Skip to content
This repository has been archived by the owner on Feb 12, 2019. It is now read-only.

Commit

Permalink
Merge pull request #34 from DNNCommunity/bug/DNN-10430
Browse files Browse the repository at this point in the history 
DNN-10430: let CheckHiddenSystemFiles execute manually.
  • Loading branch information
George Alatrash authored Nov 2, 2017
2 parents 9c5e326 + aea2996 commit 651df44
Show file tree
Hide file tree
Showing 26 changed files with 218 additions and 205 deletions.
3 changes: 3 additions & 0 deletions App_LocalResources/View.ascx.resx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -465,4 +465,7 @@ If you expect this addition, then just ignore this email; otherwise, an immediat
<data name="CheckHiddenSystemFilesSuccess.Text" xml:space="preserve">
<value>There are no files marked as system file or hidden in the website folder.</value>
</data>
<data name="Check.Text" xml:space="preserve">
<value>Check</value>
</data>
</root>
18 changes: 16 additions & 2 deletions Components/AuditChecks.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using DNN.Modules.SecurityAnalyzer.Components.Checks;
using DotNetNuke.Common;
Expand Down Expand Up @@ -40,14 +41,14 @@ public AuditChecks()
_auditChecks= checks.AsReadOnly();
}

public List<CheckResult> DoChecks()
public IList<CheckResult> DoChecks(bool checkAll = false)
{
var results = new List<CheckResult>();
foreach (var check in _auditChecks)
{
try
{
var result = check.Execute();
var result = checkAll || !check.LazyLoad ? check.Execute() : new CheckResult(SeverityEnum.Unverified, check.Id);
results.Add(result);
}
catch (Exception ex)
Expand All @@ -60,5 +61,18 @@ public List<CheckResult> DoChecks()
}
return results;
}

public CheckResult DoCheck(string id)
{
try
{
var check = _auditChecks.FirstOrDefault(c => c.Id.Equals(id, StringComparison.InvariantCultureIgnoreCase));
return check?.Execute();
}
catch (Exception)
{
return new CheckResult(SeverityEnum.Unverified, id);
}
}
}
}
1 change: 1 addition & 0 deletions Components/CheckResult.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

namespace DNN.Modules.SecurityAnalyzer.Components
{
[Serializable]
public class CheckResult
{
public CheckResult(SeverityEnum severity, string checkname)
Expand Down
28 changes: 10 additions & 18 deletions Components/Checks/CheckAllowableFileExtensions.cs
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,27 @@
using System;
using System.Web;
using DotNetNuke.Entities.Controllers;
using DotNetNuke.Entities.Host;
using DotNetNuke.Entities.Controllers;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
public class CheckAllowableFileExtensions : IAuditCheck
{
public string Id => "CheckAllowableFileExtensions";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
var allowedExtensions = new FileExtensionWhitelist(HostController.Instance.GetString("FileExtensions"));
try
if (allowedExtensions.IsAllowedExtension("asp")
|| allowedExtensions.IsAllowedExtension("aspx")
|| allowedExtensions.IsAllowedExtension("php"))
{
if (allowedExtensions.IsAllowedExtension("asp")
|| allowedExtensions.IsAllowedExtension("aspx")
|| allowedExtensions.IsAllowedExtension("php"))
{
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString());
}
else
{
result.Severity = SeverityEnum.Pass;
}
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString());
}
catch (Exception)
else
{
throw;
result.Severity = SeverityEnum.Pass;
}
return result;
}
Expand Down
32 changes: 13 additions & 19 deletions Components/Checks/CheckBiography.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using DotNetNuke.Common.Lists;
using DotNetNuke.Common.Lists;
using DotNetNuke.Entities.Portals;
using DotNetNuke.Entities.Profile;

Expand All @@ -9,30 +8,25 @@ public class CheckBiography : IAuditCheck
{
public string Id => "CheckBiography";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
{
var portalController = new PortalController();
var controller = new ListController();
var portalController = new PortalController();
var controller = new ListController();

var richTextDataType = controller.GetListEntryInfo("DataType", "RichText");
result.Severity = SeverityEnum.Pass;
foreach (PortalInfo portal in portalController.GetPortals())
var richTextDataType = controller.GetListEntryInfo("DataType", "RichText");
result.Severity = SeverityEnum.Pass;
foreach (PortalInfo portal in portalController.GetPortals())
{
var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography");
if (pd != null && pd.DataType == richTextDataType.EntryID)
{
var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography");
if (pd != null && pd.DataType == richTextDataType.EntryID)
{
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Portal:" + portal.PortalName);
}
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Portal:" + portal.PortalName);
}
}
catch (Exception)
{
throw;
}
return result;
}
}
Expand Down
2 changes: 2 additions & 0 deletions Components/Checks/CheckDebug.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ public class CheckDebug : IAuditCheck
{
public string Id => "CheckDebug";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id)
Expand Down
42 changes: 17 additions & 25 deletions Components/Checks/CheckDefaultPage.cs
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Xml;
using DotNetNuke.Application;
using DotNetNuke.Common;
Expand All @@ -13,41 +10,36 @@ public class CheckDefaultPage : IAuditCheck
{
public string Id => "CheckDefaultPage";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
IList<string> modifiedFiles;
var fileModified = CheckDefaultPageModified(out modifiedFiles);
if (fileModified)
{
IList<string> modifiedFiles;
var fileModified = CheckDefaultPageModified(out modifiedFiles);
if (fileModified)
if (modifiedFiles.Count == 0)
{
if (modifiedFiles.Count == 0)
if (DotNetNukeContext.Current.Application.Version.Major > 6)
{
if (DotNetNukeContext.Current.Application.Version.Major > 6)
{
result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version.");
}
else
{
fileModified = false;
}
result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version.");
}

result.Severity = SeverityEnum.Failure;
foreach (var filename in modifiedFiles)
else
{
result.Notes.Add("file:" + filename);
fileModified = false;
}
}
else

result.Severity = SeverityEnum.Failure;
foreach (var filename in modifiedFiles)
{
result.Severity = SeverityEnum.Pass;
result.Notes.Add("file:" + filename);
}
}
catch (Exception)
else
{
throw;
result.Severity = SeverityEnum.Pass;
}
return result;
}
Expand Down
2 changes: 2 additions & 0 deletions Components/Checks/CheckDiskAcccessPermissions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ public class CheckDiskAcccessPermissions : IAuditCheck
{
public string Id => "CheckDiskAccess";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
Expand Down
26 changes: 10 additions & 16 deletions Components/Checks/CheckHiddenSystemFiles.cs
View file
Original file line number Diff line number Diff line change
@@ -1,34 +1,28 @@
using System;
using System.Linq;
using System.Linq;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
public class CheckHiddenSystemFiles : IAuditCheck
{
public string Id => "CheckHiddenSystemFiles";

public bool LazyLoad => true;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
var investigatefiles = Utility.FineHiddenSystemFiles();
if (investigatefiles.Any())
{
var investigatefiles = Utility.FineHiddenSystemFiles();
if (investigatefiles.Any())
{
result.Severity = SeverityEnum.Failure;
foreach (var filename in investigatefiles)
{
result.Notes.Add("file:" + filename);
}
}
else
result.Severity = SeverityEnum.Failure;
foreach (var filename in investigatefiles)
{
result.Severity = SeverityEnum.Pass;
result.Notes.Add("file:" + filename);
}
}
catch (Exception)
else
{
throw;
result.Severity = SeverityEnum.Pass;
}
return result;
}
Expand Down
5 changes: 3 additions & 2 deletions Components/Checks/CheckHttpModules.cs
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
using System.Web;
using DNN.Modules.SecurityAnalyzer.HttpModules;
using DNN.Modules.SecurityAnalyzer.HttpModules;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
public class CheckHttpModules : IAuditCheck
{
public string Id => "CheckHttpModules";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id)
Expand Down
52 changes: 19 additions & 33 deletions Components/Checks/CheckModuleHeaderAndFooter.cs
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,4 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Web;
using System.Xml;
using DotNetNuke.Application;
using DotNetNuke.Common;
using System.Web;
using DotNetNuke.Data;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
Expand All @@ -15,37 +7,31 @@ public class CheckModuleHeaderAndFooter : IAuditCheck
{
public string Id => "CheckModuleHeaderAndFooter";

public bool LazyLoad => false;

public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter");
result.Severity = SeverityEnum.Pass;
while (dr.Read())
{
var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter");
result.Severity = SeverityEnum.Pass;
while (dr.Read())
result.Severity = SeverityEnum.Warning;
var note = string.Format("<b>TabId:</b> {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]);
var headerValue = dr["Header"].ToString();
var footerValue = dr["Footer"].ToString();
if (!string.IsNullOrEmpty(headerValue))
{
result.Severity = SeverityEnum.Warning;
var note = string.Format("<b>TabId:</b> {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]);
var headerValue = dr["Header"].ToString();
var footerValue = dr["Footer"].ToString();
if (!string.IsNullOrEmpty(headerValue))
{
note += string.Format("<br />Header: {0}", HttpUtility.HtmlEncode(headerValue));
}
if (!string.IsNullOrEmpty(footerValue))
{
note += string.Format("<br />Footer: {0}", HttpUtility.HtmlEncode(footerValue));
}
note += "< br />";

result.Notes.Add(note);
note += string.Format("<br />Header: {0}", HttpUtility.HtmlEncode(headerValue));
}
}
catch (Exception)
{
throw;
}
if (!string.IsNullOrEmpty(footerValue))
{
note += string.Format("<br />Footer: {0}", HttpUtility.HtmlEncode(footerValue));
}
note += "< br />";

result.Notes.Add(note);
}
return result;
}
}
Expand Down
Loading

0 comments on commit 651df44

Please sign in to comment.