public void Test_AddThresholdMissingAction()
        {
            string evtName = Guid.NewGuid().ToString();

            IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
            Assert.IsNotNull(detector);

            Threshold threshold = new Threshold(evtName, 1, 1, new[] { Guid.NewGuid().ToString() });
            detector.AddThreshold(threshold);
        }
        public void Test_AddExceptionSecurityEvent()
        {
            string evtName = typeof(ArgumentException).FullName;

            IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
            Assert.IsNotNull(detector);

            Threshold threshold = new Threshold(evtName, 1, 1, new[] { "log" });
            detector.AddThreshold(threshold);

            ArgumentException arg = new ArgumentException();
            detector.AddException(arg);
        }
        /// <summary>
        ///     Get event threshold
        /// </summary>
        /// <param name="eventName"></param>
        /// <returns></returns>
        private Threshold GetEventThreshold(string eventName)
        {
            Threshold threshold;
            this._thresholds.TryGetValue(eventName, out threshold);

            // Event not found, create default
            if (threshold == null)
            {
                threshold = new Threshold(eventName, 0, 0, null);
            }

            return threshold;
        }
        /// <summary>
        ///     Add event threshold
        /// </summary>
        /// <param name="threshold"></param>
        public void AddThreshold(Threshold threshold)
        {
            if (threshold == null)
            {
                throw new ArgumentNullException("threshold");
            }
            if (this._thresholds.ContainsKey(threshold.Event))
            {
                throw new ArgumentException();
            }

            // Validate all required actions have been registered already
            if (threshold.Actions != null)
            {
                foreach (string name in threshold.Actions)
                {
                    if (!this._actionManager.Contains(name))
                    {
                        string message = string.Format(EM.IntrusionDetector_ActionNotFound1, name);
                        throw new ArgumentException(message, "threshold");
                    }
                }
            }

            // Add threshold
            this._thresholds.Add(threshold.Event, threshold);
        }
        public void Test_AddDuplicateThreshold()
        {
            string evtName = Guid.NewGuid().ToString();

            IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
            Assert.IsNotNull(detector);

            Threshold threshold = new Threshold(evtName, 1, 1, new[] { BuiltinActions.FormsAuthenticationLogout });
            detector.AddThreshold(threshold);

            Threshold dup = new Threshold(evtName, 2, 2, null);
            detector.AddThreshold(dup);
        }
        public void Test_IntrusionDetected()
        {
            string evtName = Guid.NewGuid().ToString();

            IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
            Assert.IsNotNull(detector);

            Threshold threshold = new Threshold(evtName, 1, 1, new[] { "log"});
            detector.AddThreshold(threshold);

            Esapi.IntrusionDetector.AddEvent(evtName);
        }
        public void Test_RemoveThreshold()
        {
            string evtName = Guid.NewGuid().ToString();

            IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
            Assert.IsNotNull(detector);

            Threshold threshold = new Threshold(evtName, 1, 1, new[] { "logout" });
            detector.AddThreshold(threshold);

            Assert.IsTrue( detector.RemoveThreshold(evtName));
        }
예제 #8
0
        /// <summary>
        /// Load instrusion detector instance
        /// </summary>
        /// <param name="detectorConfig"></param>
        /// <returns></returns>
        internal static IIntrusionDetector LoadIntrusionDetector(IntrusionDetectorElement detectorConfig)
        {
            Debug.Assert(detectorConfig != null);

            IIntrusionDetector detector = null;
            if (!string.IsNullOrEmpty(detectorConfig.Type)) {
                detector = ObjectBuilder.Build<IIntrusionDetector>(detectorConfig.Type);
            }
            else {
                // Create default 
                detector = new IntrusionDetector();
            }

            // Load event thresholds
            foreach (ThresholdElement e in detectorConfig.EventThresholds) {
                string[] actions = e.Actions.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);

                Threshold threshold = new Threshold(e.Name, e.Count, e.Interval, actions);
                detector.AddThreshold(threshold);
            }

            return detector;
        }
        // FIXME: ENHANCE should read these quotas into a map and cache them
        /// <summary> 
        /// The intrusion detection quota for a particular events.
        /// </summary>
        /// <param name="eventName">
        /// The quote for a particular event name.
        /// </param>
        /// <returns> The threshold for the event.
        /// </returns>
        /// <seealso cref="Owasp.Esapi.Interfaces.ISecurityConfiguration.GetQuota(string)">
        /// </seealso>
        public Threshold GetQuota(string eventName)
        {
            int count = 0;
            string countString = properties.Get(eventName + ".count");
            if (countString != null)
            {
                count = Int32.Parse(countString);
            }

            int interval = 0;
            string intervalString = properties.Get(eventName + ".interval");
            if (intervalString != null)
            {
                interval = Int32.Parse(intervalString);
            }

            IList actions = new ArrayList();
            string actionString = properties.Get(eventName + ".actions");
            if (actionString != null)
            {
                string[] actionList = Regex.Split(actionString, ",");
                actions = new ArrayList(actionList);
            }

            Threshold q = new Threshold(eventName, count, interval, actions);
            return q;
        }