public async Task <Permissions> GetPermissions(HttpResponseMessage response)
{
string json = string.Empty;
Permissions permissions = Permissions.NONE;
try
{
json = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
_logger?.LogDebug("GetPermisions returned json: {0}", SecurityUtilities.SanitizeInput(json));
var result = JsonConvert.DeserializeObject <Dictionary <string, object> >(json);
if (result.TryGetValue(READ_SENSITIVE_DATA, out object perm))
{
bool boolResult = (bool)perm;
permissions = boolResult ? Permissions.FULL : Permissions.RESTRICTED;
}
}
catch (Exception e)
{
_logger?.LogError("Exception {0} extracting permissions from {1}", e, SecurityUtilities.SanitizeInput(json));
throw;
}
_logger?.LogDebug("GetPermisions returning: {0}", permissions);
return(permissions);
}
public async Task <SecurityResult> GetPermissionsAsync(string token)
{
if (string.IsNullOrEmpty(token))
{
return(new SecurityResult(HttpStatusCode.Unauthorized, AUTHORIZATION_HEADER_INVALID));
}
string checkPermissionsUri = _options.CloudFoundryApi + "/v2/apps/" + _options.ApplicationId + "/permissions";
var request = new HttpRequestMessage(HttpMethod.Get, checkPermissionsUri);
AuthenticationHeaderValue auth = new AuthenticationHeaderValue("bearer", token);
request.Headers.Authorization = auth;
// If certificate validation is disabled, inject a callback to handle properly
HttpClientHelper.ConfigureCertificateValidation(
_options.ValidateCertificates,
out SecurityProtocolType prevProtocols,
out RemoteCertificateValidationCallback prevValidator);
try
{
_logger?.LogDebug("GetPermissions({0}, {1})", checkPermissionsUri, SecurityUtilities.SanitizeInput(token));
// If certificate validation is disabled, inject a callback to handle properly
HttpClientHelper.ConfigureCertificateValidation(
_options.ValidateCertificates,
out prevProtocols,
out prevValidator);
using (var client = HttpClientHelper.GetHttpClient(_options.ValidateCertificates, DEFAULT_GETPERMISSIONS_TIMEOUT))
{
using (HttpResponseMessage response = await client.SendAsync(request).ConfigureAwait(false))
{
if (response.StatusCode != HttpStatusCode.OK)
{
_logger?.LogInformation(
"Cloud Foundry returned status: {HttpStatus} while obtaining permissions from: {PermissionsUri}",
response.StatusCode,
checkPermissionsUri);
return(response.StatusCode == HttpStatusCode.Forbidden
? new SecurityResult(HttpStatusCode.Forbidden, ACCESS_DENIED_MESSAGE)
: new SecurityResult(HttpStatusCode.ServiceUnavailable, CLOUDFOUNDRY_NOT_REACHABLE_MESSAGE));
}
return(new SecurityResult(await GetPermissions(response).ConfigureAwait(false)));
}
}
}
catch (Exception e)
{
_logger?.LogError("Cloud Foundry returned exception: {SecurityException} while obtaining permissions from: {PermissionsUri}", e, checkPermissionsUri);
return(new SecurityResult(HttpStatusCode.ServiceUnavailable, CLOUDFOUNDRY_NOT_REACHABLE_MESSAGE));
}
finally
{
HttpClientHelper.RestoreCertificateValidation(_options.ValidateCertificates, prevProtocols, prevValidator);
}
}
protected internal void HandleStopEvent(Activity current, HttpRequestMessage request, HttpResponseMessage response, TaskStatus taskStatus)
{
if (ShouldIgnoreRequest(request.RequestUri.AbsolutePath))
{
Logger?.LogDebug("HandleStopEvent: Ignoring path: {path}", SecurityUtilities.SanitizeInput(request.RequestUri.AbsolutePath));
return;
}
if (current.Duration.TotalMilliseconds > 0)
{
var labels = GetLabels(request, response, taskStatus);
_clientTimeMeasure.Record(default(SpanContext), current.Duration.TotalMilliseconds, labels);
_clientCountMeasure.Record(default(SpanContext), 1, labels);
}
}
protected internal void HandleStopEvent(Activity current, HttpWebRequest request, HttpStatusCode statusCode)
{
if (ShouldIgnoreRequest(request.RequestUri.AbsolutePath))
{
Logger?.LogDebug("HandleStopEvent: Ignoring path: {path}", SecurityUtilities.SanitizeInput(request.RequestUri.AbsolutePath));
return;
}
if (current.Duration.TotalMilliseconds > 0)
{
ITagContext tagContext = GetTagContext(request, statusCode);
StatsRecorder
.NewMeasureMap()
.Put(clientTimeMeasure, current.Duration.TotalMilliseconds)
.Put(clientCountMeasure, 1)
.Record(tagContext);
}
}
public void SanitizeInput_RemovesCrlf()
{
Assert.DoesNotContain("\r", SecurityUtilities.SanitizeInput("some\rparagraph\rwith\rcarriage\rreturns"));
Assert.DoesNotContain("\n", SecurityUtilities.SanitizeInput("some\nparagraph\nwith\nline\nendings"));
}
public void SanitizeInput_EncodesHtml()
{
Assert.Equal(">some string<", SecurityUtilities.SanitizeInput(">some string<"));
}
public void SanitizeInput_ReturnsNullAndEmptyUnchanged()
{
Assert.Null(SecurityUtilities.SanitizeInput(null));
Assert.Equal(string.Empty, SecurityUtilities.SanitizeInput(string.Empty));
}
public override Dictionary <string, object> Invoke(LoggersChangeRequest request)
{
_logger?.LogDebug("Invoke({0})", SecurityUtilities.SanitizeInput(request?.ToString()));
return(DoInvoke(_cloudFoundryLoggerProvider, request));
}
