(webPartsXmlDoc, pageTemplateDisplayName));
}
if (whereOrderResults.Count > 0)
{
report.Add("------------------------ Web parts - Where and Order condition results - Potential SQL injections -----------------");
report.AddRange(whereOrderResults);
}
if (otherResults.Count > 0)
{
report.Add("------------------------ Macros in DB - Potential XSS -----------------");
report.AddRange(otherResults);
}
if (report.Count == 0)
{
return new ModuleResults
{
ResultComment = "No problems in web parts found.",
Status = Status.Good
};
}
StringBuilder res = new StringBuilder();
report.ForEach(it => res.Append(it.Replace("\n", "<br />")));
return new ModuleResults
{
Result = report,
Trusted = true
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
if (instanceInfo.Version == new Version("6.0"))
{
return new ModuleResults
{
Result = dbService.ExecuteAndGetPrintsFromFile("WebPartColumnsModule6.sql"),
};
}
return new ModuleResults
{
Result = dbService.ExecuteAndGetPrintsFromFile("WebPartColumnsModule.sql"),
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
if (!TestUrl(instanceInfo.Uri, "robots.txt"))
{
return new ModuleResults
{
Status = Status.Warning,
Result = "Missing! Please add the robots.txt into the web root",
};
}
return new ModuleResults
{
Status = Status.Good,
Result = "All good, robots.txt found.",
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
DataTable sourceUIElements = dbService.ExecuteAndGetTableFromFile(String.Format("UIElementsDiffV{0}.sql", instanceInfo.Version.Major));
var kenticoUIElements = new DataTable();
kenticoUIElements.ReadXml(String.Format("./Data/DefaultUIElements/{0}{1}.xml", instanceInfo.Version.Major, instanceInfo.Version.Minor));
RemoveHashesFromStringRecords(sourceUIElements);
var result = Diff(kenticoUIElements, sourceUIElements);
return new ModuleResults
{
Result = result
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("PasswordPolicy.sql");
if (results.Rows.Count > 0)
{
DataRow[] passwordFormatRow = results.Select("KeyName = 'CMSPasswordFormat'");
DataRow[] passwordPolicyRow = results.Select("KeyName = 'CMSUsePasswordPolicy'");
if (passwordFormatRow[0][1].ToString() != "SHA2SALT")
{
return new ModuleResults
{
Result = results,
ResultComment = "The CMSPasswordFormat should be set to 'SHA2SALT'.",
Status = Status.Error,
};
}
else if (passwordPolicyRow[0][1].ToString() != "True")
{
return new ModuleResults
{
Result = results,
ResultComment = "It is recommended that you have CMSUsePasswordPolicy set to 'True'.",
Status = Status.Warning,
};
}
else
{
return new ModuleResults
{
ResultComment = "Password settings look good.",
Status = Status.Good
};
}
}
return new ModuleResults
{
ResultComment = "Failed to check settings as expected.",
Status = Status.Error
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var contactNumber = dbService.ExecuteAndGetScalar<int>(@"SELECT COUNT(*) FROM OM_Contact");
var results = dbService.ExecuteAndGetTableFromFile(@"OMInactiveContactsDeletion.sql");
return new ModuleResults
{
Result = results,
ResultComment = @"Inactive contact deletion setting should be always set up, so that the database doesn't get too big over time.
It is a business decision what contacts could be deleted. There are now " + (contactNumber < 10000 ? "only " : "") + contactNumber + " contacts in the database.",
Status = (contactNumber > 100000 && results.Rows.Count > 0)
? Status.Error
: (results.Rows.Count > 0)
? Status.Warning
: Status.Good
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetPrintsFromFile("ScheduledTasksModule.sql");
var res = new ModuleResults
{
Result = results,
};
if (results.Any(x => x.Contains("DISABLE SCHEDULED TASK!")
|| x.Contains("DON NOT RUN THE task as EXTERNAL")
|| x.Contains("RUN THE task as EXTERNAL")))
{
res.Status = Status.Warning;
}
return res;
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var manualContactGroups = dbService.ExecuteAndGetTableFromFile("OMContactGroupsWithManualMacro.sql");
if (manualContactGroups.Rows.Count > 0)
{
return new ModuleResults
{
Result = manualContactGroups,
ResultComment = "These contact groups use plain macro that should be translated into MacroRules, so that the SQL translation could be leveraged. This is like MUCH slower.",
Status = Status.Error,
};
}
return new ModuleResults
{
ResultComment = "All existing contact groups are designed with Macro, so they can leverage fast recalculation ",
Status = Status.Good
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("EventLogErrorsModule.sql");
if (results.Rows.Count > 0)
{
return new ModuleResults
{
Result = results,
ResultComment = "Errors in event log found!",
Status = results.Rows.Count > 10 ? Status.Error : Status.Warning,
};
}
return new ModuleResults
{
ResultComment = "No errors were found in the event log.",
Status = Status.Good
};
}
public ModuleResults GetResults(InstanceInfo instanceInfo)
{
var dbService = instanceInfo.DBService;
var results = dbService.ExecuteAndGetTableFromFile("DatabaseConsistencyCheckModule.sql");
if (results.Rows.Count > 0)
{
return new ModuleResults
{
ResultComment = "CHECKDB found some errors!",
Result = results,
Status = Status.Error
};
}
return new ModuleResults
{
Status = Status.Good,
ResultComment = "CHECKDB didn't found any errors."
};
}
