Exemplo n.º 1
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            try
            {
                ProbeHelper.InstallProbe(instanceInfo.Directory);

                var uri = new Uri(instanceInfo.Uri, "CMSPages/KInspectorProbe.aspx");
                HttpWebRequest request = WebRequest.CreateHttp(uri);
                using (WebResponse response = request.GetResponse())
                {
                    DataTable result = new DataTable();
                    result.ReadXml(response.GetResponseStream());

                    return new ModuleResults
                    {
                        Result = result,
                    };
                }
            }
            catch (Exception e)
            {
                // Probably 404
                return new ModuleResults
                {
                    Result = e.ToString(),
                    Status = Status.Error
                };
            }
            finally
            {
                ProbeHelper.UninstallProbe(instanceInfo.Directory);
            }
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> report = new List<string>();

            bool isWebSite = ProjectCodeFilesHelper.Current.IsWebSiteProject(instanceInfo.Directory);

            List<string> customerCodeFiles = ProjectCodeFilesHelper.Current.GetCustomerProjectCodeFiles(instanceInfo.Directory, instanceInfo.Version, isWebSite, true).ToList();
            if (customerCodeFiles.Count == 0)
            {
                return new ModuleResults
                {
                    ResultComment = "No customer files found.",
                    Status = Status.Good
                };
            }

            report.AddRange(customerCodeFiles);

            VulnerabilityAnalysisResults results = new VulnerabilityAnalysisResults();
            AnalyseVulnerabilities(instanceInfo.Directory, customerCodeFiles, ref results);
            string resultString = PrintResults(results);
            if (!String.IsNullOrEmpty(resultString))
            {
                report.Add(String.Empty);
                report.AddRange(resultString.Split(new[] { "<br />" }, StringSplitOptions.None));
            }

            return new ModuleResults
            {
                Result = report,
                Trusted = true
            };
        }
Exemplo n.º 3
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetTableFromFile("AttachmentsBySizeModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
Exemplo n.º 4
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetPrintsFromFile("CMSFileModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
Exemplo n.º 5
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetDataSetFromFile("Setup/LicenseSetupModule.sql");

            return new ModuleResults
            {
                Result = results
            };
        }
Exemplo n.º 6
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetTableFromFile("BigTablesModuleAzure.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetPrintsFromFile("Setup/SiteDomainAliasesSetupModule.sql");

            return new ModuleResults
            {
                Result = results
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> report = new List<string>();

            mDatabaseService = instanceInfo.DBService;
            mInstancePath = instanceInfo.Directory.FullName;

            HashSet<string> transformationNames = new HashSet<string>();
            mTransformationFullNames = new HashSet<string>();

            DataTable webPartsInTransformationsTable = GetPageTemplateWebParts(LikePageTemplateDisplayName);
            foreach (DataRow webPart in webPartsInTransformationsTable.Rows)
            {
                XmlDocument xmlDoc = new XmlDocument();
                xmlDoc.LoadXml(webPart["PageTemplateWebParts"] as string);

                IEnumerable<string> templateTransformationFullNames = GetTransformationNamesInPageTemplateWebParts(xmlDoc);

                foreach (string templateTransformationFullName in templateTransformationFullNames)
                {
                    mTransformationFullNames.Add(templateTransformationFullName);
                    string transformationName = templateTransformationFullName.Substring(templateTransformationFullName.LastIndexOf('.') + 1);
                    transformationNames.Add(transformationName);
                }
            }

            DataTable transformationCodesTable = GetTransformationCodes(transformationNames);
            foreach (DataRow transformation in transformationCodesTable.Rows)
            {
                int transformationId = (int) transformation["TransformationID"];
                string transformationName = transformation["TransformationName"] as string;
                string transformationCode = transformation["TransformationCode"] as string;

                string xssResult = null;
                AnalyseXss(transformationId, transformationName, transformationCode, ref xssResult);
                if (!String.IsNullOrEmpty(xssResult))
                {
                    report.Add(xssResult);
                }
            }

            if (report.Count == 0)
            {
                return new ModuleResults
                {
                    ResultComment = "No problems in transformations found.",
                    Status = Status.Good
                };
            }

            return new ModuleResults
            {
                Result = report,
                Trusted = true
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetDataSetFromFile("WebPartsInTemplatesAndTransformationsModule.sql");

            return new ModuleResults
            {
                Result = results
            };
        }
Exemplo n.º 10
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetDataSetFromFile("Setup/SitesSetupModule.sql");

            return new ModuleResults
            {
                Result = results
            };
        }
Exemplo n.º 11
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetPrintsFromFile("CMSFileModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("ApplicationRestartsModule.sql");

            return new ModuleResults
            {
                Result = results,
            };
        }
Exemplo n.º 13
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var results = dbService.ExecuteAndGetTableFromFile("SecuritySettingsModule.sql");
            List<DataRow> rowsToDelete = new List<DataRow>();

            // Iterate through and check int/double settings
            foreach (DataRow row in results.Rows)
            {
                if (!String.IsNullOrEmpty(row["Key value"].ToString()))
                {
                    switch (row["Key name"].ToString())
                    {
                        case "CMSResetPasswordInterval":
                            if (GetValueAndCheckInterval(row, 1, 12))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        case "CMSPolicyMinimalLength":
                            if (GetValueAndCheckInterval(row, 8))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        case "CMSPolicyNumberOfNonAlphaNumChars":
                            if (GetValueAndCheckInterval(row, 2))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        case "CMSMaximumInvalidLogonAttempts":
                            if (GetValueAndCheckInterval(row, 0, 5))
                            {
                                rowsToDelete.Add(row);
                            }
                            break;
                        default: break;
                    }
                }
            }

            foreach(DataRow row in rowsToDelete)
            {
                results.Rows.Remove(row);
            }

            return new ModuleResults
            {
                Result = results,
                ResultComment = "",
                Status = Status.Warning,
            };
        }
Exemplo n.º 14
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;
            var sitemaps = dbService.ExecuteAndGetDataSetFromFile("SiteMapModule.sql");

            // Postprocess sitemaps of all sites
            foreach (DataTable sitemap in sitemaps.Tables)
            {
                bool outputCacheEnabled = dbService.GetSetting<bool>("CMSEnableOutputCache", sitemap.TableName);

                // process every row of the sitemap
                foreach (DataRow row in sitemap.Rows)
                {
                    // Get effective value of columns that can be inherited
                    foreach (var column in ColumnsWithInheritance)
                    {
                        string origColName = column.Key + "Orig";

                        // Add new column to the table for storing original column value
                        if (!sitemap.Columns.Contains(origColName))
                        {
                            int colIndex = sitemap.Columns.IndexOf(column.Key);
                            sitemap.Columns.Add(origColName).SetOrdinal(colIndex);
                        }

                        // Copy original value to the new column
                        row[origColName] = row[column.Key];

                        if (column.Key == "OutputCache" && !outputCacheEnabled)
                        {
                            // Special case - output cache can be disabled in settings and then effective value is always 0
                            row[column.Key] = 0;
                        }
                        else
                        {
                            // Set effective value to the column
                            row[column.Key] = GetEffectiveColumnResult(sitemap, row, column.Key, column.Value);
                        }
                    }
                }

                // All post processing for the table is done - remove columns that might not be visible
                sitemap.Columns.Cast<DataColumn>()
                    .Select(x => x.ColumnName)
                    .Except(VisibleColumns)
                    .ToList()
                    .ForEach(x => sitemap.Columns.Remove(x));
            }

            return new ModuleResults
            {
                Result = sitemaps,
            };
        }
Exemplo n.º 15
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> responses = new List<string>();

            var dbService = instanceInfo.DBService;
            var activityCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Activity");
            if (activityCount > 10000000)
            {
                responses.Add("There is over 10 000 000 (" + activityCount + " exactly) activities in the database. Consider using deleting old page visits or setting up the old contact's deletion");
            }

            var contactsCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact");
            if (contactsCount > 1000000)
            {
                responses.Add("There is over 1 000 000 (" + contactsCount + " exactly) contacts in the database. Consider using old contact's deletion");

                var anonymousCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact WHERE ContactLastName LIKE 'Anonymous%'");
                var mergedCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Contact WHERE ContactMergedWithContactID NOT NULL");

                responses.Add("Out of these " + contactsCount + " contacts, " + anonymousCount + " are anonymous and " + mergedCount + " are merged");
            }

            var contactGroupCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_ContactGroup");
            if (contactGroupCount > 50)
            {
                responses.Add("There is over 100 contact groups (" + contactGroupCount + " exactly). This might affect performance, are all of those really neccessary?");
            }

            var scoringRuleCount = dbService.ExecuteAndGetScalar<int>("SELECT COUNT(*) FROM OM_Rule");
            if (scoringRuleCount > 50)
            {
                responses.Add("There is over 100 scoring rules (" + scoringRuleCount + " exactly). This might affect performance, are all of those really neccessary?");
            }

            if (responses.Any())
            {
                return new ModuleResults
                {
                    Result = responses,
                    ResultComment = @"Check the counts in the result table. Exceeding the limits doesn't mean it must be wrong.
            It depends on other things like traffic, hardware and so on.",
                    Status = Status.Error,
                };
            }
            else
            {
                return new ModuleResults
                {
                    ResultComment = "All of critical Online marketing are small enough to use Online marketing without affecting performance.",
                    Status = Status.Good
                };
            }
        }
Exemplo n.º 16
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            var dbService = instanceInfo.DBService;

            int databaseSizeInMB = dbService.ExecuteAndGetScalar<int>("SELECT SUM(reserved_page_count) * 8.0 / 1024 FROM sys.dm_db_partition_stats");
            var results = dbService.ExecuteAndGetTableFromFile("BigTablesModule.sql");

            return new ModuleResults
            {
                Result = results,
                ResultComment = String.Format("The overall database size is {0} MB", databaseSizeInMB)
            };
        }
Exemplo n.º 17
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var urls = dbService.ExecuteAndGetTableFromFile("ScreenshotterModule.sql");

            // Start process in separate thread to make website responsive.
            Thread t = new Thread(StartScreenshotting);
            t.Start(new object[] { instanceInfo, urls });

            return new ModuleResults
            {
                Result = urls
            };
        }
Exemplo n.º 18
0
 public HttpResponseMessage GetKenticoVersion([FromUri]InstanceConfig config)
 {
     try
     {
         var instance = new InstanceInfo(config);
         var version = instance.Version;
         return Request.CreateResponse(HttpStatusCode.OK, version);
     }
     catch (Exception e)
     {
         return Request.CreateResponse(HttpStatusCode.BadRequest, e.Message);
     }
 }
Exemplo n.º 19
0
 public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
 {
     if (instanceInfo.Version == new Version("6.0"))
     {
         return new ModuleResults
         {
             Result = dbService.ExecuteAndGetPrintsFromFile("WebPartColumnsModule6.sql"),
         };
     }
     return new ModuleResults
     {
         Result = dbService.ExecuteAndGetPrintsFromFile("WebPartColumnsModule.sql"),
     };
 }
Exemplo n.º 20
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            DataTable expiredTokens = new DataTable("Expired account tokens");
            expiredTokens.Columns.Add("SocialNetwork");
            expiredTokens.Columns.Add("SiteName");
            expiredTokens.Columns.Add("AccountName");

            if (instanceInfo.Version != new Version("8.0"))
            {
                // LinkedIn integration is in 8.1 and newer
                var linResults = dbService.ExecuteAndGetTableFromFile("ExpiredTokensModule-LinkedIn.sql");
                foreach (DataRow token in linResults.Rows)
                {
                    var row = expiredTokens.NewRow();
                    row["SocialNetwork"] = "LinkedIn";
                    row["SiteName"] = token["SiteName"];
                    row["AccountName"] = token["AccountName"];
                    expiredTokens.Rows.Add(row);
                }
            }

            var fbResults = dbService.ExecuteAndGetTableFromFile("ExpiredTokensModule-Facebook.sql");
            if (fbResults.Rows.Count > 0)
            {
                foreach (DataRow token in fbResults.Rows)
                {
                    var row = expiredTokens.NewRow();
                    row["SocialNetwork"] = "Facebook";
                    row["SiteName"] = token["SiteName"];
                    row["AccountName"] = token["AccountName"];
                    expiredTokens.Rows.Add(row);
                }
            }

            if (expiredTokens.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    Result = expiredTokens,
                    Status = Status.Error,
                    ResultComment = "Tokens have expired, posting stuff on some social markenting accounts doesn't work at all for accounts in results. Tell customer to reauthorize the pages.",
                };
            }

            return new ModuleResults
            {
                Status = Status.Good,
                ResultComment = "There are no expired tokens.",
            };
        }
Exemplo n.º 21
0
        public HttpResponseMessage GetModuleResult(string moduleName, [FromUri]InstanceConfig config)
        {
            try
            {
                var instance = new InstanceInfo(config);
                var result = ModuleLoader.GetModule(moduleName).GetResults(instance);

                return Request.CreateResponse(HttpStatusCode.OK, result);
            }
            catch (Exception e)
            {
                return Request.CreateResponse(HttpStatusCode.InternalServerError,
                    String.Format("Error in \"{0}\" module. Error message: {1}", moduleName, e.Message));
            }
        }
Exemplo n.º 22
0
        public ModuleResults GetResults(InstanceInfo instanceInfo)
        {
            List<string> report = new List<string>();

            mDatabaseService = instanceInfo.DBService;

            DataTable webPartsInTransformationsTable = GetPageTemplateWebParts(LikePageTemplateDisplayName);
            List<string> whereOrderResults = new List<string>();
            List<string> otherResults = new List<string>();
            foreach (DataRow webPart in webPartsInTransformationsTable.Rows)
            {
                string pageTemplateDisplayName = webPart["PageTemplateDisplayName"] as string;
                XmlDocument webPartsXmlDoc = new XmlDocument();
                webPartsXmlDoc.LoadXml(webPart["PageTemplateWebParts"] as string);

                whereOrderResults.AddRange(AnalyseWhereAndOrderByConditionsInPageTemplateWebParts(webPartsXmlDoc, pageTemplateDisplayName));
                otherResults.AddRange(AnalysePageTemplateWebParts(webPartsXmlDoc, pageTemplateDisplayName));
            }

            if (whereOrderResults.Count > 0)
            {
                report.Add("------------------------ Web parts - Where and Order condition results - Potential SQL injections -----------------");
                report.AddRange(whereOrderResults);
            }
            if (otherResults.Count > 0)
            {
                report.Add("------------------------ Macros in DB - Potential XSS -----------------");
                report.AddRange(otherResults);
            }

            if (report.Count == 0)
            {
                return new ModuleResults
                {
                    ResultComment = "No problems in web parts found.",
                    Status = Status.Good
                };
            }

            StringBuilder res = new StringBuilder();
            report.ForEach(it => res.Append(it.Replace("\n", "<br />")));

            return new ModuleResults
            {
                Result = report,
                Trusted = true
            };
        }
Exemplo n.º 23
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            DataTable sourceUIElements = dbService.ExecuteAndGetTableFromFile(String.Format("UIElementsDiffV{0}.sql", instanceInfo.Version.Major));

            var kenticoUIElements = new DataTable();
            kenticoUIElements.ReadXml(String.Format("./Data/DefaultUIElements/{0}{1}.xml", instanceInfo.Version.Major, instanceInfo.Version.Minor));

            RemoveHashesFromStringRecords(sourceUIElements);

            var result = Diff(kenticoUIElements, sourceUIElements);

            return new ModuleResults
            {
                Result = result
            };
        }
Exemplo n.º 24
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            if (!TestUrl(instanceInfo.Url, "robots.txt"))
            {
                return new ModuleResults
                {
                    Status = Status.Warning,
                    Result = "Missing! Please add the robots.txt into the web root",
                };
            }

            return new ModuleResults
            {
                Status = Status.Good,
                Result = "All good, robots.txt found.",
            };
        }
Exemplo n.º 25
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var contactNumber = dbService.ExecuteAndGetScalar<int>(@"SELECT COUNT(*) FROM OM_Contact");

            var results = dbService.ExecuteAndGetTableFromFile(@"OMInactiveContactsDeletion.sql");

            return new ModuleResults
            {
                Result = results,
                ResultComment = @"Inactive contact deletion setting should be always set up, so that the database doesn't get too big over time.
            It is a business decision what contacts could be deleted. There are now " + (contactNumber < 10000 ? "only " : "") + contactNumber + " contacts in the database.",
                Status = (contactNumber > 100000 && results.Rows.Count > 0)
                            ? Status.Error
                            : (results.Rows.Count > 0)
                                ? Status.Warning
                                : Status.Good
            };
        }
Exemplo n.º 26
0
        public HttpResponseMessage GetModuleResult(string moduleName, [FromUri]KenticoInstanceConfig config)
        {
            try
            {
                DatabaseService dbService = new DatabaseService(config.Server, config.Database, config.User, config.Password);
                var version = GetKenticoVersion(dbService);

                InstanceInfo instanceInfo = new InstanceInfo(version, new Uri(config.Url), new DirectoryInfo(config.Path));
                var result = ModuleLoader.GetModule(moduleName).GetResults(instanceInfo, dbService);

                return Request.CreateResponse(HttpStatusCode.OK, result);
            }
            catch (Exception e)
            {
                return Request.CreateResponse(HttpStatusCode.InternalServerError,
                    String.Format("Error in \"{0}\" module. Error message: {1}", moduleName, e.Message));
            }
        }
Exemplo n.º 27
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetPrintsFromFile("ScheduledTasksModule.sql");

            var res = new ModuleResults
            {
                Result = results,
            };

            if (results.Any(x => x.Contains("DISABLE SCHEDULED TASK!")
                || x.Contains("DON NOT RUN THE task as EXTERNAL")
                || x.Contains("RUN THE task as EXTERNAL")))
            {
                res.Status = Status.Warning;
            }

            return res;
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var manualContactGroups = dbService.ExecuteAndGetTableFromFile("OMContactGroupsWithManualMacro.sql");
            if (manualContactGroups.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    Result = manualContactGroups,
                    ResultComment = "These contact groups use plain macro that should be translated into MacroRules, so that the SQL translation could be leveraged. This is like MUCH slower.",
                    Status = Status.Error,
                };
            }

            return new ModuleResults
            {
                ResultComment = "All existing contact groups are designed with Macro, so they can leverage fast recalculation ",
                Status = Status.Good
            };
        }
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetTableFromFile("DatabaseConsistencyCheckModule.sql");

            if (results.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    ResultComment = "CHECKDB found some errors!",
                    Result = results,
                    Status = Status.Error
                };
            }

            return new ModuleResults
            {
                Status = Status.Good,
                ResultComment = "CHECKDB didn't found any errors."
            };
        }
Exemplo n.º 30
0
        public ModuleResults GetResults(InstanceInfo instanceInfo, DatabaseService dbService)
        {
            var results = dbService.ExecuteAndGetTableFromFile("EventLogErrorsModule.sql");

            if (results.Rows.Count > 0)
            {
                return new ModuleResults
                {
                    Result = results,
                    ResultComment = "Errors in event log found!",
                    Status = results.Rows.Count > 10 ? Status.Error : Status.Warning,
                };
            }

            return new ModuleResults
            {
                ResultComment = "No errors were found in the event log.",
                Status = Status.Good
            };
        }