/// <summary> /// Load instrusion detector instance /// </summary> /// <param name="detectorConfig"></param> /// <returns></returns> internal static IIntrusionDetector LoadIntrusionDetector(IntrusionDetectorElement detectorConfig) { Debug.Assert(detectorConfig != null); IIntrusionDetector detector = null; if (!string.IsNullOrEmpty(detectorConfig.Type)) { detector = ObjectBuilder.Build <IIntrusionDetector>(detectorConfig.Type); } else { // Create default detector = new IntrusionDetector(); } // Load event thresholds foreach (ThresholdElement e in detectorConfig.EventThresholds) { string[] actions = e.Actions.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); Threshold threshold = new Threshold(e.Name, e.Count, e.Interval, actions); detector.AddThreshold(threshold); } return(detector); }
public void Test_Execute() { IIntrusionDetector detector = Esapi.IntrusionDetector; string url = Guid.NewGuid().ToString(); RedirectAction action = new RedirectAction(url); // Set context MockHttpContext.InitializeCurrentContext(); SurrogateWebPage page = new SurrogateWebPage(); HttpContext.Current.Handler = page; // Block try { Assert.AreNotEqual(HttpContext.Current.Request.RawUrl, action.Url); action.Execute(ActionArgs.Empty); Assert.Fail("Request not terminated"); } catch (Exception exp) { // FIXME : so far there is no other way to test the redirect except to check // the stack of the exception. Ideally we should be able to mock the request // redirect itself Assert.IsTrue(exp.StackTrace.Contains("at System.Web.HttpResponse.Redirect(String url, Boolean endResponse)")); } }
/// <summary> /// The intrusion detector accessor. /// </summary> /// <returns> The intrusion detector implementation. /// </returns> public static IIntrusionDetector IntrusionDetector() { if (Esapi.intrusionDetector == null) { Esapi.intrusionDetector = new IntrusionDetector(); } return(Esapi.intrusionDetector); }
public static IIntrusionDetector IntrusionDetector() { if (Owasp.Esapi.Esapi.intrusionDetector == null) { Owasp.Esapi.Esapi.intrusionDetector = (IIntrusionDetector) new IntrusionDetector(); } return(Owasp.Esapi.Esapi.intrusionDetector); }
public void Test_LoadCustom() { // Set new EsapiConfig.Instance.IntrusionDetector.Type = typeof(SurrogateIntrusionDetector).AssemblyQualifiedName; IIntrusionDetector detector = Esapi.IntrusionDetector; Assert.IsTrue(detector.GetType().Equals(typeof(SurrogateIntrusionDetector))); }
/// <summary> /// The intrusion detector accessor. /// </summary> /// <returns> The intrusion detector implementation. /// </returns> public static IIntrusionDetector IntrusionDetector() { if (Esapi.intrusionDetector == null) Esapi.intrusionDetector = new IntrusionDetector(); return Esapi.intrusionDetector; }