From aea299635ec3556dacfbc34d087af865000184a1 Mon Sep 17 00:00:00 2001 From: George Alatrash Date: Thu, 2 Nov 2017 10:54:51 -0700 Subject: [PATCH] Removed unnecessary exceptions re-throws (were causing warnings in source scanning tool). Added another text to release changes. --- .../Checks/CheckAllowableFileExtensions.cs | 26 +++------- Components/Checks/CheckBiography.cs | 30 ++++------- Components/Checks/CheckDefaultPage.cs | 40 ++++++--------- Components/Checks/CheckHiddenSystemFiles.cs | 24 +++------ Components/Checks/CheckHttpModules.cs | 3 +- .../Checks/CheckModuleHeaderAndFooter.cs | 50 +++++++------------ Components/Checks/CheckPasswordFormat.cs | 24 +++------ Components/Checks/CheckRarelyUsedSuperuser.cs | 26 ++++------ Components/Checks/CheckSiteRegistration.cs | 25 +++------- Components/Checks/CheckSqlRisk.cs | 1 - .../Checks/CheckSuperuserOldPassword.cs | 22 +++----- Components/FeatureController.cs | 1 - Components/Utility.cs | 1 - ReleaseNotes.txt | 2 +- View.ascx.cs | 16 ++---- 15 files changed, 96 insertions(+), 195 deletions(-) diff --git a/Components/Checks/CheckAllowableFileExtensions.cs b/Components/Checks/CheckAllowableFileExtensions.cs index e480ee9..37fd548 100644 --- a/Components/Checks/CheckAllowableFileExtensions.cs +++ b/Components/Checks/CheckAllowableFileExtensions.cs @@ -1,7 +1,4 @@ -using System; -using System.Web; -using DotNetNuke.Entities.Controllers; -using DotNetNuke.Entities.Host; +using DotNetNuke.Entities.Controllers; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -15,23 +12,16 @@ public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); var allowedExtensions = new FileExtensionWhitelist(HostController.Instance.GetString("FileExtensions")); - try + if (allowedExtensions.IsAllowedExtension("asp") + || allowedExtensions.IsAllowedExtension("aspx") + || allowedExtensions.IsAllowedExtension("php")) { - if (allowedExtensions.IsAllowedExtension("asp") - || allowedExtensions.IsAllowedExtension("aspx") - || allowedExtensions.IsAllowedExtension("php")) - { - result.Severity = SeverityEnum.Failure; - result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString()); - } - else - { - result.Severity = SeverityEnum.Pass; - } + result.Severity = SeverityEnum.Failure; + result.Notes.Add("Extensions: " + allowedExtensions.ToDisplayString()); } - catch (Exception) + else { - throw; + result.Severity = SeverityEnum.Pass; } return result; } diff --git a/Components/Checks/CheckBiography.cs b/Components/Checks/CheckBiography.cs index ab2ae58..f1a7a98 100644 --- a/Components/Checks/CheckBiography.cs +++ b/Components/Checks/CheckBiography.cs @@ -1,5 +1,4 @@ -using System; -using DotNetNuke.Common.Lists; +using DotNetNuke.Common.Lists; using DotNetNuke.Entities.Portals; using DotNetNuke.Entities.Profile; @@ -14,27 +13,20 @@ public class CheckBiography : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try - { - var portalController = new PortalController(); - var controller = new ListController(); + var portalController = new PortalController(); + var controller = new ListController(); - var richTextDataType = controller.GetListEntryInfo("DataType", "RichText"); - result.Severity = SeverityEnum.Pass; - foreach (PortalInfo portal in portalController.GetPortals()) + var richTextDataType = controller.GetListEntryInfo("DataType", "RichText"); + result.Severity = SeverityEnum.Pass; + foreach (PortalInfo portal in portalController.GetPortals()) + { + var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography"); + if (pd != null && pd.DataType == richTextDataType.EntryID) { - var pd = ProfileController.GetPropertyDefinitionByName(portal.PortalID, "Biography"); - if (pd != null && pd.DataType == richTextDataType.EntryID) - { - result.Severity = SeverityEnum.Failure; - result.Notes.Add("Portal:" + portal.PortalName); - } + result.Severity = SeverityEnum.Failure; + result.Notes.Add("Portal:" + portal.PortalName); } } - catch (Exception) - { - throw; - } return result; } } diff --git a/Components/Checks/CheckDefaultPage.cs b/Components/Checks/CheckDefaultPage.cs index 4b6692f..e762817 100644 --- a/Components/Checks/CheckDefaultPage.cs +++ b/Components/Checks/CheckDefaultPage.cs @@ -1,8 +1,5 @@ -using System; -using System.Collections; -using System.Collections.Generic; +using System.Collections.Generic; using System.IO; -using System.Linq; using System.Xml; using DotNetNuke.Application; using DotNetNuke.Common; @@ -18,38 +15,31 @@ public class CheckDefaultPage : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + IList modifiedFiles; + var fileModified = CheckDefaultPageModified(out modifiedFiles); + if (fileModified) { - IList modifiedFiles; - var fileModified = CheckDefaultPageModified(out modifiedFiles); - if (fileModified) + if (modifiedFiles.Count == 0) { - if (modifiedFiles.Count == 0) + if (DotNetNukeContext.Current.Application.Version.Major > 6) { - if (DotNetNukeContext.Current.Application.Version.Major > 6) - { - result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version."); - } - else - { - fileModified = false; - } + result.Notes.Add("There is no data available about your current installation, please upgrade this module to it's latest version."); } - - result.Severity = SeverityEnum.Failure; - foreach (var filename in modifiedFiles) + else { - result.Notes.Add("file:" + filename); + fileModified = false; } } - else + + result.Severity = SeverityEnum.Failure; + foreach (var filename in modifiedFiles) { - result.Severity = SeverityEnum.Pass; + result.Notes.Add("file:" + filename); } } - catch (Exception) + else { - throw; + result.Severity = SeverityEnum.Pass; } return result; } diff --git a/Components/Checks/CheckHiddenSystemFiles.cs b/Components/Checks/CheckHiddenSystemFiles.cs index 4275ff3..cb03dd3 100644 --- a/Components/Checks/CheckHiddenSystemFiles.cs +++ b/Components/Checks/CheckHiddenSystemFiles.cs @@ -1,5 +1,4 @@ -using System; -using System.Linq; +using System.Linq; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -12,25 +11,18 @@ public class CheckHiddenSystemFiles : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var investigatefiles = Utility.FineHiddenSystemFiles(); + if (investigatefiles.Any()) { - var investigatefiles = Utility.FineHiddenSystemFiles(); - if (investigatefiles.Any()) + result.Severity = SeverityEnum.Failure; + foreach (var filename in investigatefiles) { - result.Severity = SeverityEnum.Failure; - foreach (var filename in investigatefiles) - { - result.Notes.Add("file:" + filename); - } - } - else - { - result.Severity = SeverityEnum.Pass; + result.Notes.Add("file:" + filename); } } - catch (Exception) + else { - throw; + result.Severity = SeverityEnum.Pass; } return result; } diff --git a/Components/Checks/CheckHttpModules.cs b/Components/Checks/CheckHttpModules.cs index bca1cb5..2e03c63 100644 --- a/Components/Checks/CheckHttpModules.cs +++ b/Components/Checks/CheckHttpModules.cs @@ -1,5 +1,4 @@ -using System.Web; -using DNN.Modules.SecurityAnalyzer.HttpModules; +using DNN.Modules.SecurityAnalyzer.HttpModules; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { diff --git a/Components/Checks/CheckModuleHeaderAndFooter.cs b/Components/Checks/CheckModuleHeaderAndFooter.cs index d33116a..f31404b 100644 --- a/Components/Checks/CheckModuleHeaderAndFooter.cs +++ b/Components/Checks/CheckModuleHeaderAndFooter.cs @@ -1,12 +1,4 @@ -using System; -using System.Collections; -using System.Collections.Generic; -using System.IO; -using System.Linq; -using System.Web; -using System.Xml; -using DotNetNuke.Application; -using DotNetNuke.Common; +using System.Web; using DotNetNuke.Data; namespace DNN.Modules.SecurityAnalyzer.Components.Checks @@ -20,34 +12,26 @@ public class CheckModuleHeaderAndFooter : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter"); + result.Severity = SeverityEnum.Pass; + while (dr.Read()) { - var dr = DataProvider.Instance().ExecuteReader("SecurityAnalyzer_GetModulesHasHeaderFooter"); - result.Severity = SeverityEnum.Pass; - while (dr.Read()) + result.Severity = SeverityEnum.Warning; + var note = string.Format("TabId: {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]); + var headerValue = dr["Header"].ToString(); + var footerValue = dr["Footer"].ToString(); + if (!string.IsNullOrEmpty(headerValue)) { - result.Severity = SeverityEnum.Warning; - var note = string.Format("TabId: {0}, Module Id: {1}", dr["TabId"], dr["ModuleId"]); - var headerValue = dr["Header"].ToString(); - var footerValue = dr["Footer"].ToString(); - if (!string.IsNullOrEmpty(headerValue)) - { - note += string.Format("
Header: {0}", HttpUtility.HtmlEncode(headerValue)); - } - if (!string.IsNullOrEmpty(footerValue)) - { - note += string.Format("
Footer: {0}", HttpUtility.HtmlEncode(footerValue)); - } - note += "< br />"; - - result.Notes.Add(note); + note += string.Format("
Header: {0}", HttpUtility.HtmlEncode(headerValue)); } - } - catch (Exception) - { - throw; - } + if (!string.IsNullOrEmpty(footerValue)) + { + note += string.Format("
Footer: {0}", HttpUtility.HtmlEncode(footerValue)); + } + note += "< br />"; + result.Notes.Add(note); + } return result; } } diff --git a/Components/Checks/CheckPasswordFormat.cs b/Components/Checks/CheckPasswordFormat.cs index e02c6f9..8998b14 100644 --- a/Components/Checks/CheckPasswordFormat.cs +++ b/Components/Checks/CheckPasswordFormat.cs @@ -1,7 +1,4 @@ -using System; -using System.Web; -using System.Web.UI; -using DotNetNuke.Security.Membership; +using DotNetNuke.Security.Membership; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -14,22 +11,15 @@ public class CheckPasswordFormat : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var format = MembershipProvider.Instance().PasswordFormat; + if (format == PasswordFormat.Hashed) { - var format = MembershipProvider.Instance().PasswordFormat; - if (format == PasswordFormat.Hashed) - { - result.Severity = SeverityEnum.Pass; - } - else - { - result.Notes.Add("Setting:" + format.ToString()); - result.Severity = SeverityEnum.Failure; - } + result.Severity = SeverityEnum.Pass; } - catch (Exception) + else { - throw; + result.Notes.Add("Setting:" + format.ToString()); + result.Severity = SeverityEnum.Failure; } return result; } diff --git a/Components/Checks/CheckRarelyUsedSuperuser.cs b/Components/Checks/CheckRarelyUsedSuperuser.cs index 9de4f72..30af2f3 100644 --- a/Components/Checks/CheckRarelyUsedSuperuser.cs +++ b/Components/Checks/CheckRarelyUsedSuperuser.cs @@ -1,6 +1,5 @@ using System; using DotNetNuke.Entities.Users; -using DotNetNuke.Security.Membership; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -13,26 +12,19 @@ public class CheckRarelyUsedSuperuser : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try - { - var totalRecords = 0; + var totalRecords = 0; - var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); - result.Severity = SeverityEnum.Pass; - foreach (UserInfo user in superUsers) + var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); + result.Severity = SeverityEnum.Pass; + foreach (UserInfo user in superUsers) + { + if (DateTime.Now.AddMonths(-6) > user.Membership.LastLoginDate || + DateTime.Now.AddMonths(-6) > user.Membership.LastActivityDate) { - if (DateTime.Now.AddMonths(-6) > user.Membership.LastLoginDate || - DateTime.Now.AddMonths(-6) > user.Membership.LastActivityDate) - { - result.Severity = SeverityEnum.Warning; - result.Notes.Add("Superuser:" + user.Username); - } + result.Severity = SeverityEnum.Warning; + result.Notes.Add("Superuser:" + user.Username); } } - catch (Exception) - { - throw; - } return result; } } diff --git a/Components/Checks/CheckSiteRegistration.cs b/Components/Checks/CheckSiteRegistration.cs index af1e46e..4133c45 100644 --- a/Components/Checks/CheckSiteRegistration.cs +++ b/Components/Checks/CheckSiteRegistration.cs @@ -1,5 +1,4 @@ -using System; -using DotNetNuke.Entities.Portals; +using DotNetNuke.Entities.Portals; namespace DNN.Modules.SecurityAnalyzer.Components.Checks { @@ -12,25 +11,17 @@ public class CheckSiteRegistration : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var portalController = new PortalController(); + result.Severity = SeverityEnum.Pass; + foreach (PortalInfo portal in portalController.GetPortals()) { - var portalController = new PortalController(); - result.Severity = SeverityEnum.Pass; - foreach (PortalInfo portal in portalController.GetPortals()) + //check for public registration + if (portal.UserRegistration == 2) { - //check for public registration - if (portal.UserRegistration == 2) - { - result.Severity = SeverityEnum.Warning; - result.Notes.Add("Portal:" + portal.PortalName); - } + result.Severity = SeverityEnum.Warning; + result.Notes.Add("Portal:" + portal.PortalName); } } - catch (Exception) - { - throw; - } - return result; } } diff --git a/Components/Checks/CheckSqlRisk.cs b/Components/Checks/CheckSqlRisk.cs index 43577df..e989b1b 100644 --- a/Components/Checks/CheckSqlRisk.cs +++ b/Components/Checks/CheckSqlRisk.cs @@ -1,7 +1,6 @@ using System.Collections.Generic; using System.Data.SqlClient; using System.IO; -using System.Resources; using DotNetNuke.Common; using DotNetNuke.Data; using DotNetNuke.Services.Localization; diff --git a/Components/Checks/CheckSuperuserOldPassword.cs b/Components/Checks/CheckSuperuserOldPassword.cs index bb46e04..fb6f3de 100644 --- a/Components/Checks/CheckSuperuserOldPassword.cs +++ b/Components/Checks/CheckSuperuserOldPassword.cs @@ -12,25 +12,17 @@ public class CheckSuperuserOldPassword : IAuditCheck public CheckResult Execute() { var result = new CheckResult(SeverityEnum.Unverified, Id); - try + var totalRecords = 0; + var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); + result.Severity = SeverityEnum.Pass; + foreach (UserInfo user in superUsers) { - var totalRecords = 0; - - var superUsers = UserController.GetUsers(-1, 1, int.MaxValue, ref totalRecords, false, true); - result.Severity = SeverityEnum.Pass; - foreach (UserInfo user in superUsers) + if (DateTime.Now.AddMonths(-6) > user.Membership.LastPasswordChangeDate) { - if (DateTime.Now.AddMonths(-6) > user.Membership.LastPasswordChangeDate) - { - result.Severity = SeverityEnum.Warning; - result.Notes.Add("Superuser:" + user.Username); - } + result.Severity = SeverityEnum.Warning; + result.Notes.Add("Superuser:" + user.Username); } } - catch (Exception) - { - throw; - } return result; } } diff --git a/Components/FeatureController.cs b/Components/FeatureController.cs index 198c40c..0744d8d 100644 --- a/Components/FeatureController.cs +++ b/Components/FeatureController.cs @@ -8,7 +8,6 @@ using DotNetNuke.Entities.Tabs; using DotNetNuke.Security; using DotNetNuke.Security.Permissions; -using DotNetNuke.Services.Upgrade; namespace DNN.Modules.SecurityAnalyzer.Components { diff --git a/Components/Utility.cs b/Components/Utility.cs index f167a94..bba0f01 100644 --- a/Components/Utility.cs +++ b/Components/Utility.cs @@ -1,6 +1,5 @@ using System; using System.Collections.Generic; -using System.Configuration; using System.Globalization; using System.IO; using System.Linq; diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 825d0e2..0640bd6 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -14,7 +14,7 @@
  • Version 8.1.0 - Fix for critical issue 2017-08.
  • Version 8.1.1 - Auto add Telerik key and better error handling.
  • Version 8.1.3 - Updated latest Telerik patch check.
    • -
  • Version 8.1.4 - Check app setting for Telerik skins assembly.
    • +
  • Version 8.1.4 - Check app setting for Telerik skins assembly. Added manual check button for some checks.

    • diff --git a/View.ascx.cs b/View.ascx.cs index 541ba88..ea76645 100644 --- a/View.ascx.cs +++ b/View.ascx.cs @@ -212,22 +212,14 @@ public string DisplayFriendlyName(string reason) public string DisplayNotes(IList notes) { - try + if (notes != null) { - if (notes != null) + if (notes.Count == 0) { - if (notes.Count == 0) - { - return "N/A"; - } - return notes.Aggregate(string.Empty, (current, note) => current + note + "
    "); + return "N/A"; } + return notes.Aggregate(string.Empty, (current, note) => current + note + "
    "); } - catch (Exception) - { - throw; - } - return "N/A"; }