public void Test_AddThresholdMissingAction()
{
string evtName = Guid.NewGuid().ToString();
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
Threshold threshold = new Threshold(evtName, 1, 1, new[] { Guid.NewGuid().ToString() });
detector.AddThreshold(threshold);
}
public void Test_AddExceptionSecurityEvent()
{
string evtName = typeof(ArgumentException).FullName;
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
Threshold threshold = new Threshold(evtName, 1, 1, new[] { "log" });
detector.AddThreshold(threshold);
ArgumentException arg = new ArgumentException();
detector.AddException(arg);
}
/// <summary>
/// Get event threshold
/// </summary>
/// <param name="eventName"></param>
/// <returns></returns>
private Threshold GetEventThreshold(string eventName)
{
Threshold threshold;
this._thresholds.TryGetValue(eventName, out threshold);
// Event not found, create default
if (threshold == null)
{
threshold = new Threshold(eventName, 0, 0, null);
}
return threshold;
}
/// <summary>
/// Add event threshold
/// </summary>
/// <param name="threshold"></param>
public void AddThreshold(Threshold threshold)
{
if (threshold == null)
{
throw new ArgumentNullException("threshold");
}
if (this._thresholds.ContainsKey(threshold.Event))
{
throw new ArgumentException();
}
// Validate all required actions have been registered already
if (threshold.Actions != null)
{
foreach (string name in threshold.Actions)
{
if (!this._actionManager.Contains(name))
{
string message = string.Format(EM.IntrusionDetector_ActionNotFound1, name);
throw new ArgumentException(message, "threshold");
}
}
}
// Add threshold
this._thresholds.Add(threshold.Event, threshold);
}
public void Test_AddDuplicateThreshold()
{
string evtName = Guid.NewGuid().ToString();
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
Threshold threshold = new Threshold(evtName, 1, 1, new[] { BuiltinActions.FormsAuthenticationLogout });
detector.AddThreshold(threshold);
Threshold dup = new Threshold(evtName, 2, 2, null);
detector.AddThreshold(dup);
}
public void Test_IntrusionDetected()
{
string evtName = Guid.NewGuid().ToString();
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
Threshold threshold = new Threshold(evtName, 1, 1, new[] { "log"});
detector.AddThreshold(threshold);
Esapi.IntrusionDetector.AddEvent(evtName);
}
public void Test_RemoveThreshold()
{
string evtName = Guid.NewGuid().ToString();
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
Threshold threshold = new Threshold(evtName, 1, 1, new[] { "logout" });
detector.AddThreshold(threshold);
Assert.IsTrue( detector.RemoveThreshold(evtName));
}
/// <summary>
/// Load instrusion detector instance
/// </summary>
/// <param name="detectorConfig"></param>
/// <returns></returns>
internal static IIntrusionDetector LoadIntrusionDetector(IntrusionDetectorElement detectorConfig)
{
Debug.Assert(detectorConfig != null);
IIntrusionDetector detector = null;
if (!string.IsNullOrEmpty(detectorConfig.Type)) {
detector = ObjectBuilder.Build<IIntrusionDetector>(detectorConfig.Type);
}
else {
// Create default
detector = new IntrusionDetector();
}
// Load event thresholds
foreach (ThresholdElement e in detectorConfig.EventThresholds) {
string[] actions = e.Actions.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
Threshold threshold = new Threshold(e.Name, e.Count, e.Interval, actions);
detector.AddThreshold(threshold);
}
return detector;
}
// FIXME: ENHANCE should read these quotas into a map and cache them
/// <summary>
/// The intrusion detection quota for a particular events.
/// </summary>
/// <param name="eventName">
/// The quote for a particular event name.
/// </param>
/// <returns> The threshold for the event.
/// </returns>
/// <seealso cref="Owasp.Esapi.Interfaces.ISecurityConfiguration.GetQuota(string)">
/// </seealso>
public Threshold GetQuota(string eventName)
{
int count = 0;
string countString = properties.Get(eventName + ".count");
if (countString != null)
{
count = Int32.Parse(countString);
}
int interval = 0;
string intervalString = properties.Get(eventName + ".interval");
if (intervalString != null)
{
interval = Int32.Parse(intervalString);
}
IList actions = new ArrayList();
string actionString = properties.Get(eventName + ".actions");
if (actionString != null)
{
string[] actionList = Regex.Split(actionString, ",");
actions = new ArrayList(actionList);
}
Threshold q = new Threshold(eventName, count, interval, actions);
return q;
}