/// <summary>
/// Load instrusion detector instance
/// </summary>
/// <param name="detectorConfig"></param>
/// <returns></returns>
internal static IIntrusionDetector LoadIntrusionDetector(IntrusionDetectorElement detectorConfig)
{
Debug.Assert(detectorConfig != null);
IIntrusionDetector detector = null;
if (!string.IsNullOrEmpty(detectorConfig.Type))
{
detector = ObjectBuilder.Build <IIntrusionDetector>(detectorConfig.Type);
}
else
{
// Create default
detector = new IntrusionDetector();
}
// Load event thresholds
foreach (ThresholdElement e in detectorConfig.EventThresholds)
{
string[] actions = e.Actions.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
Threshold threshold = new Threshold(e.Name, e.Count, e.Interval, actions);
detector.AddThreshold(threshold);
}
return(detector);
}
public void Test_Execute()
{
IIntrusionDetector detector = Esapi.IntrusionDetector;
string url = Guid.NewGuid().ToString();
RedirectAction action = new RedirectAction(url);
// Set context
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
// Block
try {
Assert.AreNotEqual(HttpContext.Current.Request.RawUrl, action.Url);
action.Execute(ActionArgs.Empty);
Assert.Fail("Request not terminated");
}
catch (Exception exp) {
// FIXME : so far there is no other way to test the redirect except to check
// the stack of the exception. Ideally we should be able to mock the request
// redirect itself
Assert.IsTrue(exp.StackTrace.Contains("at System.Web.HttpResponse.Redirect(String url, Boolean endResponse)"));
}
}
/// <summary>
/// The intrusion detector accessor.
/// </summary>
/// <returns> The intrusion detector implementation.
/// </returns>
public static IIntrusionDetector IntrusionDetector()
{
if (Esapi.intrusionDetector == null)
{
Esapi.intrusionDetector = new IntrusionDetector();
}
return(Esapi.intrusionDetector);
}
public static IIntrusionDetector IntrusionDetector()
{
if (Owasp.Esapi.Esapi.intrusionDetector == null)
{
Owasp.Esapi.Esapi.intrusionDetector = (IIntrusionDetector) new IntrusionDetector();
}
return(Owasp.Esapi.Esapi.intrusionDetector);
}
public void Test_LoadCustom()
{
// Set new
EsapiConfig.Instance.IntrusionDetector.Type = typeof(SurrogateIntrusionDetector).AssemblyQualifiedName;
IIntrusionDetector detector = Esapi.IntrusionDetector;
Assert.IsTrue(detector.GetType().Equals(typeof(SurrogateIntrusionDetector)));
}
/// <summary>
/// The intrusion detector accessor.
/// </summary>
/// <returns> The intrusion detector implementation.
/// </returns>
public static IIntrusionDetector IntrusionDetector()
{
if (Esapi.intrusionDetector == null)
Esapi.intrusionDetector = new IntrusionDetector();
return Esapi.intrusionDetector;
}
