From 5cad3ae889597e90075aef5baee6de6c34843057 Mon Sep 17 00:00:00 2001 From: Ben Date: Thu, 2 Nov 2017 15:27:37 +0800 Subject: [PATCH 1/2] DNN-10430: let CheckHiddenSystemFiles execute manually. --- App_LocalResources/View.ascx.resx | 3 + Components/AuditChecks.cs | 18 +++++- Components/CheckResult.cs | 1 + .../Checks/CheckAllowableFileExtensions.cs | 2 + Components/Checks/CheckBiography.cs | 2 + Components/Checks/CheckDebug.cs | 2 + Components/Checks/CheckDefaultPage.cs | 2 + .../Checks/CheckDiskAcccessPermissions.cs | 2 + Components/Checks/CheckHiddenSystemFiles.cs | 2 + Components/Checks/CheckHttpModules.cs | 2 + .../Checks/CheckModuleHeaderAndFooter.cs | 2 + Components/Checks/CheckPasswordFormat.cs | 2 + Components/Checks/CheckRarelyUsedSuperuser.cs | 2 + Components/Checks/CheckSiteRegistration.cs | 2 + Components/Checks/CheckSqlRisk.cs | 2 + .../Checks/CheckSuperuserOldPassword.cs | 2 + .../Checks/CheckTelerikVulnerability.cs | 2 + Components/Checks/CheckTracing.cs | 2 + .../Checks/CheckUnexpectedExtensions.cs | 2 + Components/Checks/CheckViewstatemac.cs | 2 + Components/IAuditCheck.cs | 3 + View.ascx | 15 ++++- View.ascx.cs | 58 +++++++++++++++++-- 23 files changed, 122 insertions(+), 10 deletions(-) diff --git a/App_LocalResources/View.ascx.resx b/App_LocalResources/View.ascx.resx index 341d186..46e727e 100644 --- a/App_LocalResources/View.ascx.resx +++ b/App_LocalResources/View.ascx.resx @@ -465,4 +465,7 @@ If you expect this addition, then just ignore this email; otherwise, an immediat There are no files marked as system file or hidden in the website folder. + + Check + \ No newline at end of file diff --git a/Components/AuditChecks.cs b/Components/AuditChecks.cs index dd8f284..c04c2d1 100644 --- a/Components/AuditChecks.cs +++ b/Components/AuditChecks.cs @@ -1,5 +1,6 @@ using System; using System.Collections.Generic; +using System.Linq; using System.Web; using DNN.Modules.SecurityAnalyzer.Components.Checks; using DotNetNuke.Common; @@ -40,14 +41,14 @@ public AuditChecks() _auditChecks= checks.AsReadOnly(); } - public List DoChecks() + public IList DoChecks(bool checkAll = false) { var results = new List(); foreach (var check in _auditChecks) { try { - var result = check.Execute(); + var result = checkAll || !check.LazyLoad ? check.Execute() : new CheckResult(SeverityEnum.Unverified, check.Id); results.Add(result); } catch (Exception ex) @@ -60,5 +61,18 @@ public List DoChecks() } return results; } + + public CheckResult DoCheck(string id) + { + try + { + var check = _auditChecks.FirstOrDefault(c => c.Id.Equals(id, StringComparison.InvariantCultureIgnoreCase)); + return check?.Execute(); + } + catch (Exception) + { + return new CheckResult(SeverityEnum.Unverified, id); + } + } } } \ No newline at end of file diff --git a/Components/CheckResult.cs b/Components/CheckResult.cs index c1833c7..d6c5944 100644 --- a/Components/CheckResult.cs +++ b/Components/CheckResult.cs @@ -4,6 +4,7 @@ namespace DNN.Modules.SecurityAnalyzer.Components { + [Serializable] public class CheckResult { public CheckResult(SeverityEnum severity, string checkname) diff --git a/Components/Checks/CheckAllowableFileExtensions.cs b/Components/Checks/CheckAllowableFileExtensions.cs index a9397ee..e480ee9 100644 --- a/Components/Checks/CheckAllowableFileExtensions.cs +++ b/Components/Checks/CheckAllowableFileExtensions.cs @@ -9,6 +9,8 @@ public class CheckAllowableFileExtensions : IAuditCheck { public string Id => "CheckAllowableFileExtensions"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckBiography.cs b/Components/Checks/CheckBiography.cs index 6b1f35d..ab2ae58 100644 --- a/Components/Checks/CheckBiography.cs +++ b/Components/Checks/CheckBiography.cs @@ -9,6 +9,8 @@ public class CheckBiography : IAuditCheck { public string Id => "CheckBiography"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckDebug.cs b/Components/Checks/CheckDebug.cs index 3e84cb1..c71e2d6 100644 --- a/Components/Checks/CheckDebug.cs +++ b/Components/Checks/CheckDebug.cs @@ -6,6 +6,8 @@ public class CheckDebug : IAuditCheck { public string Id => "CheckDebug"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id) diff --git a/Components/Checks/CheckDefaultPage.cs b/Components/Checks/CheckDefaultPage.cs index af3140b..4b6692f 100644 --- a/Components/Checks/CheckDefaultPage.cs +++ b/Components/Checks/CheckDefaultPage.cs @@ -13,6 +13,8 @@ public class CheckDefaultPage : IAuditCheck { public string Id => "CheckDefaultPage"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckDiskAcccessPermissions.cs b/Components/Checks/CheckDiskAcccessPermissions.cs index 1aa2eb5..10a499a 100644 --- a/Components/Checks/CheckDiskAcccessPermissions.cs +++ b/Components/Checks/CheckDiskAcccessPermissions.cs @@ -12,6 +12,8 @@ public class CheckDiskAcccessPermissions : IAuditCheck { public string Id => "CheckDiskAccess"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckHiddenSystemFiles.cs b/Components/Checks/CheckHiddenSystemFiles.cs index 7f56fbb..4275ff3 100644 --- a/Components/Checks/CheckHiddenSystemFiles.cs +++ b/Components/Checks/CheckHiddenSystemFiles.cs @@ -7,6 +7,8 @@ public class CheckHiddenSystemFiles : IAuditCheck { public string Id => "CheckHiddenSystemFiles"; + public bool LazyLoad => true; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckHttpModules.cs b/Components/Checks/CheckHttpModules.cs index e614569..bca1cb5 100644 --- a/Components/Checks/CheckHttpModules.cs +++ b/Components/Checks/CheckHttpModules.cs @@ -7,6 +7,8 @@ public class CheckHttpModules : IAuditCheck { public string Id => "CheckHttpModules"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id) diff --git a/Components/Checks/CheckModuleHeaderAndFooter.cs b/Components/Checks/CheckModuleHeaderAndFooter.cs index 76768ce..d33116a 100644 --- a/Components/Checks/CheckModuleHeaderAndFooter.cs +++ b/Components/Checks/CheckModuleHeaderAndFooter.cs @@ -15,6 +15,8 @@ public class CheckModuleHeaderAndFooter : IAuditCheck { public string Id => "CheckModuleHeaderAndFooter"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckPasswordFormat.cs b/Components/Checks/CheckPasswordFormat.cs index cdeebde..e02c6f9 100644 --- a/Components/Checks/CheckPasswordFormat.cs +++ b/Components/Checks/CheckPasswordFormat.cs @@ -9,6 +9,8 @@ public class CheckPasswordFormat : IAuditCheck { public string Id => "CheckPasswordFormat"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckRarelyUsedSuperuser.cs b/Components/Checks/CheckRarelyUsedSuperuser.cs index 84b2144..9de4f72 100644 --- a/Components/Checks/CheckRarelyUsedSuperuser.cs +++ b/Components/Checks/CheckRarelyUsedSuperuser.cs @@ -8,6 +8,8 @@ public class CheckRarelyUsedSuperuser : IAuditCheck { public string Id => "CheckRarelyUsedSuperuser"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckSiteRegistration.cs b/Components/Checks/CheckSiteRegistration.cs index d51cb79..af1e46e 100644 --- a/Components/Checks/CheckSiteRegistration.cs +++ b/Components/Checks/CheckSiteRegistration.cs @@ -7,6 +7,8 @@ public class CheckSiteRegistration : IAuditCheck { public string Id => "CheckSiteRegistration"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckSqlRisk.cs b/Components/Checks/CheckSqlRisk.cs index 2ce0ac4..43577df 100644 --- a/Components/Checks/CheckSqlRisk.cs +++ b/Components/Checks/CheckSqlRisk.cs @@ -13,6 +13,8 @@ public class CheckSqlRisk : IAuditCheck { public string Id => "CheckSqlRisk"; + public bool LazyLoad => false; + private string LocalResourceFile { get { return "~/DesktopModules/DNNCorp/SecurityAnalyzer/App_LocalResources/view.ascx"; } diff --git a/Components/Checks/CheckSuperuserOldPassword.cs b/Components/Checks/CheckSuperuserOldPassword.cs index 754d809..bb46e04 100644 --- a/Components/Checks/CheckSuperuserOldPassword.cs +++ b/Components/Checks/CheckSuperuserOldPassword.cs @@ -7,6 +7,8 @@ public class CheckSuperuserOldPassword : IAuditCheck { public string Id => "CheckSuperuserOldPassword"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckTelerikVulnerability.cs b/Components/Checks/CheckTelerikVulnerability.cs index e495ec4..1f277d3 100644 --- a/Components/Checks/CheckTelerikVulnerability.cs +++ b/Components/Checks/CheckTelerikVulnerability.cs @@ -15,6 +15,8 @@ public class CheckTelerikVulnerability : IAuditCheck { public string Id => "CheckTelerikVulnerability"; + public bool LazyLoad => false; + private string[] _configKeys = { "Telerik.AsyncUpload.ConfigurationEncryptionKey", "Telerik.Upload.ConfigurationHashKey", diff --git a/Components/Checks/CheckTracing.cs b/Components/Checks/CheckTracing.cs index d22ef7b..02e9762 100644 --- a/Components/Checks/CheckTracing.cs +++ b/Components/Checks/CheckTracing.cs @@ -7,6 +7,8 @@ public class CheckTracing : IAuditCheck { public string Id => "CheckTracing"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckUnexpectedExtensions.cs b/Components/Checks/CheckUnexpectedExtensions.cs index 7e5bbfe..907c1c9 100644 --- a/Components/Checks/CheckUnexpectedExtensions.cs +++ b/Components/Checks/CheckUnexpectedExtensions.cs @@ -7,6 +7,8 @@ public class CheckUnexpectedExtensions : IAuditCheck { public string Id => "CheckUnexpectedExtensions"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/Checks/CheckViewstatemac.cs b/Components/Checks/CheckViewstatemac.cs index 41e6907..c02044b 100644 --- a/Components/Checks/CheckViewstatemac.cs +++ b/Components/Checks/CheckViewstatemac.cs @@ -8,6 +8,8 @@ public class CheckViewstatemac : IAuditCheck { public string Id => "CheckViewstatemac"; + public bool LazyLoad => false; + public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); diff --git a/Components/IAuditCheck.cs b/Components/IAuditCheck.cs index 2f30a94..c48406f 100644 --- a/Components/IAuditCheck.cs +++ b/Components/IAuditCheck.cs @@ -3,6 +3,9 @@ public interface IAuditCheck { string Id { get; } + + bool LazyLoad { get; } + CheckResult Execute(); } } \ No newline at end of file diff --git a/View.ascx b/View.ascx index 2b20b43..05bc30d 100644 --- a/View.ascx +++ b/View.ascx @@ -1,4 +1,4 @@ -<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="View.ascx.cs" Inherits="DNN.Modules.SecurityAnalyzer.View" %> +<%@ Control Language="C#" AutoEventWireup="true" CodeBehind="View.ascx.cs" Inherits="DNN.Modules.SecurityAnalyzer.View" EnableViewState="true" %> <%@ Import Namespace="DNN.Modules.SecurityAnalyzer.Components" %> <%@ Import Namespace="DotNetNuke.Entities.Users" %> <%@ Import Namespace="DotNetNuke.Services.Localization" %> @@ -44,12 +44,21 @@ - + + -
<%# DisplayResult((int) ((CheckResult) Container.DataItem).Severity, ((CheckResult) Container.DataItem).SuccessText, ((CheckResult) Container.DataItem).FailureText) %>
+
<%# DisplayResult((CheckResult) Container.DataItem) %>
 diff --git a/View.ascx.cs b/View.ascx.cs index 686c1e7..541ba88 100644 --- a/View.ascx.cs +++ b/View.ascx.cs @@ -6,6 +6,7 @@ using System.IO; using System.Linq; using System.Text.RegularExpressions; +using System.Web.UI.WebControls; using DNN.Modules.SecurityAnalyzer.Components; using DotNetNuke.Common; using DotNetNuke.Common.Utilities; @@ -22,6 +23,20 @@ public partial class View : SecurityAnalyzerModuleBase { protected ArrayList Users { get; set; } + private IList CheckResults + { + get + { + if (ViewState["CheckResults"] == null) + { + var audit = new AuditChecks(); + ViewState["CheckResults"] = audit.DoChecks(); + } + + return ViewState["CheckResults"] as IList; + } + } + protected void Page_Load(object sender, EventArgs e) { if (!UserInfo.IsSuperUser) @@ -60,6 +75,37 @@ protected void Page_Load(object sender, EventArgs e) } } + protected void OnAuditCheck(object sender, EventArgs e) + { + var linkButton = sender as LinkButton; + var checkName = linkButton?.CommandArgument; + if (!string.IsNullOrEmpty(checkName)) + { + + var existResult = CheckResults.FirstOrDefault(r => r.CheckName == checkName); + if (existResult != null) + { + var scriptTimeout = Server.ScriptTimeout; + Server.ScriptTimeout = int.MaxValue; + + try + { + var result = new AuditChecks().DoCheck(checkName); + var index = CheckResults.IndexOf(existResult); + CheckResults.RemoveAt(index); + CheckResults.Insert(index, result); + + dgResults.DataSource = CheckResults; + dgResults.DataBind(); + } + finally + { + Server.ScriptTimeout = scriptTimeout; + } + } + } + } + private void GetAuditResults() { var audit = new AuditChecks(); @@ -146,14 +192,16 @@ public string GetSeverityImageUrl(int severity) return ResolveUrl("~/images/icon_help_32px.gif"); } - public string DisplayResult(int severity, string successText, string failureTest) + public string DisplayResult(CheckResult checkResult) { - switch (severity) + switch (checkResult.Severity) { - case (int) SeverityEnum.Pass: - return successText; + case SeverityEnum.Unverified: + return checkResult.Reason; + case SeverityEnum.Pass: + return checkResult.SuccessText; default: - return failureTest; + return checkResult.FailureText; } } From aea299635ec3556dacfbc34d087af865000184a1 Mon Sep 17 00:00:00 2001 From: George Alatrash Date: Thu, 2 Nov 2017 10:54:51 -0700 Subject: [PATCH 2/2] Removed unnecessary exceptions re-throws (were causing warnings in source scanning tool). Added another text to release changes. --- .../Checks/CheckAllowableFileExtensions.cs | 26 +++------- Components/Checks/CheckBiography.cs | 30 ++++------- Components/Checks/CheckDefaultPage.cs | 40 ++++++--------- Components/Checks/CheckHiddenSystemFiles.cs | 24 +++------ Components/Checks/CheckHttpModules.cs | 3 +- .../Checks/CheckModuleHeaderAndFooter.cs | 50 +++++++------------ Components/Checks/CheckPasswordFormat.cs | 24 +++------ Components/Checks/CheckRarelyUsedSuperuser.cs | 26 ++++------ Components/Checks/CheckSiteRegistration.cs | 25 +++------- Components/Checks/CheckSqlRisk.cs | 1 - .../Checks/CheckSuperuserOldPassword.cs | 22 +++----- Components/FeatureController.cs | 1 - Components/Utility.cs | 1 - ReleaseNotes.txt | 2 +- View.ascx.cs | 16 ++---- 15 files changed, 96 insertions(+), 195 deletions(-) diff --git a/Components/Checks/CheckAllowableFileExtensions.cs b/Components/Checks/CheckAllowableFileExtensions.cs index e480ee9..37fd548 100644 --- a/Components/Checks/CheckAllowableFileExtensions.cs +++ b/Components/Checks/CheckAllowableFileExtensions.cs @@ -1,7 +1,4 @@ -using System; -using System.Web; -using DotNetNuke.Entities.Controllers; -using DotNetNuke.Entities.Host; +using DotNetNuke.Entities.Controllers; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -15,23 +12,16 @@ public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); var allowedExtensions = new FileExtensionWhitelist(HostController.Instance.GetString("FileExtensions")); - try + if (allowedExtensions.IsAllowedExtension("asp") + || allowedExtensions.IsAllowedExtension("aspx") + || allowedExtensions.IsAllowedExtension("php")) { - if (allowedExtensions.IsAllowedExtension("asp") - || allowedExtensions.IsAllowedExtension("aspx") - || allowedExtensions.IsAllowedExtension("php")) - { - result.Severity = SeverityEnum.Failure; - result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString()); - } - else - { - result.Severity = SeverityEnum.Pass; - } + result.Severity = SeverityEnum.Failure; + result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString()); } - catch (Exception) + else { - throw; + result.Severity = SeverityEnum.Pass; } return result; } diff --git a/Components/Checks/CheckBiography.cs b/Components/Checks/CheckBiography.cs index ab2ae58..f1a7a98 100644 --- a/Components/Checks/CheckBiography.cs +++ b/Components/Checks/CheckBiography.cs @@ -1,5 +1,4 @@ -using System; -using DotNetNuke.Common.Lists; +using DotNetNuke.Common.Lists; using DotNetNuke.Entities.Portals; using DotNetNuke.Entities.Profile; @@ -14,27 +13,20 @@ public class CheckBiography : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try - { - var portalController = new PortalController(); - var controller = new ListController(); + var portalController = new PortalController(); + var controller = new ListController(); - var richTextDataType = controller.GetListEntryInfo("DataType", "RichText"); - result.Severity = SeverityEnum.Pass; - foreach (PortalInfo portal in portalController.GetPortals()) + var richTextDataType = controller.GetListEntryInfo("DataType", "RichText"); + result.Severity = SeverityEnum.Pass; + foreach (PortalInfo portal in portalController.GetPortals()) + { + var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography"); + if (pd != null && pd.DataType == richTextDataType.EntryID) { - var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography"); - if (pd != null && pd.DataType == richTextDataType.EntryID) - { - result.Severity = SeverityEnum.Failure; - result.Notes.Add("Portal:" + portal.PortalName); - } + result.Severity = SeverityEnum.Failure; + result.Notes.Add("Portal:" + portal.PortalName); } } - catch (Exception) - { - throw; - } return result; } } diff --git a/Components/Checks/CheckDefaultPage.cs b/Components/Checks/CheckDefaultPage.cs index 4b6692f..e762817 100644 --- a/Components/Checks/CheckDefaultPage.cs +++ b/Components/Checks/CheckDefaultPage.cs @@ -1,8 +1,5 @@ -using System; -using System.Collections; -using System.Collections.Generic; +using System.Collections.Generic; using System.IO; -using System.Linq; using System.Xml; using DotNetNuke.Application; using DotNetNuke.Common; @@ -18,38 +15,31 @@ public class CheckDefaultPage : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + IList modifiedFiles; + var fileModified = CheckDefaultPageModified(out modifiedFiles); + if (fileModified) { - IList modifiedFiles; - var fileModified = CheckDefaultPageModified(out modifiedFiles); - if (fileModified) + if (modifiedFiles.Count == 0) { - if (modifiedFiles.Count == 0) + if (DotNetNukeContext.Current.Application.Version.Major > 6) { - if (DotNetNukeContext.Current.Application.Version.Major > 6) - { - result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version."); - } - else - { - fileModified = false; - } + result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version."); } - - result.Severity = SeverityEnum.Failure; - foreach (var filename in modifiedFiles) + else { - result.Notes.Add("file:" + filename); + fileModified = false; } } - else + + result.Severity = SeverityEnum.Failure; + foreach (var filename in modifiedFiles) { - result.Severity = SeverityEnum.Pass; + result.Notes.Add("file:" + filename); } } - catch (Exception) + else { - throw; + result.Severity = SeverityEnum.Pass; } return result; } diff --git a/Components/Checks/CheckHiddenSystemFiles.cs b/Components/Checks/CheckHiddenSystemFiles.cs index 4275ff3..cb03dd3 100644 --- a/Components/Checks/CheckHiddenSystemFiles.cs +++ b/Components/Checks/CheckHiddenSystemFiles.cs @@ -1,5 +1,4 @@ -using System; -using System.Linq; +using System.Linq; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -12,25 +11,18 @@ public class CheckHiddenSystemFiles : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var investigatefiles = Utility.FineHiddenSystemFiles(); + if (investigatefiles.Any()) { - var investigatefiles = Utility.FineHiddenSystemFiles(); - if (investigatefiles.Any()) + result.Severity = SeverityEnum.Failure; + foreach (var filename in investigatefiles) { - result.Severity = SeverityEnum.Failure; - foreach (var filename in investigatefiles) - { - result.Notes.Add("file:" + filename); - } - } - else - { - result.Severity = SeverityEnum.Pass; + result.Notes.Add("file:" + filename); } } - catch (Exception) + else { - throw; + result.Severity = SeverityEnum.Pass; } return result; } diff --git a/Components/Checks/CheckHttpModules.cs b/Components/Checks/CheckHttpModules.cs index bca1cb5..2e03c63 100644 --- a/Components/Checks/CheckHttpModules.cs +++ b/Components/Checks/CheckHttpModules.cs @@ -1,5 +1,4 @@ -using System.Web; -using DNN.Modules.SecurityAnalyzer.HttpModules; +using DNN.Modules.SecurityAnalyzer.HttpModules; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { diff --git a/Components/Checks/CheckModuleHeaderAndFooter.cs b/Components/Checks/CheckModuleHeaderAndFooter.cs index d33116a..f31404b 100644 --- a/Components/Checks/CheckModuleHeaderAndFooter.cs +++ b/Components/Checks/CheckModuleHeaderAndFooter.cs @@ -1,12 +1,4 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.IO; -using System.Linq; -using System.Web; -using System.Xml; -using DotNetNuke.Application; -using DotNetNuke.Common; +using System.Web; using DotNetNuke.Data; namespace DNN.Modules.SecurityAnalyzer.Components.Checks @@ -20,34 +12,26 @@ public class CheckModuleHeaderAndFooter : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter"); + result.Severity = SeverityEnum.Pass; + while (dr.Read()) { - var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter"); - result.Severity = SeverityEnum.Pass; - while (dr.Read()) + result.Severity = SeverityEnum.Warning; + var note = string.Format("TabId: {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]); + var headerValue = dr["Header"].ToString(); + var footerValue = dr["Footer"].ToString(); + if (!string.IsNullOrEmpty(headerValue)) { - result.Severity = SeverityEnum.Warning; - var note = string.Format("TabId: {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]); - var headerValue = dr["Header"].ToString(); - var footerValue = dr["Footer"].ToString(); - if (!string.IsNullOrEmpty(headerValue)) - { - note += string.Format("
Header: {0}", HttpUtility.HtmlEncode(headerValue)); - } - if (!string.IsNullOrEmpty(footerValue)) - { - note += string.Format("
Footer: {0}", HttpUtility.HtmlEncode(footerValue)); - } - note += "< br />"; - - result.Notes.Add(note); + note += string.Format("
Header: {0}", HttpUtility.HtmlEncode(headerValue)); } - } - catch (Exception) - { - throw; - } + if (!string.IsNullOrEmpty(footerValue)) + { + note += string.Format("
Footer: {0}", HttpUtility.HtmlEncode(footerValue)); + } + note += "< br />"; + result.Notes.Add(note); + } return result; } } diff --git a/Components/Checks/CheckPasswordFormat.cs b/Components/Checks/CheckPasswordFormat.cs index e02c6f9..8998b14 100644 --- a/Components/Checks/CheckPasswordFormat.cs +++ b/Components/Checks/CheckPasswordFormat.cs @@ -1,7 +1,4 @@ -using System; -using System.Web; -using System.Web.UI; -using DotNetNuke.Security.Membership; +using DotNetNuke.Security.Membership; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -14,22 +11,15 @@ public class CheckPasswordFormat : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var format = MembershipProvider.Instance().PasswordFormat; + if (format == PasswordFormat.Hashed) { - var format = MembershipProvider.Instance().PasswordFormat; - if (format == PasswordFormat.Hashed) - { - result.Severity = SeverityEnum.Pass; - } - else - { - result.Notes.Add("Setting:" + format.ToString()); - result.Severity = SeverityEnum.Failure; - } + result.Severity = SeverityEnum.Pass; } - catch (Exception) + else { - throw; + result.Notes.Add("Setting:" + format.ToString()); + result.Severity = SeverityEnum.Failure; } return result; } diff --git a/Components/Checks/CheckRarelyUsedSuperuser.cs b/Components/Checks/CheckRarelyUsedSuperuser.cs index 9de4f72..30af2f3 100644 --- a/Components/Checks/CheckRarelyUsedSuperuser.cs +++ b/Components/Checks/CheckRarelyUsedSuperuser.cs @@ -1,6 +1,5 @@ using System; using DotNetNuke.Entities.Users; -using DotNetNuke.Security.Membership; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -13,26 +12,19 @@ public class CheckRarelyUsedSuperuser : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try - { - var totalRecords = 0; + var totalRecords = 0; - var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); - result.Severity = SeverityEnum.Pass; - foreach (UserInfo user in superUsers) + var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); + result.Severity = SeverityEnum.Pass; + foreach (UserInfo user in superUsers) + { + if (DateTime.Now.AddMonths(-6) > user.Membership.LastLoginDate || + DateTime.Now.AddMonths(-6) > user.Membership.LastActivityDate) { - if (DateTime.Now.AddMonths(-6) > user.Membership.LastLoginDate || - DateTime.Now.AddMonths(-6) > user.Membership.LastActivityDate) - { - result.Severity = SeverityEnum.Warning; - result.Notes.Add("Superuser:" + user.Username); - } + result.Severity = SeverityEnum.Warning; + result.Notes.Add("Superuser:" + user.Username); } } - catch (Exception) - { - throw; - } return result; } } diff --git a/Components/Checks/CheckSiteRegistration.cs b/Components/Checks/CheckSiteRegistration.cs index af1e46e..4133c45 100644 --- a/Components/Checks/CheckSiteRegistration.cs +++ b/Components/Checks/CheckSiteRegistration.cs @@ -1,5 +1,4 @@ -using System; -using DotNetNuke.Entities.Portals; +using DotNetNuke.Entities.Portals; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -12,25 +11,17 @@ public class CheckSiteRegistration : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var portalController = new PortalController(); + result.Severity = SeverityEnum.Pass; + foreach (PortalInfo portal in portalController.GetPortals()) { - var portalController = new PortalController(); - result.Severity = SeverityEnum.Pass; - foreach (PortalInfo portal in portalController.GetPortals()) + //check for public registration + if (portal.UserRegistration == 2) { - //check for public registration - if (portal.UserRegistration == 2) - { - result.Severity = SeverityEnum.Warning; - result.Notes.Add("Portal:" + portal.PortalName); - } + result.Severity = SeverityEnum.Warning; + result.Notes.Add("Portal:" + portal.PortalName); } } - catch (Exception) - { - throw; - } - return result; } } diff --git a/Components/Checks/CheckSqlRisk.cs b/Components/Checks/CheckSqlRisk.cs index 43577df..e989b1b 100644 --- a/Components/Checks/CheckSqlRisk.cs +++ b/Components/Checks/CheckSqlRisk.cs @@ -1,7 +1,6 @@ using System.Collections.Generic; using System.Data.SqlClient; using System.IO; -using System.Resources; using DotNetNuke.Common; using DotNetNuke.Data; using DotNetNuke.Services.Localization; diff --git a/Components/Checks/CheckSuperuserOldPassword.cs b/Components/Checks/CheckSuperuserOldPassword.cs index bb46e04..fb6f3de 100644 --- a/Components/Checks/CheckSuperuserOldPassword.cs +++ b/Components/Checks/CheckSuperuserOldPassword.cs @@ -12,25 +12,17 @@ public class CheckSuperuserOldPassword : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var totalRecords = 0; + var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); + result.Severity = SeverityEnum.Pass; + foreach (UserInfo user in superUsers) { - var totalRecords = 0; - - var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); - result.Severity = SeverityEnum.Pass; - foreach (UserInfo user in superUsers) + if (DateTime.Now.AddMonths(-6) > user.Membership.LastPasswordChangeDate) { - if (DateTime.Now.AddMonths(-6) > user.Membership.LastPasswordChangeDate) - { - result.Severity = SeverityEnum.Warning; - result.Notes.Add("Superuser:" + user.Username); - } + result.Severity = SeverityEnum.Warning; + result.Notes.Add("Superuser:" + user.Username); } } - catch (Exception) - { - throw; - } return result; } } diff --git a/Components/FeatureController.cs b/Components/FeatureController.cs index 198c40c..0744d8d 100644 --- a/Components/FeatureController.cs +++ b/Components/FeatureController.cs @@ -8,7 +8,6 @@ using DotNetNuke.Entities.Tabs; using DotNetNuke.Security; using DotNetNuke.Security.Permissions; -using DotNetNuke.Services.Upgrade; namespace DNN.Modules.SecurityAnalyzer.Components { diff --git a/Components/Utility.cs b/Components/Utility.cs index f167a94..bba0f01 100644 --- a/Components/Utility.cs +++ b/Components/Utility.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using System.Configuration; using System.Globalization; using System.IO; using System.Linq; diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 825d0e2..0640bd6 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -14,7 +14,7 @@
  • Version 8.1.0 - Fix for critical issue 2017-08.
  • Version 8.1.1 - Auto add Telerik key and better error handling.
  • Version 8.1.3 - Updated latest Telerik patch check.
    • -
  • Version 8.1.4 - Check app setting for Telerik skins assembly.
    • +
  • Version 8.1.4 - Check app setting for Telerik skins assembly. Added manual check button for some checks.

    • diff --git a/View.ascx.cs b/View.ascx.cs index 541ba88..ea76645 100644 --- a/View.ascx.cs +++ b/View.ascx.cs @@ -212,22 +212,14 @@ public string DisplayFriendlyName(string reason) public string DisplayNotes(IList notes) { - try + if (notes != null) { - if (notes != null) + if (notes.Count == 0) { - if (notes.Count == 0) - { - return "N/A"; - } - return notes.Aggregate(string.Empty, (current, note) => current + note + "
    "); + return "N/A"; } + return notes.Aggregate(string.Empty, (current, note) => current + note + "
    "); } - catch (Exception) - { - throw; - } - return "N/A"; }