public IDSPageSettings(IDSGlobalSettings GlobalSettings) { this.CookieExclusions.AddRange(GlobalSettings.CookieExclusions); this.DecodeJS = GlobalSettings.DecodeJS; this.DecodeUTF7 = GlobalSettings.DecodeUTF7; this.ScanCookies = GlobalSettings.ScanCookies; this.ScanGet = GlobalSettings.ScanGet; this.ScanHeaders = GlobalSettings.ScanHeaders; this.ScanKeys = GlobalSettings.ScanKeys; this.ScanOutput = GlobalSettings.ScanOutput; this.ScanPost = GlobalSettings.ScanPost; }
/// <summary> /// The Secure Page's OnInit event handler /// </summary> /// <param name="e">The Page Init EventArgs</param> protected override void OnInit(EventArgs e) { base.OnInit(e); //Create a config object IDSGlobalSettings settings = new IDSGlobalSettings(); IDSPageSettings pageSettings = new IDSPageSettings(settings); pageSettings.OnIDSEvent = OnIDSEvent; pageSettings.CookieExclusions = _exclusions_cookies; pageSettings.PostExclusions = _exclusions_post; pageSettings.HeaderExclusions = _exclusions_headers; pageSettings.GetExclusions = _exclusions_get; pageSettings.DecodeJS = _decodeJS; pageSettings.DecodeUTF7 = _decodeUTF7; settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings); WebScanRunner wsr = new WebScanRunner(settings); wsr.Run(); }
/// <summary> /// The Secure Page's OnInit event handler /// </summary> /// <param name="e">The Page Init EventArgs</param> protected override void OnInit(EventArgs e) { base.OnInit(e); //Create a config object IDSGlobalSettings settings = new IDSGlobalSettings(); IDSPageSettings pageSettings = new IDSPageSettings(settings); pageSettings.OnIDSEvent = OnIDSEvent; pageSettings.CookieExclusions = _exclusions_cookies; pageSettings.PostExclusions = _exclusions_post; pageSettings.HeaderExclusions = _exclusions_headers; pageSettings.GetExclusions = _exclusions_get; pageSettings.DecodeJS = _decodeJS; pageSettings.DecodeUTF7 = _decodeUTF7; settings.PageSettings.Add(Misc.GetCurrentPageName(), pageSettings); WebScanRunner wsr = new WebScanRunner(settings); wsr.Run(); }
void ids_BeginRequest(object sender, EventArgs e) { //Attempt to read the app's config IDSGlobalSettings ims = (IDSGlobalSettings)ConfigurationSettings.GetConfig("dotnetids/idsconfig"); string filename = System.IO.Path.GetFileName(HttpContext.Current.Request.Url.AbsolutePath).ToLowerInvariant(); //Look for regex options to exclude foreach (RegexSettings rs in ims.ExcludedRegexen) { RegexOptions ro = new RegexOptions(); if (rs.IgnoreCase) { ro = ro | RegexOptions.IgnoreCase; } if (Regex.IsMatch(HttpContext.Current.Request.Url.AbsolutePath, rs.Pattern, ro)) { return; } } //Look for pages to exclude foreach (string s in ims.ExcludedPages) { if (s.ToLowerInvariant() == filename) { return; } } //Run the scanner WebScanRunner sr = new WebScanRunner(ims); sr.Run(); }
public object Create(object parent, object configContext, System.Xml.XmlNode section) { IDSGlobalSettings settings = new IDSGlobalSettings(); IDSBaseSettings ibs = (IDSBaseSettings)settings; //Load base IDS settings LoadBaseSettings(ref ibs, section); //Get page exclusions XmlNodeList xnl = section.SelectNodes("excludepage"); foreach (XmlNode n in xnl) { string pagetoexclude = GetAttribute(n, "page", true); settings.ExcludedPages.Add(pagetoexclude); } //Get regex exclusions xnl = section.SelectNodes("excluderegex"); foreach (XmlNode n in xnl) { string pattern = GetAttribute(n, "pattern", true); bool ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true)); settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase)); } //Get the global callbacks xnl = section.SelectNodes("callback"); foreach (XmlNode n in xnl) { string method = GetAttribute(n, "method", true); string namespaceandtype = GetAttribute(n, "namespaceandtype", true); string assembly = GetAttribute(n, "assembly", true); settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly)); } //Get page settings xnl = section.SelectNodes("pagesetup"); foreach (XmlNode n in xnl) { string pagename = GetAttribute(n, "page", true); //Create a page settings object IDSPageSettings ips = new IDSPageSettings(settings); try { settings.PageSettings.Add(pagename, ips); } catch (Exception e) { throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e); } //Populate base data IDSBaseSettings pagebase = (IDSBaseSettings)ips; LoadBaseSettings(ref pagebase, n); //Look for page callbacks XmlNodeList pagecallbacks = n.SelectNodes("callback"); foreach (XmlNode pagecallback in pagecallbacks) { string method = GetAttribute(pagecallback, "method", true); string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true); string assembly = GetAttribute(pagecallback, "assembly", true); ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly)); } } return(settings); }
public WebScanRunner(IDSGlobalSettings settings) { _settings = settings; }
public WebScanRunner(IDSGlobalSettings settings) { _settings = settings; }
public IDSPageSettings(IDSGlobalSettings GlobalSettings) { this.CookieExclusions.AddRange(GlobalSettings.CookieExclusions); this.DecodeJS = GlobalSettings.DecodeJS; this.DecodeUTF7 = GlobalSettings.DecodeUTF7; this.ScanCookies = GlobalSettings.ScanCookies; this.ScanGet = GlobalSettings.ScanGet; this.ScanHeaders = GlobalSettings.ScanHeaders; this.ScanKeys = GlobalSettings.ScanKeys; this.ScanOutput = GlobalSettings.ScanOutput; this.ScanPost = GlobalSettings.ScanPost; }
public object Create(object parent, object configContext, System.Xml.XmlNode section) { IDSGlobalSettings settings = new IDSGlobalSettings(); IDSBaseSettings ibs = (IDSBaseSettings)settings; //Load base IDS settings LoadBaseSettings(ref ibs, section); //Get page exclusions XmlNodeList xnl = section.SelectNodes("excludepage"); foreach (XmlNode n in xnl) { string pagetoexclude = GetAttribute(n, "page", true); settings.ExcludedPages.Add(pagetoexclude); } //Get regex exclusions xnl = section.SelectNodes("excluderegex"); foreach (XmlNode n in xnl) { string pattern = GetAttribute(n, "pattern", true); bool ignorecase = bool.Parse(GetAttribute(n, "ignorecase", true)); settings.ExcludedRegexen.Add(new RegexSettings(pattern, ignorecase)); } //Get the global callbacks xnl = section.SelectNodes("callback"); foreach (XmlNode n in xnl) { string method = GetAttribute(n, "method", true); string namespaceandtype = GetAttribute(n, "namespaceandtype", true); string assembly = GetAttribute(n, "assembly", true); settings.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly)); } //Get page settings xnl = section.SelectNodes("pagesetup"); foreach (XmlNode n in xnl) { string pagename = GetAttribute(n, "page", true); //Create a page settings object IDSPageSettings ips = new IDSPageSettings(settings); try { settings.PageSettings.Add(pagename, ips); } catch (Exception e) { throw new ApplicationException("Only one config section can exist for the page named \"" + pagename + "\"", e); } //Populate base data IDSBaseSettings pagebase = (IDSBaseSettings)ips; LoadBaseSettings(ref pagebase, n); //Look for page callbacks XmlNodeList pagecallbacks = n.SelectNodes("callback"); foreach (XmlNode pagecallback in pagecallbacks) { string method = GetAttribute(pagecallback, "method", true); string namespaceandtype = GetAttribute(pagecallback, "namespaceandtype", true); string assembly = GetAttribute(pagecallback, "assembly", true); ips.Callbacks.Add(new IDSCallback(method, namespaceandtype, assembly)); } } return settings; }