예제 #1
0
        public CsrfController(CsrfClass @class)
        {
            if (@class.Name != null)
            {
                Names = new HashSet <string>(@class.Name);
            }

            CsrfAttributeCondition.AddCsrfAttributes(Include, @class?.Attributes?.Include);
            CsrfAttributeCondition.AddCsrfAttributes(Exclude, @class?.Attributes?.Exclude);
        }
예제 #2
0
        public void AddFrom(CsrfProtectionData configData)
        {
            CsrfAttributeCondition.AddCsrfAttributes(AntiCsrfAttributes, configData.AntiCsrfAttributes);

            if (configData.Class?.Name != null)
            {
                foreach (var name in configData.Class.Name)
                {
                    Class.Names.Add(name);
                }
            }

            CsrfAttributeCondition.AddCsrfAttributes(Class.Include, configData.Class?.Attributes?.Include);
            CsrfAttributeCondition.AddCsrfAttributes(Class.Exclude, configData.Class?.Attributes?.Exclude);

            CsrfAttributeCondition.AddCsrfAttributes(Method.Include, configData.Method?.Attributes?.Include);
            CsrfAttributeCondition.AddCsrfAttributes(Method.Exclude, configData.Method?.Attributes?.Exclude);
            CsrfAttributeCondition.AddCsrfAttributes(Parameter.Include, configData.Parameter?.Attributes?.Include);
            CsrfAttributeCondition.AddCsrfAttributes(Parameter.Exclude, configData.Parameter?.Attributes?.Exclude);
        }
예제 #3
0
        public CsrfNamedGroup(CsrfProtectionData configData)
        {
            Name = configData.Name;

            if (configData.Message != null)
            {
                Message = LocaleUtil.GetDescriptorByText(CsrfTokenDiagnosticAnalyzer.DiagnosticId, configData.Message.Title, configData.Message.Description);
            }

            CsrfAttributeCondition.AddCsrfAttributes(AntiCsrfAttributes, configData.AntiCsrfAttributes);

            if (configData.Class != null)
            {
                _Class = new CsrfController(configData.Class);
            }

            CsrfAttributeCondition.AddCsrfAttributes(Method.Include, configData.Method?.Attributes.Include);
            CsrfAttributeCondition.AddCsrfAttributes(Method.Exclude, configData.Method?.Attributes.Exclude);
            CsrfAttributeCondition.AddCsrfAttributes(Parameter.Include, configData.Parameter?.Attributes.Include);
            CsrfAttributeCondition.AddCsrfAttributes(Parameter.Exclude, configData.Parameter?.Attributes.Exclude);
        }
예제 #4
0
        private static CsrfAttributeCondition CreateCsrfAttributeCondition(Dictionary <object, object> conditions)
        {
            if (conditions == null)
            {
                return(CsrfAttributeCondition.TRUE);
            }

            var ret = new CsrfAttributeCondition();

            foreach (var argument in conditions)
            {
                if (!(argument.Value is Dictionary <object, object> d))
                {
                    throw new Exception("Invalid condition format, expected dictionary");
                }

                if (d.Count != 1)
                {
                    throw new Exception("Only one condition per argument is supported");
                }

                if (!(argument.Key is string arg))
                {
                    throw new Exception("Invalid condition format, expected string");
                }

                int?idx;

                if (int.TryParse(arg, out var parsedArg))
                {
                    if (parsedArg < 0)
                    {
                        throw new Exception("Ordinal condition keys must be non-negative integers");
                    }

                    idx = parsedArg;
                }
                else
                {
                    idx = null;
                }

                var condition = d.Single();
                if (!(condition.Key is string valueKey) || valueKey != "Value")
                {
                    throw new Exception("Only 'Value' conditions are supported");
                }

                if (!(condition.Value is string conditionValue))
                {
                    throw new Exception("Invalid condition format, expected a string");
                }

                object key = idx != null ? (object)idx.Value : arg;

                if (int.TryParse(conditionValue, out var intVal))
                {
                    ret.MustMatch.Add(new CsrfAttributeCondition.Pair(key, intVal));
                }
                else if (bool.TryParse(conditionValue, out var boolVal))
                {
                    ret.MustMatch.Add(new CsrfAttributeCondition.Pair(key, boolVal));
                }
                else
                {
                    ret.MustMatch.Add(new CsrfAttributeCondition.Pair(key, conditionValue));
                }
            }

            return(ret);
        }