/// <summary>
/// Determines ViewstateMac Vulnerabilities.
/// </summary>
/// <param name="filePath"></param>
/// <returns></returns>
public IEnumerable <VulnerabilityDetail> FindVulnerabilties(string filePath)
{
List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>();
XPathNavigator element = XMLParser.CreateNavigator(filePath, Pages_Node);
if (element != null && element.HasAttributes)
{
bool vulnerable = false;
element.MoveToFirstAttribute();
do
{
if (element.Name.Equals("enableViewStateMac", StringComparison.OrdinalIgnoreCase))
{
if (element.Value.Equals("false", StringComparison.OrdinalIgnoreCase))
{
vulnerable = true;
}
break;
}
}while (element.MoveToNextAttribute());
if (vulnerable)
{
vulnerabilities.Add(VulnerabilityDetail.Create(filePath, element, Enums.ScannerType.ViewStateMac));
}
}
return(vulnerabilities);
}
/// <summary>
/// This method to find HTTP Header Vulnerabilities.
/// </summary>
/// <param name="filePath"></param>
/// <returns></returns>
public IEnumerable <VulnerabilityDetail> FindVulnerabilties(string filePath)
{
List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>();
XPathNavigator element = XMLParser.CreateNavigator(filePath, HttpRuntime_Node);
if (element != null && element.HasAttributes)
{
element.MoveToFirstAttribute();
do
{
if (element.Name.Equals("enableHeaderChecking", StringComparison.OrdinalIgnoreCase))
{
if (element.Value.Equals("false", StringComparison.OrdinalIgnoreCase))
{
vulnerabilities.Add(VulnerabilityDetail.Create(filePath, element, Enums.ScannerType.HTTPHeaderChecking));
}
break;
}
}while (element.MoveToNextAttribute());
}
return(vulnerabilities);
}
/// <summary>
/// This method will find Machine key Vulnerabilities.
/// </summary>
/// <param name="filePath"></param>
/// <returns></returns>
public IEnumerable <VulnerabilityDetail> FindVulnerabilties(string filePath)
{
List <VulnerabilityDetail> vulnerabilities = new List <VulnerabilityDetail>();
XPathNavigator element = XMLParser.CreateNavigator(filePath, Forms_Node);
if (element != null && element.HasAttributes)
{
element.MoveToFirstAttribute();
do
{
if (element.Name.Equals("validationKey", StringComparison.InvariantCultureIgnoreCase) ||
element.Name.Equals("decryptionKey", StringComparison.InvariantCultureIgnoreCase))
{
if (!element.Value.Contains("AutoGenerate"))
{
vulnerabilities.Add(VulnerabilityDetail.Create(filePath, element, Enums.ScannerType.MachineKeyClearText));
}
}
}while (element.MoveToNextAttribute());
}
return(vulnerabilities);
}
