private void CreateTempRuleNotifyIcon(CustomRule newRule)
{
if (!tempRules_.Contains(newRule))
{
tempRules_.Add(newRule);
}
if (tempNotifyIcon_ is null)
{
void iconClick(object sender, EventArgs e)
{
if (!RemoveTempRulesAndNotfyIcon())
{
WinForms::MessageBox.Show(Messages.MSG_RULE_RM_FAILED, Messages.MSG_DLG_ERR_TITLE, WinForms::MessageBoxButtons.OK, WinForms::MessageBoxIcon.Error);
}
}
// tray icon for temporary rule
WinForms::NotifyIcon ni = new WinForms::NotifyIcon();
ni.Click += new EventHandler(iconClick);
// shown in message center on win10
ni.BalloonTipIcon = WinForms::ToolTipIcon.Info;
ni.BalloonTipTitle = Common.Properties.Resources.RULE_TEMP_TITLE;
ni.BalloonTipText = Messages.RULE_TEMP_DESCRIPTION;
// tooltip shown on tray icon
ni.Text = Messages.RULE_TEMP_DESCRIPTION_SHORT; // limit 64 chars on win10
ni.Icon = new Icon(SystemIcons.Shield, new System.Drawing.Size(16, 16));
ni.Visible = true;
ni.ShowBalloonTip(2000);
ni.Visible = true;
tempNotifyIcon_ = ni;
}
}
/// <summary>
/// 绑定Grid
/// </summary>
public override void BindGrid()
{
CustomRule rule = new CustomRule();
gridView1.GridControl.DataSource = rule.RShow(HTDataConditionStr, ProcessGrid.GetQueryField(gridView1));
gridView1.GridControl.Show();
}
private bool createAllowRule(CurrentConn activeConn, string[] services, bool createWithAdvancedOptions, bool createTempRule, string ruleName)
{
int Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
string finalRuleName = createTempRule ? Messages.RULE_TEMP_PREFIX + ruleName : ruleName;
var newRule = new CustomRule(finalRuleName,
createWithAdvancedOptions || OptionsView.IsPathChecked ? activeConn.Path : null,
!createWithAdvancedOptions && OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null,
activeConn.CurrentLocalUserOwner,
services,
!createWithAdvancedOptions && OptionsView.IsProtocolChecked ? activeConn.RawProtocol : -1,
!createWithAdvancedOptions && OptionsView.IsTargetIPChecked ? activeConn.TargetIP : null,
!createWithAdvancedOptions && OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null,
!createWithAdvancedOptions && OptionsView.IsLocalPortChecked ? activeConn.SourcePort : null,
Profiles,
CustomRule.CustomRuleAction.Allow);
bool success = FirewallHelper.AddRule(newRule.GetPreparedRule(createTempRule)); // does not use RuleManager
if (success && createTempRule)
{
CreateTempRuleNotifyIcon(newRule);
}
return(success);
}
/// <summary>
/// 删除
/// </summary>
public override void EntityDelete()
{
CustomRule rule = new CustomRule();
Custom entity = EntityGet();
rule.RDelete(entity);
}
private void CreateTempRuleNotifyIcon(CustomRule newRule)
{
if (!tempRules_.Contains(newRule))
{
tempRules_.Add(newRule);
}
if (tempNotifyIcon_ is null)
{
// tray icon for temporary rule
WinForms::NotifyIcon ni = new WinForms::NotifyIcon();
ni.Click += iconClick;
// shown in message center on win10
ni.BalloonTipIcon = WinForms::ToolTipIcon.Info;
ni.BalloonTipTitle = Common.Properties.Resources.RULE_TEMP_TITLE;
ni.BalloonTipText = Messages.RULE_TEMP_DESCRIPTION;
// tooltip shown on tray icon
ni.Text = Messages.RULE_TEMP_DESCRIPTION_SHORT; // limit 64 chars on win10
ni.Icon = new Icon(SystemIcons.Shield, new System.Drawing.Size(16, 16));
ni.Visible = true;
ni.ShowBalloonTip(2000);
ni.Visible = true;
tempNotifyIcon_ = ni;
}
}
public void CreateExpression_DateOutsideOfWindowAndIsMonday_ReverseExpression_BuildsExpression(int year, int month, int day, bool validates, int numberOfErrorMsg)
{
// Test: (DateTime d) => d.DayOfWeek == DayOfWeek.Monday & (d < floorDate | d > ceilingDate)
var floorDate = new DateTime(2010, 2, 1);
var ceilingDate = new DateTime(2010, 3, 1);
var testDate = new DateTime(year, month, day);
// build rules / rule nodes for "d < floorDate | d > ceilingDate" and put in a group
var rangeRuleNode = new RuleNode(new LessThan <CalendarEvent, DateTime>(floorDate));
rangeRuleNode.OrChild(new RuleNode(new GreaterThan <CalendarEvent, DateTime>(ceilingDate)));
var groupNode = new GroupNode(rangeRuleNode);
// build rule / rule node for "d.DayOfWeek == DayOfWeek.Monday
var dateOneMondayRule = new CustomRule <CalendarEvent, DateTime>((c, d) => d.DayOfWeek == DayOfWeek.Monday);
dateOneMondayRule.Message = "Date does not fall on a Monday.";
var dateOneMondayRuleNode = new RuleNode(dateOneMondayRule);
// add the rangeRuleNode as an And child of dateOneMondayRuleNode
dateOneMondayRuleNode.AndChild(groupNode);
var tree = new RuleTree <CalendarEvent, DateTime>(dateOneMondayRuleNode);
Assert.That(tree.LambdaExpression, Is.Not.Null);
var context = BuildContextForCalendarEventStartDate(testDate);
var notification = new ValidationNotification();
var isValid = tree.LambdaExpression(context, null, notification);
Assert.That(isValid, Is.EqualTo(validates));
}
public void CreateExpression_DateOutsideOfWindowAndIsMonday_BuildsExpression(int year, int month, int day, bool validates, int numberOfErrorMsg)
{
// Test: (DateTime d) => (d < floorDate | d > ceilingDate) & d.DayOfWeek == DayOfWeek.Monday
var floorDate = new DateTime(2010, 2, 1);
var ceilingDate = new DateTime(2010, 3, 1);
var testDate = new DateTime(year, month, day);
// build rule / rule node for "d.DayOfWeek == DayOfWeek.Monday
var dateOneMondayRule = new CustomRule<CalendarEvent, DateTime>((c, d) => d.DayOfWeek == DayOfWeek.Monday);
dateOneMondayRule.Message = "Date does not fall on a Monday.";
var dateOneMondayRuleNode = new RuleNode(dateOneMondayRule);
// build rules / rule nodes for "d < floorDate | d > ceilingDate"
var rangeRuleNode = new RuleNode(new LessThan<CalendarEvent, DateTime>(floorDate));
rangeRuleNode.OrChild(new RuleNode(new GreaterThan<CalendarEvent, DateTime>(ceilingDate)));
// put the rules / rule nodes together using a group to enforce the "or" precidence over the "and"
var groupNode = new GroupNode(rangeRuleNode);
groupNode.AndChild(dateOneMondayRuleNode);
var tree = new RuleTree<CalendarEvent, DateTime>(groupNode);
Assert.That(tree.LambdaExpression, Is.Not.Null);
var context = BuildContextForCalendarEventStartDate(testDate);
var notification = new ValidationNotification();
var isValid = tree.LambdaExpression(context, null, notification);
Assert.That(isValid, Is.EqualTo(validates));
}
public void CreateCustomRuleThrowsError()
{
var client = CommonMethods.GetClientByRoute(TargetProcessRoutes.Route.CustomRules);
var customRule = new CustomRule
{
};
}
public void GivenValidatingCustomRule_WhenValueIsValid_ValidationIsSuccesful()
{
var value = "My String";
var validationMessage = "The value should match 'Some Other String'";
var rule = new CustomRule <string>(x => x.Equals(value), validationMessage);
var result = rule.Validate(0, 0, string.Empty, string.Empty, value);
result.IsSuccess.Should().BeTrue();
}
public bool CustomRule_WithExpression_IsValid(string propertyValue)
{
//Create Validator
var validator = new CustomRule<Contact, string>((c, name) => name.ToUpper() == "ISVALIDNAME");
validator.Message = "Invalid Name";
RuleValidatorContext<Contact, string> context = BuildContextForName(propertyValue);
//Validate the validator only, return true of no error returned
return validator.Validate(context, null) == null;
}
public bool CustomRule_WithDelegate_IsValid(string propertyValue)
{
//Create Validator
var validator = new CustomRule<Contact, string>(IsValidName);
validator.Message = "Invalid Name";
RuleValidatorContext<Contact, string> context = BuildContextForName(propertyValue);
//Validate the validator only, return true of no error returned
return validator.Validate(context, null) == null;
}
public void CustomRuleThrowsError()
{
var client = new TargetProcessClient
{
ApiSiteInfo = new ApiSiteInfo(TargetProcessRoutes.Route.CustomRules)
};
var customRule = new CustomRule
{
};
}
private static bool CreateDefaultRules()
{
bool ret = true;
var rules = FirewallHelper.GetRules();
using (ServiceController sc = new ServiceController())
{
string rname;
// Windows 8 or higher
if (Environment.OSVersion.Version >= new System.Version(6, 2))
{
rname = String.Format(Resources.RULE_NAME_FORMAT, "Windows Applications (auto)");
if (rules.All(r => r.Name != rname))
{
CustomRule newRule = new CustomRule(rname, Environment.SystemDirectory + "\\wwahost.exe", null, null, (string)null, Protocol.ANY, null, null, null, FirewallHelper.GetGlobalProfile(), CustomRule.CustomRuleAction.Allow);
ret = ret && FirewallHelper.AddRule(newRule.GetPreparedRule(false));
}
}
sc.ServiceName = "wuauserv";
rname = String.Format(Resources.RULE_NAME_FORMAT, sc.DisplayName + " (auto)");
if (rules.All(r => r.Name != rname + " [R:80,443]"))
{
CustomRule newRule = new CustomRule(rname, Environment.SystemDirectory + "\\svchost.exe", null, null, "wuauserv", Protocol.TCP, null, "80,443", null, FirewallHelper.GetGlobalProfile(), CustomRule.CustomRuleAction.Allow);
ret = ret && FirewallHelper.AddRule(newRule.GetPreparedRule(false));
}
sc.ServiceName = "bits";
rname = String.Format(Resources.RULE_NAME_FORMAT, sc.DisplayName + "(auto)");
if (rules.All(r => r.Name != rname + " [R:80,443]"))
{
CustomRule newRule = new CustomRule(rname, Environment.SystemDirectory + "\\svchost.exe", null, null, "bits", Protocol.TCP, null, "80,443", null, FirewallHelper.GetGlobalProfile(), CustomRule.CustomRuleAction.Allow);
ret = ret && FirewallHelper.AddRule(newRule.GetPreparedRule(false));
}
sc.ServiceName = "cryptsvc";
rname = String.Format(Resources.RULE_NAME_FORMAT, sc.DisplayName + "(auto)");
if (rules.All(r => r.Name != rname + " [R:80]"))
{
CustomRule newRule = new CustomRule(rname, Environment.SystemDirectory + "\\svchost.exe", null, null, "cryptsvc", Protocol.TCP, null, "80", null, FirewallHelper.GetGlobalProfile(), CustomRule.CustomRuleAction.Allow);
ret = ret && FirewallHelper.AddRule(newRule.GetPreparedRule(false));
}
//sc.ServiceName = "aelookupsvc";
//rname = String.Format(Resources.RULE_NAME_FORMAT, sc.DisplayName + "(auto)");
//if (rules.All(r => r.Name != rname + " [R:80]"))
//{
// CustomRule newRule = new CustomRule(rname, Environment.SystemDirectory + "\\svchost.exe", null, null,"aelookupsvc", (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP, null, "80", null, FirewallHelper.GetGlobalProfile(), "A");
// ret = ret && FirewallHelper.AddRule(newRule.GetPreparedRule(false));
//}
}
return(ret);
}
public List <Rule> ValidateEmployee(Employee employee)
{
var rule = new CustomRule <Employee>(e => e.LoginId, LoginIdShouldBeUnique)
{
PropertyName = "LoginId",
ScreenName = "Login Id"
};
return(employee.ValidateRules(rule));
}
public void GivenValidatingCustomRule_WhenValueIsInvalid_ValidationFails()
{
var value = "My String";
var validationMessage = "The value should match 'Some Other String'";
var rule = new CustomRule <string>(x => x.Equals("Some Other String"), validationMessage);
var result = rule.Validate(0, 0, string.Empty, string.Empty, value);
result.IsSuccess.Should().BeFalse();
result.Error.ErrorMessage.Should().Be(validationMessage);
}
public List<Rule> ValidateEmployee(Employee employee)
{
var rule = new CustomRule<Employee>(e=>e.LoginId, LoginIdShouldBeUnique)
{
PropertyName = "LoginId",
ScreenName = "Login Id"
};
return employee.ValidateRules(rule);
}
public bool CustomRule_WithDelegate_IsValid(string propertyValue)
{
//Create Validator
var validator = new CustomRule <Contact, string>(IsValidName);
validator.Message = "Invalid Name";
RuleValidatorContext <Contact, string> context = BuildContextForName(propertyValue);
var notification = new ValidationNotification();
//Validate the validator only, return true of no error returned
return(validator.Validate(context, null, notification));
}
public bool CustomRule_WithExpression_IsValid(string propertyValue)
{
//Create Validator
var validator = new CustomRule <Contact, string>((c, name) => name.ToUpper() == "ISVALIDNAME");
validator.Message = "Invalid Name";
RuleValidatorContext <Contact, string> context = BuildContextForName(propertyValue);
var notification = new ValidationNotification();
//Validate the validator only, return true of no error returned
return(validator.Validate(context, null, notification));
}
private bool createBlockRule(CurrentConn activeConn, string[] services, bool createWithAdvancedOptions, bool createTempRule, string ruleName)
{
bool success;
if (Settings.Default.UseBlockRules)
{
int Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
string finalRuleName = (createTempRule) ? Messages.RULE_TEMP_PREFIX + ruleName : ruleName;
var newRule = new CustomRule(finalRuleName,
createWithAdvancedOptions || OptionsView.IsPathChecked ? activeConn.Path : null,
!createWithAdvancedOptions && OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null,
activeConn.CurrentLocalUserOwner,
services,
!createWithAdvancedOptions && OptionsView.IsProtocolChecked ? activeConn.RawProtocol : -1,
!createWithAdvancedOptions && OptionsView.IsTargetIPChecked ? activeConn.TargetIP : null,
!createWithAdvancedOptions && OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null,
!createWithAdvancedOptions && OptionsView.IsLocalPortChecked ? activeConn.SourcePort : null,
Profiles,
CustomRule.CustomRuleAction.Block);
success = FirewallHelper.AddRule(newRule.GetPreparedRule(createTempRule)); // does not use RuleManager
if (success && createTempRule)
{
CreateTempRuleNotifyIcon(newRule);
}
if (!success)
{
MessageBox.Show(Messages.MSG_RULE_FAILED, Messages.MSG_DLG_ERR_TITLE, MessageBoxButton.OK, MessageBoxImage.Error);
}
}
else
{
// FIXME: Remove and always use Global Rules?
throw new ArgumentException("Only global block rules can be used - check options");
string entry = (!OptionsView.IsServiceRuleChecked || String.IsNullOrEmpty(activeConn.CurrentService) ? activeConn.Path : activeConn.CurrentService) +
(OptionsView.IsLocalPortChecked ? ";" + activeConn.SourcePort : ";") +
(OptionsView.IsTargetIPChecked ? ";" + activeConn.TargetIP : ";") +
(OptionsView.IsTargetPortChecked ? ";" + activeConn.TargetPort : ";"); //FIXME: Need to add more?
using (StreamWriter sw = new StreamWriter(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "exclusions.set"), true))
{
sw.WriteLine(entry);
}
success = true;
}
return(success);
}
private bool createAllowRule(CurrentConn activeConn, string[] services, bool isTemp)
{
int Profiles = OptionsView.IsCurrentProfileChecked ? FirewallHelper.GetCurrentProfile() : FirewallHelper.GetGlobalProfile();
string ruleName = isTemp ? Messages.RULE_TEMP_PREFIX + activeConn.RuleName : activeConn.RuleName;
CustomRule newRule = new CustomRule(ruleName, activeConn.CurrentPath, OptionsView.IsAppChecked ? activeConn.CurrentAppPkgId : null
, activeConn.CurrentLocalUserOwner, services, OptionsView.IsProtocolChecked ? activeConn.Protocol : -1, OptionsView.IsTargetIPChecked ? activeConn.Target : null
, OptionsView.IsTargetPortChecked ? activeConn.TargetPort : null, OptionsView.IsLocalPortChecked ? activeConn.LocalPort : null, Profiles
, CustomRule.CustomRuleAction.A);
bool success = FirewallHelper.AddRule(newRule.GetPreparedRule(isTemp)); // does not use RuleManager
if (success && isTemp)
{
CreateTempRuleNotifyIcon(newRule);
}
return(success);
}
// Public methods
public FeatureSelection Execute(CustomRule targetCustomRule)
{
// Get the expression
string expr = targetCustomRule.Expression; // OBS: an example for syntax: ">root.TotalScore=SumOf(>root.>descendants.ScoreValue)";
if (expr == null || expr == "")
{
return(null);
}
// Parse the expression
AntlrInputStream inputToParse = new AntlrInputStream(expr);
GrammarLexer lexer = new GrammarLexer(inputToParse);
CommonTokenStream tokens = new CommonTokenStream(lexer);
GrammarParser grammarParser = new GrammarParser(tokens);
IParseTree tree = grammarParser.prog();
Visitor visitor = new Visitor(configInstance);
// Execute it and return the parent FeatureSelection of the modified AttributeValue (left side of the expression)
var result = visitor.Visit(tree);
return(result as FeatureSelection);
}
public IApiResponse <CustomRule> CreateCustomRule(CustomRule customRule) => CreateData <CustomRule>(customRule);
private static CustomRule AddArgs(this CustomRule rule, IEnumerable <RuleArgument> args)
{
rule.Parameters = args.Select(a => $"{a.Parameter} : {a.Value}").ToList();
return(rule);
}
/// <summary>
/// Adds a custom rule.
/// </summary>
/// <param name="className">Name of the class.</param>
/// <param name="violationMessage">The violation message.</param>
/// <param name="rule">The rule.</param>
public void AddCustomRule(string className, string violationMessage, string rule)
{
rules[className] = new CustomRule(className, rule, violationMessage);
}
public void WAFCRUDTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType()))
{
// Create clients
var frontDoorMgmtClient = FrontDoorTestUtilities.GetFrontDoorManagementClient(context, handler1);
var resourcesClient = FrontDoorTestUtilities.GetResourceManagementClient(context, handler2);
// Create resource group
var resourceGroupName = FrontDoorTestUtilities.CreateResourceGroup(resourcesClient);
// Create a frontDoor WAF policy
string policyName = TestUtilities.GenerateName("policy");
WebApplicationFirewallPolicy createParameters = new WebApplicationFirewallPolicy
{
Location = "global",
Tags = new Dictionary <string, string>
{
{ "key1", "value1" },
{ "key2", "value2" }
},
PolicySettings = new PolicySettings
{
EnabledState = "Enabled",
Mode = "Prevention",
CustomBlockResponseBody = "PGh0bWw+SGVsbG88L2h0bWw+",
CustomBlockResponseStatusCode = 403,
RedirectUrl = "http://www.bing.com"
},
CustomRules = new CustomRuleList(
new List <CustomRule>
{
new CustomRule
{
Name = "rule1",
EnabledState = "Enabled",
Priority = 1,
RuleType = "RateLimitRule",
RateLimitThreshold = 1000,
MatchConditions = new List <MatchCondition>
{
new MatchCondition
{
MatchVariable = "RemoteAddr",
OperatorProperty = "IPMatch",
MatchValue = new List <string>
{
"192.168.1.0/24",
"10.0.0.0/24"
}
}
},
Action = "Block"
}
}
),
ManagedRules = new ManagedRuleSetList(
new List <ManagedRuleSet> {
new ManagedRuleSet
{
RuleSetType = "DefaultRuleSet",
RuleSetVersion = "1.0",
Exclusions = new List <ManagedRuleExclusion>
{
new ManagedRuleExclusion
{
MatchVariable = ManagedRuleExclusionMatchVariable.RequestBodyPostArgNames,
SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Contains,
Selector = "query"
}
},
RuleGroupOverrides = new List <ManagedRuleGroupOverride>
{
new ManagedRuleGroupOverride
{
RuleGroupName = "SQLI",
Exclusions = new List <ManagedRuleExclusion>
{
new ManagedRuleExclusion
{
MatchVariable = ManagedRuleExclusionMatchVariable.RequestHeaderNames,
SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Equals,
Selector = "User-Agent"
}
},
Rules = new List <ManagedRuleOverride>
{
new ManagedRuleOverride
{
RuleId = "942100",
Action = "Redirect",
EnabledState = "Disabled",
Exclusions = new List <ManagedRuleExclusion>
{
new ManagedRuleExclusion
{
MatchVariable = ManagedRuleExclusionMatchVariable.QueryStringArgNames,
SelectorMatchOperator = ManagedRuleExclusionSelectorMatchOperator.Equals,
Selector = "search"
}
}
}
}
}
}
}
})
};
var policy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, createParameters);
// validate the created policy
VerifyPolicy(policy, createParameters);
// Retrieve policy
var retrievedPolicy = frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName);
// validate that correct policy is retrieved
VerifyPolicy(retrievedPolicy, createParameters);
// update Policy
CustomRule geoFilter = new CustomRule
{
Name = "rule2",
Priority = 2,
RuleType = "MatchRule",
MatchConditions = new List <MatchCondition>
{
new MatchCondition
{
MatchVariable = "RemoteAddr",
OperatorProperty = "GeoMatch",
MatchValue = new List <string>
{
"US"
}
}
},
Action = "Allow"
};
retrievedPolicy.CustomRules.Rules.Add(geoFilter);
var updatedPolicy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, retrievedPolicy);
// validate that Policy is correctly updated
VerifyPolicy(updatedPolicy, retrievedPolicy);
// Delete Policy
frontDoorMgmtClient.Policies.Delete(resourceGroupName, policyName);
// Verify that Policy is deleted
Assert.ThrowsAny <ErrorResponseException>(() =>
{
frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName);
});
FrontDoorTestUtilities.DeleteResourceGroup(resourcesClient, resourceGroupName);
}
}
/// <summary>
/// Adds a custom rule.
/// </summary>
/// <param name="name">The name of the rule.</param>
/// <param name="violationMessage">The violation message.</param>
/// <param name="rule">
/// The rule: must be an anonymous method declaration or the validation
/// function reference (the function's name without parenthesis).
/// </param>
/// <example>
/// This example adds a custom rule by passing an anonymous method:
/// <code>
/// AddCustomRule(
/// "maxWords",
/// "Please enter {0} words or less.",
/// "function(value, element, params) { return this.optional(element) || value.match(/\b\w+\b/g).length < params; }" );
/// </code>
/// This example adds a custom rule by passing a method reference, assuming that a
/// referenced javascript file contains the <c>validateMaxWords</c> function.
/// <code>
/// AddCustomRule(
/// "maxWords",
/// "Please enter {0} words or less.",
/// "validateMaxWords" );
/// </code>
/// </example>
public void AddCustomRule(string name, string violationMessage, string rule)
{
_customRules[name] = new CustomRule(name, rule, violationMessage);
}
public void WAFCRUDTest()
{
var handler1 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
var handler2 = new RecordedDelegatingHandler {
StatusCodeToReturn = HttpStatusCode.OK
};
using (MockContext context = MockContext.Start(this.GetType().FullName))
{
// Create clients
var frontDoorMgmtClient = FrontDoorTestUtilities.GetFrontDoorManagementClient(context, handler1);
var resourcesClient = FrontDoorTestUtilities.GetResourceManagementClient(context, handler2);
// Create resource group
var resourceGroupName = FrontDoorTestUtilities.CreateResourceGroup(resourcesClient);
// Create a frontDoor
string policyName = TestUtilities.GenerateName("policy");
WebApplicationFirewallPolicy1 createParameters = new WebApplicationFirewallPolicy1
{
Location = "global",
Tags = new Dictionary <string, string>
{
{ "key1", "value1" },
{ "key2", "value2" }
},
PolicySettings = new PolicySettings
{
EnabledState = "Enabled",
Mode = "Prevention"
},
CustomRules = new CustomRules(
new List <CustomRule>
{
new CustomRule
{
Name = "rule1",
Priority = 1,
RuleType = "RateLimitRule",
RateLimitThreshold = 1000,
MatchConditions = new List <MatchCondition1>
{
new MatchCondition1
{
MatchVariable = "RemoteAddr",
OperatorProperty = "IPMatch",
MatchValue = new List <string>
{
"192.168.1.0/24",
"10.0.0.0/24"
}
}
},
Action = "Block"
}
}
),
ManagedRules = new ManagedRuleSets(
new List <ManagedRuleSet> {
new AzureManagedRuleSet
{
Priority = 1,
RuleGroupOverrides = new List <AzureManagedOverrideRuleGroup>
{
new AzureManagedOverrideRuleGroup
{
RuleGroupOverride = "SqlInjection",
Action = "Block"
},
}
}
})
};
var policy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, createParameters);
// validate the created policy
VerifyPolicy(policy, createParameters);
// Retrieve policy
var retrievedPolicy = frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName);
// validate that correct policy is retrieved
VerifyPolicy(retrievedPolicy, createParameters);
// update Policy
CustomRule geoFilter = new CustomRule
{
Name = "rule2",
Priority = 2,
RuleType = "MatchRule",
MatchConditions = new List <MatchCondition1>
{
new MatchCondition1
{
MatchVariable = "RemoteAddr",
OperatorProperty = "GeoMatch",
MatchValue = new List <string>
{
"US"
}
}
},
Action = "Allow"
};
retrievedPolicy.CustomRules.Rules.Add(geoFilter);
var updatedPolicy = frontDoorMgmtClient.Policies.CreateOrUpdate(resourceGroupName, policyName, retrievedPolicy);
// validate that Policy is correctly updated
VerifyPolicy(updatedPolicy, retrievedPolicy);
// Delete Policy
frontDoorMgmtClient.Policies.Delete(resourceGroupName, policyName);
// Verify that Policy is deleted
Assert.ThrowsAny <ErrorResponseException>(() =>
{
frontDoorMgmtClient.Policies.Get(resourceGroupName, policyName);
});
FrontDoorTestUtilities.DeleteResourceGroup(resourcesClient, resourceGroupName);
}
}
/// <summary>
/// Adds a custom rule.
/// </summary>
/// <param name="className">Name of the class.</param>
/// <param name="violationMessage">The violation message.</param>
/// <param name="rule">The rule.</param>
public void AddCustomRule(string className, string violationMessage, string rule)
{
rules[className] = new CustomRule(className, rule, violationMessage);
}
public RuleBinding(string path, CustomRule rule)
: this(path)
{
Rule = rule;
}
public void DataAnnotationTest()
{
var idRule = new CustomRule(obj => Convert.ToInt32(obj) >= 0, "ID不能小于0");
var requiredRule = FltConfigValidationRules.NotNullOrEmpty;
var cityRule = FltConfigValidationRules.City;
var ageRule = new RangeRule(1, 99, "年龄范围1-99");
var dateRule = new RangeRule(new DateTime(1995, 1, 1), new DateTime(2000, 12, 31), "日期范围错误");
var validator = new FltConfigValidator <DataAnnotationEntity>();
DataAnnotationEntity entity = null;
#region null
var result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
#endregion
#region ok
entity = DataAnnotationEntity.Create();
result = validator.Validate(entity);
Assert.IsTrue(result.IsValid);
Assert.IsTrue(String.IsNullOrWhiteSpace(result.ErrorMessage));
#endregion
#region ID
entity = DataAnnotationEntity.Create();
entity.ID = -1;
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("ID", result.MemberName);
Assert.AreEqual(idRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.ID = 0;
result = validator.Validate(entity);
Assert.IsTrue(result.IsValid);
Assert.IsTrue(String.IsNullOrWhiteSpace(result.ErrorMessage));
#endregion
#region City
entity = DataAnnotationEntity.Create();
entity.City = null;
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("City", result.MemberName);
Assert.AreEqual(requiredRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.City = String.Empty;
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("City", result.MemberName);
Assert.AreEqual(requiredRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.City = " ";
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("City", result.MemberName);
Assert.AreEqual(requiredRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.City = "ABC1";
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("City", result.MemberName);
Assert.AreEqual(cityRule.ErrorMessage, result.ErrorMessage);
#endregion
#region Age
entity = DataAnnotationEntity.Create();
entity.Age = Convert.ToInt32(ageRule.Minimum) - 1;
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("Age", result.MemberName);
Assert.AreEqual(ageRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.Age = Convert.ToInt32(ageRule.Minimum);
result = validator.Validate(entity);
Assert.IsTrue(result.IsValid);
Assert.IsTrue(String.IsNullOrWhiteSpace(result.ErrorMessage));
entity = DataAnnotationEntity.Create();
entity.Age = Convert.ToInt32(ageRule.Maximum);
result = validator.Validate(entity);
Assert.IsTrue(result.IsValid);
Assert.IsTrue(String.IsNullOrWhiteSpace(result.ErrorMessage));
entity = DataAnnotationEntity.Create();
entity.Age = Convert.ToInt32(ageRule.Maximum) + 1;
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("Age", result.MemberName);
Assert.AreEqual(ageRule.ErrorMessage, result.ErrorMessage);
#endregion
#region Date
entity = DataAnnotationEntity.Create();
entity.Date = null;
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("Date", result.MemberName);
Assert.AreEqual(requiredRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.Date = Convert.ToDateTime(dateRule.Minimum).AddMinutes(-1);
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("Date", result.MemberName);
Assert.AreEqual(dateRule.ErrorMessage, result.ErrorMessage);
entity = DataAnnotationEntity.Create();
entity.Date = Convert.ToDateTime(dateRule.Minimum);
result = validator.Validate(entity);
Assert.IsTrue(result.IsValid);
Assert.IsTrue(String.IsNullOrWhiteSpace(result.ErrorMessage));
entity = DataAnnotationEntity.Create();
entity.Date = Convert.ToDateTime(dateRule.Maximum);
result = validator.Validate(entity);
Assert.IsTrue(result.IsValid);
Assert.IsTrue(String.IsNullOrWhiteSpace(result.ErrorMessage));
entity = DataAnnotationEntity.Create();
entity.Date = Convert.ToDateTime(dateRule.Maximum).AddMinutes(1);
result = validator.Validate(entity);
Assert.IsFalse(result.IsValid);
Assert.AreEqual("Date", result.MemberName);
Assert.AreEqual(dateRule.ErrorMessage, result.ErrorMessage);
#endregion
}
/// <summary>
/// Adds a custom rule.
/// </summary>
/// <param name="name">The name of the rule.</param>
/// <param name="violationMessage">The violation message.</param>
/// <param name="rule">
/// The rule: must be an anonymous method declaration or the validation
/// function reference (the function's name without parenthesis).
/// </param>
/// <example>
/// This example adds a custom rule by passing an anonymous method:
/// <code>
/// AddCustomRule(
/// "maxWords",
/// "Please enter {0} words or less.",
/// "function(value, element, params) { return this.optional(element) || value.match(/\b\w+\b/g).length < params; }" );
/// </code>
/// This example adds a custom rule by passing a method reference, assuming that a
/// referenced javascript file contains the <c>validateMaxWords</c> function.
/// <code>
/// AddCustomRule(
/// "maxWords",
/// "Please enter {0} words or less.",
/// "validateMaxWords" );
/// </code>
/// </example>
public void AddCustomRule(string name, string violationMessage, string rule)
{
_customRules[name] = new CustomRule(name, rule, violationMessage);
}
public Task <IApiResponse <CustomRule> > CreateCustomRuleAsync(CustomRule customRule) => CreateDataAsync <CustomRule>(customRule);
