public void CheckXSTVulns(RESTApi restDesc, VulnerabilitiesVulnerability vuln,
WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug,
ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader)
{
CheckWebServerVulns(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug,
ref respHeader, HttpHelper, customRequestHeader, "Cross Site Tracing", "TRACE");
}
private void AddProblemButton_Click(object sender, RoutedEventArgs e)
{
Problem problem = new Problem();
problem.Subject = SubjectTB.Text;
problem.TeacherId = LoginPage.LogUser.Id;
problem.InputArgs = InputArgsTB.Text;
problem.Description = DescriptionTB.Text;
List <Problem> problems = new List <Problem>();
List <User> users = new List <User>();
problems.Add(problem);
string path = "/problems";
problems = JsonConvert.DeserializeObject <List <Problem> >(RESTApi.Post <Problem>(path, problems));
path = "/users?GroupId=" + ((ComboBoxItem)GroupsCB.SelectedItem).Tag;
users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path));
List <State> states = new List <State>();
foreach (User item in users)
{
State state = new State();
state.ProblemId = problems[0].Id;
state.UserId = item.Id;
state.Status = "Undone";
states.Add(state);
}
path = "/states";
RESTApi.Post <State>(path, states);
RefreshPage();
}
public void CheckHTTPOptionsVulns(RESTApi restDesc, VulnerabilitiesVulnerability vuln,
WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug,
ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader)
{
CheckWebServerVulns(restDesc, vuln, WSItemVulnerabilities, reportObject, isDebug,
ref respHeader, HttpHelper, customRequestHeader, "HTTP OPTIONS", "OPTIONS");
}
public HttpWebResponseWrapper GetHttpWebResponse(RESTApi restDesc, string url, string postData, bool useAuthIfExists,
ref List <Param> respHeader, string customRequestHeader)
{
HttpWebResponseWrapper resp = null;
HttpWebRequest wr = GetHttpWebReq(restDesc, url, postData, useAuthIfExists, customRequestHeader);
HttpWebResponse wres = null;
try
{
wres = (HttpWebResponse)wr.GetResponse();
}
catch (Exception wex)
{
throw wex;
}
if (wres != null)
{
SetHeader(wres, ref respHeader);
StreamReader streamReader = new StreamReader(wres.GetResponseStream());
resp = new HttpWebResponseWrapper();
resp.WebResponse = wres;
resp.ResponseBody = streamReader.ReadToEnd();
}
return(resp);
}
public MainPage()
{
InitializeComponent();
FileToSend = new StudentFile();
RESTApi.ServerUrl = "http://localhost:8082";
List <State> states;
List <StudentFile> problemStates = new List <StudentFile>();
string path = "/states?UserId=" + LoginPage.LogUser.Id;
states = JsonConvert.DeserializeObject <List <State> >(RESTApi.Get(path));
foreach (State state in states)
{
StudentFile ps = new StudentFile();
path = "/problems?Id=" + state.ProblemId;
ps.problem = JsonConvert.DeserializeObject <List <Problem> >(RESTApi.Get(path))[0];
ps.state = state;
ps.user = LoginPage.LogUser;
problemStates.Add(ps);
}
ProblesListView.ItemsSource = problemStates;
}
private string ParseURLParameters(ref RESTApi restDesc, string url)
{
string result = url;
if (!string.IsNullOrEmpty(url))
{
MatchCollection coll = Regex.Matches(result, @"\$([^$]*)\$");
if (coll != null && coll.Count > 0)
{
restDesc.UrlParameters = new List <WSParameter>();
int tmp = 0;
int i = 0;
foreach (Match m in coll)
{
WSParameter prm = new WSParameter();
prm.Index = i;
prm.Name = "Url";
prm.TypeName = GetTypeName(m.Value.Trim().Replace("$", "").ToLower());
string newVal = "{" + i.ToString() + "}";
result = result.Substring(0, m.Index - tmp) + newVal + result.Substring(m.Index + m.Length - tmp);
i++;
tmp += m.Value.Length - newVal.Length;
restDesc.UrlParameters.Add(prm);
}
}
}
return(result);
}
public async Task <IActionResult> CreateConAccessPolicy(int Id)
{
var deployTypes = _context.DeployTypes.Include(d => d.Tennants).Where(d => d.DeployTypeID == Id).FirstOrDefault();
var policyPath = _context.TennantParams.Where(t => t.ParamName == "PolicyPath").FirstOrDefault();
string path = policyPath.ParamValue;
var tokenResults = RESTApi.GraphToken(deployTypes.Tennants.AzureTennantID, deployTypes.Tennants.AzureClientID, deployTypes.Tennants.AzureClientSecret);
RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(tokenResults.Result);
string accesstoken = AccessToken.access_token;
string uri = "https://graph.microsoft.com/beta/conditionalAccess/Policies";
var restAPI = new RESTApi(_storageConfig, hostingEnv);
var result = await restAPI.GraphPostAction(accesstoken, uri, path);
string filename = path;
filename = hostingEnv.WebRootPath + $@"\csv\{filename}";
if (!System.IO.File.Exists(filename))
{
System.IO.File.WriteAllText(filename, result);
}
deployTypes.DeploySaved = "N/A";
deployTypes.DeployResult = result;
deployTypes.DeployState = "N/A";
deployTypes.DeployState = "Deployed";
_context.Update(deployTypes);
await _context.SaveChangesAsync();
return(RedirectToAction("Index", "DeployTypes", new { Id = deployTypes.TennantID }));
}
//#########################################
//## GetDeploy ##
//#########################################
public async Task GetDeploy(int Id)
{
var deployTypes = _context.DeployTypes.Include(d => d.Tennant).Where(d => d.DeployTypeId == Id).FirstOrDefault();
string tennantID = deployTypes.Tennant.AzureTennantId;
string clientID = deployTypes.Tennant.AzureClientId;
string secret = deployTypes.Tennant.AzureClientSecret;
string subscriptionID = deployTypes.Tennant.AzureSubscriptionId;
string resourcegroupname = deployTypes.ResourceGroupName;
if (string.IsNullOrEmpty(resourcegroupname) == true)
{
resourcegroupname = deployTypes.Tennant.ResourceGroupName;
}
string resourcegroup = deployTypes.Tennant.ResourceGroupName;
string azuredeploy = deployTypes.AzureDeployName;
var results = RESTApi.PostAction(tennantID, clientID, secret);
RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(results.Result);
string accesstoken = AccessToken.access_token;
var getcontent = RESTApi.GetAsync(subscriptionID, resourcegroupname, accesstoken, azuredeploy);
if (await getcontent == null)
{
deployTypes.DeployResult = "";
}
else
{
deployTypes.DeployResult = await getcontent;
}
_context.Update(deployTypes);
await _context.SaveChangesAsync();
}
public async Task <IActionResult> Edit(TennantDeployParams tennantDeployParams)
{
var encrypt = new RESTApi(_storageConfig, hostingEnv);
string[] Keys = await encrypt.EncryptionKeys();
var encryption = new Encryption(Keys[1], Keys[0], 1, Keys[2], 256);
if (ModelState.IsValid)
{
for (var i = 0; i < tennantDeployParams.ParamName.Count(); i++)
{
var tennantparam = new TennantParam();
tennantparam.TennantParamID = tennantDeployParams.TennantParamID[i];
tennantparam.ParamName = tennantDeployParams.ParamName[i];
if (tennantDeployParams.ParamType[i] == "password")
{
var encrypted = encryption.EncryptString(tennantDeployParams.ParamValue[i]);
tennantparam.ParamValue = encrypted;
}
else
{
tennantparam.ParamValue = tennantDeployParams.ParamValue[i];
}
tennantparam.ParamToolTip = tennantDeployParams.ParamToolTip[i];
tennantparam.DeployTypeID = tennantDeployParams.DeployTypeID;
tennantparam.ParamType = tennantDeployParams.ParamType[i];
tennantparam.DeployParamID = tennantDeployParams.DeployParamID[i];
var deployTypes = _context.DeployTypes.Where(d => d.DeployTypeID == tennantDeployParams.DeployTypeID).FirstOrDefault();
deployTypes.DeploySaved = "No";
deployTypes.DeployState = "";
deployTypes.DeployResult = "";
_context.Update(deployTypes);
await _context.SaveChangesAsync();
try
{
_context.Update(tennantparam);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!TennantParamExists(tennantparam.TennantParamID))
{
return(NotFound());
}
else
{
throw;
}
}
}
return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID }));
}
return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID }));
}
private void CheckVulnsExceptAuth(RESTApi restDesc, VulnerabilitiesVulnerability vuln,
WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject,
bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader)
{
CheckVulnsForURLParams(restDesc, vuln, WSItemVulnerabilities,
reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader);
CheckVulnsForPostParams(restDesc, vuln, WSItemVulnerabilities,
reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader);
}
private void CheckUnAuthenticatedMethod(RESTApi restDesc, VulnerabilitiesVulnerability vuln,
WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug,
ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader)
{
HttpWebResponseWrapper response = null;
try
{
reportObject.TotalRequestCount++;
response = HttpHelper.GetHttpWebResponseWithDefaultParams(restDesc, false, ref respHeader, customRequestHeader);
}
catch (WebException wEx)
{
//if (wEx.Response.s)
bool authErrorReceived = false;
try
{
HttpWebResponse wr = (HttpWebResponse)wEx.Response;
if (vuln.statusCode.Equals(((int)wr.StatusCode).ToString()))
{
authErrorReceived = true;
}
}
catch { }
if (!authErrorReceived)
{
SetWebException(restDesc.NormalizedURL, wEx, WSItemVulnerabilities, "Web Exception During Authentication Check", isDebug);
}
}
catch (Exception ex)
{
throw ex;
}
if (response != null && response.WebResponse != null)
{
if (!vuln.statusCode.Equals(((int)response.WebResponse.StatusCode).ToString())) // status code != 401, no redirection
{
VulnerabilityForReport authVuln = new VulnerabilityForReport();
authVuln.Vuln = MainForm.vulnerabilities.Vulnerability.Where(v => v.id == 1).FirstOrDefault();
authVuln.VulnerableMethodName = restDesc.Url.AbsoluteUri;
authVuln.VulnerableParamName = "";
authVuln.Payload = "";
authVuln.Response = response.ResponseBody;
authVuln.StatusCode = response.WebResponse.StatusCode.ToString();
WSItemVulnerabilities.Vulns.Add(authVuln);
mainForm.Log(" Auth Vulnerability Found: " + response.ResponseBody + " - status code is : " + response.WebResponse.StatusCode.ToString(), FontStyle.Bold, true, false);
}
}
}
public static void RefreshPage()
{
List <Group> groups;
List <Problem> problems;
RESTApi.ServerUrl = "http://localhost:8082";
string path = "/groups";
groups = JsonConvert.DeserializeObject <List <Group> >(RESTApi.Get(path));
cb.Items.Clear();
foreach (Group item in groups)
{
ComboBoxItem combo = new ComboBoxItem();
combo.Content = item.Name;
combo.Tag = item.Id;
cb.Items.Add(combo);
}
// lv.Items.Clear();
path = "/problems?TeacherId=" + LoginPage.LogUser.Id;
problems = JsonConvert.DeserializeObject <List <Problem> >(RESTApi.Get(path));
lv.ItemsSource = problems;
List <Arguments> args = new List <Arguments>();
Arguments arg = new Arguments();
arg.className = "MyNamespace.MyClass";
arg.methodName = "MyMethod";
Argument argument = new Argument();
argument.type = typeof(int).FullName;
argument.value = (int)6;
arg.args.Add(argument);
argument = new Argument();
argument.type = typeof(string).FullName;
argument.value = (string)"hello";
arg.args.Add(argument);
argument = new Argument();
argument.type = typeof(string).FullName;
argument.value = (string)"hi";
arg.result = argument;
args.Add(arg);
InTB.Text = JsonConvert.SerializeObject(args);
}
private void CheckVulnsForURLParams(RESTApi restDesc,
VulnerabilitiesVulnerability vuln, WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject,
bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader)
{
//CheckVulnsForParams(restDesc.NormalizedURL, restDesc.UrlParameters, vuln, WSItemVulnerabilities,
// reportObject, isDebug, ref respHeader);
if (restDesc.UrlParameters != null && restDesc.UrlParameters.Count > 0)
{
string postDataWithDefault = HttpHelper.GetDefaultValuesForParam(restDesc.NormalizedPostData, restDesc.PostParameters, true);
for (int i = 0; i < restDesc.UrlParameters.Count; i++)
{
if (i == restDesc.UrlParameters[i].Index)
{
foreach (string payload in vuln.request)
{
bool vulnFoundForParam = false;
string newUrl = restDesc.NormalizedURL.Replace("{" + i + "}", payload.Trim());
newUrl = SetParameterDefaultValue(newUrl, restDesc.UrlParameters, restDesc.UrlParameters[i].Index, isDebug, false);
HttpWebResponseWrapper response = null;
try
{
reportObject.TotalRequestCount++;
response = HttpHelper.GetHttpWebResponse(restDesc, newUrl, postDataWithDefault, true, ref respHeader, customRequestHeader);
}
catch (WebException wEx)
{
SetWebException(newUrl, wEx, WSItemVulnerabilities, payload, isDebug);
}
catch (Exception ex)
{
throw ex;
}
if (response != null && response.WebResponse != null)
{
SearcForVuln(response, WSItemVulnerabilities, vuln, payload,
ref vulnFoundForParam, newUrl, isDebug, restDesc.UrlParameters[i].Index);
}
if (vulnFoundForParam)
{
break;
}
}
}
}
}
}
// GET: TennantParams/Edit/5
public async Task <IActionResult> Edit(int Id)
{
var encrypt = new RESTApi(_storageConfig, hostingEnv);
string[] Keys = await encrypt.EncryptionKeys();
var encryption = new Encryption(Keys[1], Keys[0], 1, Keys[2], 256);
var deploy = _context.DeployTypes.Include(d => d.Tennants).Where(d => d.DeployTypeID == Id).FirstOrDefault();
var viewModel = new TennantDeployParams();
viewModel.DeployTypeID = Id;
viewModel.DeployName = deploy.DeployName;
viewModel.DeploySaved = deploy.DeploySaved;
var TenantParams = await _service.GetTenantParams(Id);
var parameters = TenantParams.TennantParams.ToList();
viewModel.DeployName = TenantParams.DeployName;
viewModel.DeployParams = new List <DeployParam>();
viewModel.TennantName = deploy.Tennants.TennantName;
viewModel.TennantID = deploy.Tennants.TennantID;
viewModel.DeployParamID = new List <int>();
viewModel.ParamName = new List <string>();
viewModel.ParamValue = new List <string>();
viewModel.ParamType = new List <string>();
viewModel.ParamToolTip = new List <string>();
viewModel.TennantParamID = new List <int>();
viewModel.DeployParamID = new List <int>();
foreach (var param in parameters)
{
viewModel.TennantParamID.Add(param.TennantParamID);
viewModel.DeployParamID.Add(param.DeployParamID);
viewModel.ParamName.Add(param.ParamName);
if (param.ParamType == "password")
{
var decrypted = encryption.DecryptString(param.ParamValue);
viewModel.ParamValue.Add(param.ParamValue = decrypted);
}
else
{
viewModel.ParamValue.Add(param.ParamValue);
}
viewModel.ParamType.Add(param.ParamType);
viewModel.ParamToolTip.Add(param.ParamToolTip);
}
return(View(viewModel));
}
public async Task Execute(IJobExecutionContext context)
{
RESTApi.ServerUrl = "http://*****:*****@gmail.com");
//msg.To.Add(users[0].Email);
msg.To.Add("*****@*****.**");
msg.Subject = "Stats - " + DateTime.Now.ToString();
foreach (StudentFile sf in item.Value)
{
msg.Body += sf.user.FullName + ", " + sf.problem.Subject + " " + sf.state.Status + "\n";
}
SmtpClient client = new SmtpClient();
client.UseDefaultCredentials = true;
client.Host = "smtp.gmail.com";
client.Port = 587;
client.EnableSsl = true;
client.DeliveryMethod = SmtpDeliveryMethod.Network;
client.Credentials = new NetworkCredential("*****@*****.**", "Qwerty`123");
client.Timeout = 20000;
try
{
client.Send(msg);
Console.WriteLine("Mail with stats has been successfully sent!");
}
catch (Exception ex)
{
Console.WriteLine("Fail Has error" + ex.Message);
}
finally
{
msg.Dispose();
}
item.Value.Clear();
}
}
}
public void ScanVulnerabilities(VulnerabilitiesVulnerability vuln, RESTApi restDesc,
WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject,
bool isDebug, ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader)
{
if (vuln.id == 1) // check authentication
{
CheckUnAuthenticatedMethod(restDesc, vuln, WSItemVulnerabilities,
reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader);
}
else
{
CheckVulnsExceptAuth(restDesc, vuln, WSItemVulnerabilities,
reportObject, isDebug, ref respHeader, HttpHelper, customRequestHeader);
}
}
public LoginPage()
{
InitializeComponent();
string path = "/users?IsTeacher=true";
RESTApi.ServerUrl = "http://localhost:8082";
users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path));
foreach (User item in users)
{
ComboBoxItem combo = new ComboBoxItem();
combo.Content = item.FullName;
combo.FontSize = 25;
combo.Tag = item.Id;
TeacherComboBox.Items.Add(combo);
}
}
public LoginPage()
{
InitializeComponent();
RESTApi.ServerUrl = "http://localhost:8082";
string path = "/groups";
List <Group> groups;
groups = JsonConvert.DeserializeObject <List <Group> >(RESTApi.Get(path));
foreach (Group item in groups)
{
ComboBoxItem combo = new ComboBoxItem();
combo.Content = item.Name;
combo.Tag = item.Id;
GroupComboBox.Items.Add(combo);
}
}
private void GroupComboBox_SelectionChanged(object sender, SelectionChangedEventArgs e)
{
StudentComboBox.Items.Clear();
if (GroupComboBox.SelectedIndex != -1)
{
string path = "/users?GroupId=" + ((ComboBoxItem)GroupComboBox.SelectedItem).Tag;
List <User> users;
users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path));
foreach (User item in users)
{
ComboBoxItem combo = new ComboBoxItem();
combo.Content = item.FullName;
combo.Tag = item.Id;
StudentComboBox.Items.Add(combo);
}
}
}
private void LoginButton_Click(object sender, RoutedEventArgs e)
{
if (StudentComboBox.SelectedIndex != -1)
{
string path = "/users?Id=" + ((ComboBoxItem)StudentComboBox.SelectedItem).Tag;
List <User> users;
users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path));
if (users[0].Password == PasswordPB.Password)
{
LogUser = users[0];
MainWindow.mf.Source = new Uri("View/MainPage.xaml", UriKind.RelativeOrAbsolute);
}
else
{
MessageBox.Show("Wrong password");
}
}
}
public async Task <IActionResult> Create(TennantDeployParams tennantDeployParams)
{
var encrypt = new RESTApi(_storageConfig, hostingEnv);
string [] Keys = await encrypt.EncryptionKeys();
var encryption = new Encryption(Keys[1], Keys[0], 1, Keys[2], 256);
if (ModelState.IsValid)
{
for (var i = 0; i < tennantDeployParams.DeployParamID.Count(); i++)
{
var tennantparam = new TennantParam();
if (tennantDeployParams.ParamType[i] == "password")
{
var encrypted = encryption.EncryptString(tennantDeployParams.ParamValue[i]);
tennantparam.ParamValue = encrypted;
}
else
{
tennantparam.ParamValue = tennantDeployParams.ParamValue[i];
}
tennantparam.DeployParamID = tennantDeployParams.DeployParamID[i];
tennantparam.ParamName = tennantDeployParams.ParamName[i];
tennantparam.ParamType = tennantDeployParams.ParamType[i];
tennantparam.DeployTypeID = tennantDeployParams.DeployTypeID;
tennantparam.ParamToolTip = tennantDeployParams.ParamToolTip[i];
if (TryValidateModel(tennantparam))
{
_context.Add(tennantparam);
await _context.SaveChangesAsync();
}
await _context.SaveChangesAsync();
}
return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID }));
}
return(RedirectToAction("Index", "DeployTypes", new { id = tennantDeployParams.TennantID }));
}
public async Task <IActionResult> GetConAccessPolicy(int Id)
{
var deployTypes = _context.DeployTypes.Include(d => d.Tennants).Where(d => d.DeployTypeID == Id).FirstOrDefault();
var tokenResults = RESTApi.GraphToken(deployTypes.Tennants.AzureTennantID, deployTypes.Tennants.AzureClientID, deployTypes.Tennants.AzureClientSecret);
RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(tokenResults.Result);
string accesstoken = AccessToken.access_token;
string uri = "https://graph.microsoft.com/beta/conditionalAccess/Policies";
var result = await RESTApi.GraphGetAction(accesstoken, uri);
JObject o = JObject.Parse(result);
deployTypes.DeploySaved = "N/A";
deployTypes.DeployResult = result;
deployTypes.DeployState = "N/A";
deployTypes.DeployState = "Deployed";
_context.Update(deployTypes);
await _context.SaveChangesAsync();
return(RedirectToAction("Index", "DeployTypes", new { Id = deployTypes.TennantID }));
}
private HttpWebRequest GetHttpWebReq(RESTApi restDesc, string url, string postData, bool useAuthIfExists, string customRequestHeader)
{
HttpWebRequest wr = (HttpWebRequest)HttpWebRequest.Create(url);
wr.ContentType = restDesc.ContentType;
wr.Method = restDesc.Method;
wr.UserAgent = MainForm.UserAgentHeader;
//wr.Connection = "keep-alive";
wr.Proxy = WebRequest.DefaultWebProxy;
wr.Credentials = System.Net.CredentialCache.DefaultCredentials;
wr.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
if (!string.IsNullOrEmpty(customRequestHeader))
{
wr.Headers.Add(customRequestHeader);
}
if (useAuthIfExists)
{
if (restDesc.BasicAuthentication != null && !string.IsNullOrEmpty(restDesc.BasicAuthentication.Username))
{
wr.Credentials = new NetworkCredential(restDesc.BasicAuthentication.Username, restDesc.BasicAuthentication.Password);
}
}
if (!string.IsNullOrEmpty(postData))
{
wr.ContentLength = Encoding.UTF8.GetByteCount(postData);
using (Stream stream = wr.GetRequestStream())
{
stream.Write(Encoding.UTF8.GetBytes(postData), 0, Encoding.UTF8.GetByteCount(postData));
stream.Close();
}
}
return(wr);
}
//##########################################
//## CheckQueue ##
//##########################################
public async Task <string> CheckQueue(int Id)
{
var QueueList = _context.Queue.Include(q => q.DeployType).Where(q => q.DeployTypeId == Id).FirstOrDefault();
string tennantID = QueueList.DeployType.Tennant.AzureTennantId;
string clientID = QueueList.DeployType.Tennant.AzureClientId;
string secret = QueueList.DeployType.Tennant.AzureClientSecret;
string subscriptionID = QueueList.DeployType.Tennant.AzureSubscriptionId;
string resourcegroup = QueueList.Resourcegroup;
if (string.IsNullOrEmpty(resourcegroup) == true)
{
resourcegroup = QueueList.DeployType.Tennant.ResourceGroupName;
}
string azuredeploy = QueueList.Azuredeploy;
var results = RESTApi.PostAction(tennantID, clientID, secret);
RESTApi.AccessToken AccessToken = JsonConvert.DeserializeObject <RESTApi.AccessToken>(results.Result);
string accesstoken = AccessToken.access_token;
var getcontent = RESTApi.GetAsync(subscriptionID, resourcegroup, accesstoken, azuredeploy);
if (await getcontent == null)
{
QueueList.DeployType.DeployResult = "";
}
else
{
QueueList.DeployType.DeployResult = await getcontent;
}
_context.Update(QueueList.DeployType);
await _context.SaveChangesAsync();
var content = await getcontent;
return(content);
}
public RestHTTPHelper(ref RESTApi restDesc, ref bool untrustedSSLSecureChannel, ref List <Param> respHeader, string customRequestHeader)
{
HttpWebRequest wr = GetHttpWebReqWithDefaultParams(restDesc, true, customRequestHeader);
HttpWebResponse wres = null;
try
{
wres = (HttpWebResponse)wr.GetResponse();
}
catch (WebException wex)
{
if (wex.Status == WebExceptionStatus.TrustFailure)
{
ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };
wr = GetHttpWebReqWithDefaultParams(restDesc, true, customRequestHeader);
wres = (HttpWebResponse)wr.GetResponse();
untrustedSSLSecureChannel = true;
}
}
if (wres != null)
{
for (int i = 0; i < wres.Headers.Count; ++i)
{
respHeader.Add(new Param()
{
Name = wres.Headers.Keys[i].ToLowerInvariant(), Value = wres.Headers[i].ToLowerInvariant()
});
}
StreamReader streamReader = new StreamReader(wres.GetResponseStream());
string response = streamReader.ReadToEnd();
}
}
public StatesPage()
{
InitializeComponent();
int ProblemId = ((Problem)ProblemPage.lv.SelectedItem).Id;
List <User> users = new List <User>();
string path = "/users";
users = JsonConvert.DeserializeObject <List <User> >(RESTApi.Get(path));
List <State> states = new List <State>();
path = "/states?ProblemId=" + ProblemId;
states = JsonConvert.DeserializeObject <List <State> >(RESTApi.Get(path));
List <Group> groups = new List <Group>();
path = "/groups";
groups = JsonConvert.DeserializeObject <List <Group> >(RESTApi.Get(path));
List <UserState> userstates = new List <UserState>();
foreach (State item in states)
{
UserState tmp = new UserState();
tmp.StateStatus = item.Status;
tmp.UserGroupId = users.FirstOrDefault(x => x.Id == item.UserId).GroupId;
tmp.UserName = users.FirstOrDefault(x => x.Id == item.UserId).FullName;
tmp.GroupName = groups.FirstOrDefault(x => x.Id == tmp.UserGroupId).Name;
userstates.Add(tmp);
}
UserStatesLV.ItemsSource = userstates;
}
private void CheckWebServerVulns(RESTApi restDesc, VulnerabilitiesVulnerability vuln,
WSDescriberForReport WSItemVulnerabilities, ReportObject reportObject, bool isDebug,
ref List <Param> respHeader, RestHTTPHelper HttpHelper, string customRequestHeader,
string methodName, string httpMethodName)
{
HttpWebResponseWrapper response = null;
try
{
reportObject.TotalRequestCount++;
response = HttpHelper.GetHttpWebResponseForWebServerVuln(restDesc.Url.Scheme + "://" + restDesc.Url.Host + ":" + restDesc.Url.Port,
restDesc.BasicAuthentication, ref respHeader, customRequestHeader, httpMethodName);
}
catch (Exception ex)
{
mainForm.Log(" " + methodName + " - Exception: " + ex.ToString(), FontStyle.Regular, true, true);
}
if (response != null && response.WebResponse != null)
{
if (vuln.statusCode.Equals(((int)response.WebResponse.StatusCode).ToString())) // status code == 200
{
VulnerabilityForReport newVuln = new VulnerabilityForReport();
newVuln.Vuln = vuln;
newVuln.VulnerableMethodName = restDesc.Url.AbsoluteUri + ":" + restDesc.Url.Port;
newVuln.VulnerableParamName = "";
newVuln.Payload = "";
newVuln.Response = response.ResponseBody;
newVuln.StatusCode = response.WebResponse.StatusCode.ToString();
WSItemVulnerabilities.Vulns.Add(newVuln);
mainForm.Log(" " + methodName + " is enabled: " + response.ResponseBody + " - status code is : " + response.WebResponse.StatusCode.ToString(), FontStyle.Bold, true, false);
}
}
}
public HttpWebResponseWrapper GetHttpWebResponseWithDefaultParams(RESTApi restDesc, bool useAuthIfExists, ref List <Param> respHeader, string customRequestHeader)
{
return(GetHttpWebResponse(restDesc, GetDefaultValuesForParam(restDesc.NormalizedURL, restDesc.UrlParameters, false),
GetDefaultValuesForParam(restDesc.NormalizedPostData, restDesc.PostParameters, true), useAuthIfExists, ref respHeader, customRequestHeader));
}
public RESTInfoEntry(MainForm mainForm, RESTApi restAPI)
{
InitializeComponent();
this.mainForm = mainForm;
this.restAPI = restAPI;
}
private HttpWebRequest GetHttpWebReqWithDefaultParams(RESTApi restDesc, bool useAuthIfExists, string customRequestHeader)
{
return(GetHttpWebReq(restDesc, GetDefaultValuesForParam(restDesc.NormalizedURL, restDesc.UrlParameters, false),
GetDefaultValuesForParam(restDesc.NormalizedPostData, restDesc.PostParameters, true), useAuthIfExists, customRequestHeader));
}
