/// <inheritdoc />
public void RunDetectors(
HttpWebResponseHolder httpWebResponseHolder,
ITarget target,
string plugin,
TestCase testCase,
string testParameter,
string testedValue)
{
if (this.ActiveDetectors.Count == 0)
{
Logger.WriteWarning("No active detectors have been found.");
return;
}
// if no response then exit
if (httpWebResponseHolder?.ResponseUri == null)
{
return;
}
// iterate through all active detectors and run them
foreach (Type activeDetector in this.ActiveDetectors)
{
var pluginBaseAbstract = Activator.CreateInstance(activeDetector) as PluginBaseAbstract;
if (pluginBaseAbstract == null)
{
throw new NullReferenceException("{0} can't be instantiated".FormatIc(activeDetector.Name));
}
// execute all detectors
if (!pluginBaseAbstract.TestBaseType.Equals(TestBaseType.Detector))
{
continue;
}
this.RunDetector(
pluginBaseAbstract,
target,
Target.Create(httpWebResponseHolder.ResponseUri.AbsoluteUri),
httpWebResponseHolder,
plugin,
testCase,
testParameter,
testedValue);
}
}
/// <summary>
/// Executes the detector operation.
/// </summary>
/// <param name="detectorInstance">
/// The detector instance.
/// </param>
/// <param name="requestTarget">
/// The request target.
/// </param>
/// <param name="responseTarget">
/// The response target.
/// </param>
/// <param name="webResponseHolder">
/// The web response holder.
/// </param>
/// <param name="plugInName">
/// Name of the plug in.
/// </param>
/// <param name="testCase">
/// The test case.
/// </param>
/// <param name="testParameter">
/// The tested parameter.
/// </param>
/// <param name="testValue">
/// The tested value.
/// </param>
private void RunDetector(
PluginBaseAbstract detectorInstance,
ITarget requestTarget,
ITarget responseTarget,
HttpWebResponseHolder webResponseHolder,
string plugInName,
TestCase testCase,
string testParameter,
string testValue)
{
try
{
Logger.WriteDebug("Run detector: {0}", detectorInstance.GetType().Name);
detectorInstance.Init(
this,
responseTarget);
detectorInstance.InspectResponse(
requestTarget,
responseTarget,
webResponseHolder,
plugInName,
testCase,
testParameter,
testValue);
foreach (var vuln in detectorInstance.Vulnerabilities)
{
this.Vulnerabilities[Guid.NewGuid().ToString()] = vuln;
}
}
catch (Exception ex)
{
// write to the tests and detectors log.
Library.Logger.Logger.WriteError(ex);
}
}
/// <summary>
/// The set response fiddler headers.
/// </summary>
/// <param name="response">
/// The response.
/// </param>
/// <param name="headers">
/// The headers.
/// </param>
public static void SetResponseFiddlerHeaders(
this HttpWebResponseHolder response,
HTTPResponseHeaders headers)
{
foreach (HTTPHeaderItem httpResponseHeader in headers)
{
try
{
// remove control char from header value
httpResponseHeader.Value = Regex.Replace(
httpResponseHeader.Value.Trim(),
@"[\u0000-\u001F]",
string.Empty);
response.Headers[httpResponseHeader.Name] = httpResponseHeader.Value;
}
catch (ArgumentException ex)
{
Library.Logger.Logger.WriteWarning(
ex,
"control char hasn't been removed , header value {0}",
httpResponseHeader.Value);
}
}
}