/// <summary> /// Validates whether a <see cref="LocalFileSystemProvider"/> was configured /// with access restricted to a given <see cref="LocalFileSystemProvider.RootDirectory"/>, /// and makes sure that the requested <paramref name="file"/> is indeed contained /// within that folder. /// </summary> /// <param name="file">The requested file resource.</param> /// <param name="submittedFilePath">The path that was submitted in the original request.</param> /// <param name="context">The currently performed file system operation.</param> /// <exception cref="ResourceAccessException">If the requested resource is not /// a descendant of a configured <see cref="LocalFileSystemProvider.RootDirectory"/>.</exception> /// <exception cref="ArgumentNullException">If <paramref name="file"/> /// is a null reference.</exception> private void ValidateFileRequestAccess(FileItem file, string submittedFilePath, FileSystemTask context) { if (file == null) { throw new ArgumentNullException("file"); } //if there isn't a restricted custom root, every file resource can be accessed //(if the path is invalid, this will fail otherwise, depending on the action) if (RootDirectory == null) { return; } try { //if we have a custom root, make sure the resource is indeed a descendant of the root if (RootDirectory.IsParentOf(file.LocalFile.FullName)) { return; } } catch (ResourceAccessException e) { //just bubble a resource access exception if (e.Resource == null) { e.Resource = file.ResourceInfo; } throw; } catch (Exception e) { //exceptions can happen in case of invalid file paths //log detailed info string error = "Resource request for file [{0}] caused exception when validating against root directory [{1}]."; error = String.Format(error, submittedFilePath, RootDirectory.FullName); AuditHelper.AuditException(Auditor, e, AuditLevel.Warning, context, AuditEvent.InvalidFilePathFormat, error); //do not expose too much path information (e.g. absolute paths if disabled) error = String.Format("Invalid file path: [{0}].", submittedFilePath); throw new ResourceAccessException(error, e) { Resource = file.ResourceInfo, IsAudited = true }; } //if none of the above is true, the request is invalid //log detailed info string msg = "Resource request for file [{0}] was blocked. The resource is outside the root directory [{1}]."; msg = String.Format(msg, file.ResourceInfo.FullName, RootDirectory.FullName); Auditor.Audit(AuditLevel.Warning, context, AuditEvent.InvalidResourceLocationRequested, msg); //do not expose too much path information (e.g. absolute paths if disabled) msg = String.Format("Invalid file path: [{0}].", submittedFilePath); throw new ResourceAccessException(msg) { Resource = file.ResourceInfo, IsAudited = true }; }
protected IEnumerable <string> GetChildFolderPathsInternal2(FolderItem parentFolder) { //the second tests are redundant, but they should be given. otherwise let the routine cause //an exception if (parentFolder.LocalDirectory == null && parentFolder.ResourceInfo.IsRootFolder && RootDirectory == null) { //get drives return(GetDriveFolders()); } //LocalDirectory should *not* be null - this is only allowed for system roots var directory = parentFolder.LocalDirectory; if (directory == null) { string msg = "The LocalDirectory property of folder [{0}] is not set although it's not the system root. Cannot resolve child folders."; msg = String.Format(msg, parentFolder.ResourceInfo.FullName); Auditor.Audit(AuditLevel.Critical, FileSystemTask.ChildFoldersRequest, AuditEvent.InternalError, msg); msg = "Cannot resolve child folders of parent folder [{0}]."; msg = String.Format(msg, parentFolder.ResourceInfo.FullName); throw new ResourceAccessException(msg) { IsAudited = true }; } return(directory.GetDirectories().Select(di => di.FullName)); }
/// <summary> /// Gets the corresponding <see cref="TempStream"/> instance from the /// <see cref="FileCache"/>, and audits an exception in case no matching /// entry is found. /// </summary> /// <param name="transfer">The processed transfer.</param> /// <param name="position">The expected position within the stream.</param> /// <returns>The corresponding <see cref="TempStream"/> entry that was created /// during initialization.</returns> protected virtual TempStream GetCachedTempData(TTransfer transfer, long?position) { try { var stream = FileCache[transfer.TransferId]; if (position.HasValue) { stream.Position = position.Value; } return(stream); } catch (KeyNotFoundException e) { string msg = "Internal dictionary does not contain a [{0}] object found for transfer [{1}] on resource [{2}] - this should not happen."; msg = String.Format(msg, typeof(TempStream).Name, transfer.TransferId, transfer.FileItem.QualifiedIdentifier); Auditor.Audit(AuditLevel.Critical, FileSystemTask.Unknown, AuditEvent.Undefined, msg); msg = "An unexpected error occurred - could not access file data for uploaded file [{0}]"; msg = String.Format(msg, transfer.FileItem.ResourceInfo.FullName); throw new ResourceAccessException(msg, e) { IsAudited = true }; } }
private SingleTraderCreditProviderEndApplyResponse EndApply(SingleTraderCreditProviderEndApplyRequest request) { var response = new SingleTraderCreditProviderEndApplyResponse(); var args = new { Result = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80), TransactionKey = request.TransactionKey }; var dbr = Db.ExecuteNonQuery("usp1_Credit_singletrader_end_apply", args); if (dbr.Success) { response.Status = args.Result.Value?.ToString(); var ar = Auditor.Audit(request.AuditCode, $"{{trnk:{request.TransactionKey}}}"); if (ar.IsSucceeded()) { if (response.Status == "Success") { response.Succeeded(); } } else { response.Exception = ar.Exception; response.Status = "AuditError"; } } else { response.Failed(dbr.Exception); } return(response); }
public MultiTraderCreditProviderEndTransferResponse EndTransfer(MultiTraderCreditProviderEndTransferRequest request) { var response = new MultiTraderCreditProviderEndTransferResponse(); var args = new { Result = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80), TraderKey = request.TraderKey, TransactionKey = request.TransactionKey }; var dbr = Db.ExecuteNonQuery("usp1_CreditTransaction_end_transfer", args); if (dbr.Success) { response.Status = args.Result.Value?.ToString(); var ar = Auditor.Audit("CRD_ENDTRNSFR", $"{{tk:{request.TraderKey},trnk:{request.TransactionKey}}}"); if (ar.IsSucceeded()) { if (response.Status == "Success") { response.Succeeded(); } } else { response.Exception = ar.Exception; response.Status = "AuditError"; } } else { response.Failed(dbr.Exception); } return(response); }
private IEnumerable <DownloadToken> GetTransfersForResourceImpl(string virtualFilePath) { var context = FileSystemTask.DownloadTransfersByResourceQuery; var eventId = AuditEvent.ResourceDownloadsQuery; var tokens = TransferStore.GetRunningTransfersForResource(virtualFilePath).Select(t => t.Token); string msg = "Queried transfers for resource [{0}] and returned [{1}] download tokens."; msg = String.Format(msg, virtualFilePath, tokens.Count()); Auditor.Audit(AuditLevel.Info, context, eventId, msg); return(tokens); }
private UploadToken GetTransferForResourceImpl(string virtualFilePath) { const FileSystemTask context = FileSystemTask.UploadTransferByResourceQuery; const AuditEvent eventId = AuditEvent.ResourceUploadQuery; var token = TransferStore.GetRunningTransfersForResource(virtualFilePath) .Select(t => t.Token) .SingleOrDefault(); string msg = "Queried upload transfer for resource [{0}]. Token found: [{1}]."; msg = String.Format(msg, virtualFilePath, token != null); Auditor.Audit(AuditLevel.Info, context, eventId, msg); return(token); }
public MultiTraderCreditProviderBeginTransferResponse BeginTransfer(MultiTraderCreditProviderBeginTransferRequest request) { var response = new MultiTraderCreditProviderBeginTransferResponse(); var args = new { Result = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80), Key = CommandParameter.Output(System.Data.SqlDbType.VarChar, 50), TraderKey = request.TraderKey, request.FromUserName, request.ToUserName, request.Amount, request.FromInfo, request.ToInfo }; var dbr = Db.ExecuteNonQuery("usp1_CreditTransaction_begin_transfer", args); if (dbr.Success) { response.Status = args.Result.Value?.ToString(); var ar = Auditor.Audit("CRD_BGNTRNSFR", $"{{tk:{request.TraderKey},fu:{request.FromUserName},tu:{request.ToUserName},m:{request.Amount}}}"); if (ar.IsSucceeded()) { if (response.Status == "Success") { response.Succeeded(args.Key.Value); } } else { response.Exception = ar.Exception; response.Status = "AuditError"; } } else { response.Failed(dbr.Exception); } return(response); }
private MultiTraderCreditProviderBeginApplyResponse BeginApply(MultiTraderCreditProviderBeginApplyRequest request) { var response = new MultiTraderCreditProviderBeginApplyResponse(); var args = new { Result = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80), Key = CommandParameter.Output(System.Data.SqlDbType.VarChar, 50), TraderKey = request.TraderKey, UserName = request.UserName, Amount = request.Amount, Info = request.Info }; var dbr = Db.ExecuteNonQuery("usp1_CreditTransaction_begin_apply", args); if (dbr.Success) { response.Status = args.Result.Value?.ToString(); var ar = Auditor.Audit(request.AuditCode, $"{{tk:{request.TraderKey},u:{request.UserName},m:{request.Amount}}}"); if (ar.IsSucceeded()) { if (response.Status == "Success") { response.Succeeded(args.Key.Value); } } else { response.Exception = ar.Exception; response.Status = "AuditError"; } } else { response.Failed(dbr.Exception); } return(response); }
// -------------------------- Transfer -------------------------- public SingleTraderCreditProviderTransferResponse Transfer(SingleTraderCreditProviderTransferRequest request) { var response = new SingleTraderCreditProviderTransferResponse(); var args = new { Result = CommandParameter.Output(System.Data.SqlDbType.VarChar, 80), request.FromUserName, request.ToUserName, request.Amount, request.FromInfo, request.ToInfo }; var dbr = Db.ExecuteNonQuery("usp1_Credit_singletrader_transfer", args); if (dbr.Success) { response.Status = args.Result.Value?.ToString(); var ar = Auditor.Audit("CRD_TRNSFR", $"{{fu:{request.FromUserName},tu:{request.ToUserName},m:{request.Amount}}}"); if (ar.IsSucceeded()) { if (response.Status == "Success") { response.Succeeded(); } } else { response.Exception = ar.Exception; response.Status = "AuditError"; } } else { response.Failed(dbr.Exception); } return(response); }
private static void ExecuteAuditor(Auditor auditor, XmlElement el) { XmlElement element = GetComponent(el, auditor.Component, 0); auditor.Audit(element); }