Skip to content
This repository has been archived by the owner on Feb 12, 2019. It is now read-only.

Commit

Permalink
Removed unnecessary exceptions re-throws (were causing warnings in so…
Browse files Browse the repository at this point in the history 
…urce scanning tool). Added another text to release changes.
  • Loading branch information
@galatrash
galatrash committed Nov 2, 2017
1 parent 5cad3ae commit aea2996
Show file tree
Hide file tree
Showing 15 changed files with 96 additions and 195 deletions.
26 changes: 8 additions & 18 deletions Components/Checks/CheckAllowableFileExtensions.cs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
using System;
using System.Web;
using DotNetNuke.Entities.Controllers;
using DotNetNuke.Entities.Host;
using DotNetNuke.Entities.Controllers;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
Expand All @@ -15,23 +12,16 @@ public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
var allowedExtensions = new FileExtensionWhitelist(HostController.Instance.GetString("FileExtensions"));
try
if (allowedExtensions.IsAllowedExtension("asp")
|| allowedExtensions.IsAllowedExtension("aspx")
|| allowedExtensions.IsAllowedExtension("php"))
{
if (allowedExtensions.IsAllowedExtension("asp")
|| allowedExtensions.IsAllowedExtension("aspx")
|| allowedExtensions.IsAllowedExtension("php"))
{
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString());
}
else
{
result.Severity = SeverityEnum.Pass;
}
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString());
}
catch (Exception)
else
{
throw;
result.Severity = SeverityEnum.Pass;
}
return result;
}
Expand Down
30 changes: 11 additions & 19 deletions Components/Checks/CheckBiography.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using DotNetNuke.Common.Lists;
using DotNetNuke.Common.Lists;
using DotNetNuke.Entities.Portals;
using DotNetNuke.Entities.Profile;

Expand All @@ -14,27 +13,20 @@ public class CheckBiography : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
{
var portalController = new PortalController();
var controller = new ListController();
var portalController = new PortalController();
var controller = new ListController();

var richTextDataType = controller.GetListEntryInfo("DataType", "RichText");
result.Severity = SeverityEnum.Pass;
foreach (PortalInfo portal in portalController.GetPortals())
var richTextDataType = controller.GetListEntryInfo("DataType", "RichText");
result.Severity = SeverityEnum.Pass;
foreach (PortalInfo portal in portalController.GetPortals())
{
var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography");
if (pd != null && pd.DataType == richTextDataType.EntryID)
{
var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography");
if (pd != null && pd.DataType == richTextDataType.EntryID)
{
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Portal:" + portal.PortalName);
}
result.Severity = SeverityEnum.Failure;
result.Notes.Add("Portal:" + portal.PortalName);
}
}
catch (Exception)
{
throw;
}
return result;
}
}
Expand Down
40 changes: 15 additions & 25 deletions Components/Checks/CheckDefaultPage.cs
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Xml;
using DotNetNuke.Application;
using DotNetNuke.Common;
Expand All @@ -18,38 +15,31 @@ public class CheckDefaultPage : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
IList<string> modifiedFiles;
var fileModified = CheckDefaultPageModified(out modifiedFiles);
if (fileModified)
{
IList<string> modifiedFiles;
var fileModified = CheckDefaultPageModified(out modifiedFiles);
if (fileModified)
if (modifiedFiles.Count == 0)
{
if (modifiedFiles.Count == 0)
if (DotNetNukeContext.Current.Application.Version.Major > 6)
{
if (DotNetNukeContext.Current.Application.Version.Major > 6)
{
result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version.");
}
else
{
fileModified = false;
}
result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version.");
}

result.Severity = SeverityEnum.Failure;
foreach (var filename in modifiedFiles)
else
{
result.Notes.Add("file:" + filename);
fileModified = false;
}
}
else

result.Severity = SeverityEnum.Failure;
foreach (var filename in modifiedFiles)
{
result.Severity = SeverityEnum.Pass;
result.Notes.Add("file:" + filename);
}
}
catch (Exception)
else
{
throw;
result.Severity = SeverityEnum.Pass;
}
return result;
}
Expand Down
24 changes: 8 additions & 16 deletions Components/Checks/CheckHiddenSystemFiles.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using System.Linq;
using System.Linq;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
Expand All @@ -12,25 +11,18 @@ public class CheckHiddenSystemFiles : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
var investigatefiles = Utility.FineHiddenSystemFiles();
if (investigatefiles.Any())
{
var investigatefiles = Utility.FineHiddenSystemFiles();
if (investigatefiles.Any())
result.Severity = SeverityEnum.Failure;
foreach (var filename in investigatefiles)
{
result.Severity = SeverityEnum.Failure;
foreach (var filename in investigatefiles)
{
result.Notes.Add("file:" + filename);
}
}
else
{
result.Severity = SeverityEnum.Pass;
result.Notes.Add("file:" + filename);
}
}
catch (Exception)
else
{
throw;
result.Severity = SeverityEnum.Pass;
}
return result;
}
Expand Down
3 changes: 1 addition & 2 deletions Components/Checks/CheckHttpModules.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System.Web;
using DNN.Modules.SecurityAnalyzer.HttpModules;
using DNN.Modules.SecurityAnalyzer.HttpModules;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
Expand Down
50 changes: 17 additions & 33 deletions Components/Checks/CheckModuleHeaderAndFooter.cs
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,4 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Web;
using System.Xml;
using DotNetNuke.Application;
using DotNetNuke.Common;
using System.Web;
using DotNetNuke.Data;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
Expand All @@ -20,34 +12,26 @@ public class CheckModuleHeaderAndFooter : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter");
result.Severity = SeverityEnum.Pass;
while (dr.Read())
{
var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter");
result.Severity = SeverityEnum.Pass;
while (dr.Read())
result.Severity = SeverityEnum.Warning;
var note = string.Format("<b>TabId:</b> {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]);
var headerValue = dr["Header"].ToString();
var footerValue = dr["Footer"].ToString();
if (!string.IsNullOrEmpty(headerValue))
{
result.Severity = SeverityEnum.Warning;
var note = string.Format("<b>TabId:</b> {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]);
var headerValue = dr["Header"].ToString();
var footerValue = dr["Footer"].ToString();
if (!string.IsNullOrEmpty(headerValue))
{
note += string.Format("<br />Header: {0}", HttpUtility.HtmlEncode(headerValue));
}
if (!string.IsNullOrEmpty(footerValue))
{
note += string.Format("<br />Footer: {0}", HttpUtility.HtmlEncode(footerValue));
}
note += "< br />";

result.Notes.Add(note);
note += string.Format("<br />Header: {0}", HttpUtility.HtmlEncode(headerValue));
}
}
catch (Exception)
{
throw;
}
if (!string.IsNullOrEmpty(footerValue))
{
note += string.Format("<br />Footer: {0}", HttpUtility.HtmlEncode(footerValue));
}
note += "< br />";

result.Notes.Add(note);
}
return result;
}
}
Expand Down
24 changes: 7 additions & 17 deletions Components/Checks/CheckPasswordFormat.cs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,4 @@
using System;
using System.Web;
using System.Web.UI;
using DotNetNuke.Security.Membership;
using DotNetNuke.Security.Membership;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
Expand All @@ -14,22 +11,15 @@ public class CheckPasswordFormat : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
var format = MembershipProvider.Instance().PasswordFormat;
if (format == PasswordFormat.Hashed)
{
var format = MembershipProvider.Instance().PasswordFormat;
if (format == PasswordFormat.Hashed)
{
result.Severity = SeverityEnum.Pass;
}
else
{
result.Notes.Add("Setting:" + format.ToString());
result.Severity = SeverityEnum.Failure;
}
result.Severity = SeverityEnum.Pass;
}
catch (Exception)
else
{
throw;
result.Notes.Add("Setting:" + format.ToString());
result.Severity = SeverityEnum.Failure;
}
return result;
}
Expand Down
26 changes: 9 additions & 17 deletions Components/Checks/CheckRarelyUsedSuperuser.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
using System;
using DotNetNuke.Entities.Users;
using DotNetNuke.Security.Membership;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
Expand All @@ -13,26 +12,19 @@ public class CheckRarelyUsedSuperuser : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
{
var totalRecords = 0;
var totalRecords = 0;

var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true);
result.Severity = SeverityEnum.Pass;
foreach (UserInfo user in superUsers)
var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true);
result.Severity = SeverityEnum.Pass;
foreach (UserInfo user in superUsers)
{
if (DateTime.Now.AddMonths(-6) > user.Membership.LastLoginDate ||
DateTime.Now.AddMonths(-6) > user.Membership.LastActivityDate)
{
if (DateTime.Now.AddMonths(-6) > user.Membership.LastLoginDate ||
DateTime.Now.AddMonths(-6) > user.Membership.LastActivityDate)
{
result.Severity = SeverityEnum.Warning;
result.Notes.Add("Superuser:" + user.Username);
}
result.Severity = SeverityEnum.Warning;
result.Notes.Add("Superuser:" + user.Username);
}
}
catch (Exception)
{
throw;
}
return result;
}
}
Expand Down
25 changes: 8 additions & 17 deletions Components/Checks/CheckSiteRegistration.cs
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using DotNetNuke.Entities.Portals;
using DotNetNuke.Entities.Portals;

namespace DNN.Modules.SecurityAnalyzer.Components.Checks
{
Expand All @@ -12,25 +11,17 @@ public class CheckSiteRegistration : IAuditCheck
public CheckResult Execute()
{
var result = new CheckResult(SeverityEnum.Unverified, Id);
try
var portalController = new PortalController();
result.Severity = SeverityEnum.Pass;
foreach (PortalInfo portal in portalController.GetPortals())
{
var portalController = new PortalController();
result.Severity = SeverityEnum.Pass;
foreach (PortalInfo portal in portalController.GetPortals())
//check for public registration
if (portal.UserRegistration == 2)
{
//check for public registration
if (portal.UserRegistration == 2)
{
result.Severity = SeverityEnum.Warning;
result.Notes.Add("Portal:" + portal.PortalName);
}
result.Severity = SeverityEnum.Warning;
result.Notes.Add("Portal:" + portal.PortalName);
}
}
catch (Exception)
{
throw;
}

return result;
}
}
Expand Down
1 change: 0 additions & 1 deletion Components/Checks/CheckSqlRisk.cs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
using System.Collections.Generic;
using System.Data.SqlClient;
using System.IO;
using System.Resources;
using DotNetNuke.Common;
using DotNetNuke.Data;
using DotNetNuke.Services.Localization;
Expand Down
Loading

0 comments on commit aea2996

Please sign in to comment.