public void XssWindow(CmsTransformation transformation) { UseRegexAnalysis( transformation, "window\\.", ReportTerms.IssueDescriptions.XssWindow ); }
public void ServerSideScript(CmsTransformation transformation) { UseRegexAnalysis( transformation, "<script runat=\"?server\"?", ReportTerms.IssueDescriptions.ServerSideScript ); }
public void XssRequest(CmsTransformation transformation) { UseRegexAnalysis( transformation, "[ (.]request\\.", ReportTerms.IssueDescriptions.XssRequest ); }
public void XssDocument(CmsTransformation transformation) { UseRegexAnalysis( transformation, "<script .*?document\\.", ReportTerms.IssueDescriptions.XssDocument ); }
public void XssHttpContext(CmsTransformation transformation) { UseRegexAnalysis( transformation, "[ (.]httpcontext\\.", ReportTerms.IssueDescriptions.XssHttpContext ); }
public void XssServer(CmsTransformation transformation) { UseRegexAnalysis( transformation, "[ (.]server\\.", ReportTerms.IssueDescriptions.XssServer ); }
public void XssQueryString(CmsTransformation transformation) { UseRegexAnalysis( transformation, "[ (.]querystring", ReportTerms.IssueDescriptions.XssQueryString ); }
public void XssQueryHelper(CmsTransformation transformation) { UseRegexAnalysis( transformation, "queryhelper\\.", ReportTerms.IssueDescriptions.XssQueryHelper ); }
public void QueryMacro(CmsTransformation transformation) { UseRegexAnalysis( transformation, "{\\?.*|{%.*querystring", ReportTerms.IssueDescriptions.QueryMacro ); }
public void DocumentsMacro(CmsTransformation transformation) { UseRegexAnalysis( transformation, "{%.*?documents[[.]", ReportTerms.IssueDescriptions.DocumentsMacro ); }
private void AnalyzeTransformation(CmsTransformation transformation) { var issueAnalyzersObject = new IssueAnalyzers(Metadata.Terms); var issueAnalyzerPublicInstanceMethods = issueAnalyzersObject .GetType() .GetMethods(BindingFlags.Public | BindingFlags.Instance) .Where(method => method.ReturnType == typeof(void)); foreach (var issueAnalyzerPublicInstanceMethod in issueAnalyzerPublicInstanceMethods) { issueAnalyzerPublicInstanceMethod.Invoke( issueAnalyzersObject, new object[] { transformation } ); } }
private static void UseRegexAnalysis( CmsTransformation transformation, string pattern, Term issueDescription, [CallerMemberName] string?issueType = null ) { var regex = new Regex( pattern, RegexOptions.IgnoreCase | RegexOptions.CultureInvariant ); var regexMatches = regex.Matches(transformation.TransformationCode); if (regexMatches.Count == 0) { return; } if (!string.IsNullOrEmpty(issueType)) { DetectedIssueTypes.TryAdd( issueType, issueDescription ); foreach (Match?match in regex.Matches(transformation.TransformationCode)) { if (match != null) { transformation.AddIssue( match.Index, match.Length, issueType ); } } } }