diff --git a/roles/lib/files/FWO.Basics/StringExtensionsSanitizer.cs b/roles/lib/files/FWO.Basics/StringExtensionsSanitizer.cs index 943f0664f6..fb7dd96ea5 100644 --- a/roles/lib/files/FWO.Basics/StringExtensionsSanitizer.cs +++ b/roles/lib/files/FWO.Basics/StringExtensionsSanitizer.cs @@ -1,13 +1,19 @@ using System.Text.RegularExpressions; +using Microsoft.AspNetCore.Mvc; namespace FWO.Basics { public static partial class StringExtensions { - public static string SanitizeMand(this string text) + public static string SanitizeMand(this string text, bool containsLdapDn = false) { bool shortened = false; - string output = SanitizeMand(text, ref shortened); + + string output = ""; + if (containsLdapDn) + output = SanitizeLdapPathMand(text, ref shortened); + else + output = SanitizeMand(text, ref shortened); return output; } diff --git a/roles/lib/files/FWO.Logging/Log.cs b/roles/lib/files/FWO.Logging/Log.cs index 3503b92f77..b4fb7d8de7 100644 --- a/roles/lib/files/FWO.Logging/Log.cs +++ b/roles/lib/files/FWO.Logging/Log.cs @@ -64,20 +64,17 @@ static Log() await writer.WriteLineAsync("GRANTED"); } // RELEASED - lock was released by log swap process - else if (lockFileContent.EndsWith("RELEASED")) + // only release lock if it was formerly requested by us + else if (lockFileContent.EndsWith("RELEASED") && logOwnedByExternal) { - // only release lock if it was formerly requested by us - if (logOwnedByExternal) - { - stopwatch.Reset(); - semaphore.Release(); - logOwnedByExternal = false; - } + stopwatch.Reset(); + semaphore.Release(); + logOwnedByExternal = false; } } catch (Exception) { - //WriteError("Log file locking", "Error while accessing log lock file.", e); + // ignore exceptions } await Task.Delay(1000); } @@ -101,22 +98,22 @@ private static async Task GetFile(string path) } [Conditional("DEBUG")] - public static void WriteDebug(string Title, string Text, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteDebug(string Title, string Text, bool containsLdapDn = false, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { - WriteLog("Debug", Title, Text, callerName, callerFile, callerLineNumber, ConsoleColor.White); + WriteLog("Debug", Title, Text, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.White); } - public static void WriteInfo(string Title, string Text, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteInfo(string Title, string Text, bool containsLdapDn = false, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { - WriteLog("Info", Title, Text, callerName, callerFile, callerLineNumber, ConsoleColor.Cyan); + WriteLog("Info", Title, Text, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.Cyan); } - public static void WriteWarning(string Title, string Text, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteWarning(string Title, string Text, bool containsLdapDn = false, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { - WriteLog("Warning", Title, Text, callerName, callerFile, callerLineNumber, ConsoleColor.DarkYellow); + WriteLog("Warning", Title, Text, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.DarkYellow); } - public static void WriteError(string Title, string? Text = null, Exception? Error = null, string? User = null, string? Role = null, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteError(string Title, string? Text = null, Exception? Error = null, string? User = null, string? Role = null, bool containsLdapDn = false, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { string DisplayText = (User != null ? $"User: {User}, " : "") + @@ -129,10 +126,10 @@ public static void WriteError(string Title, string? Text = null, Exception? Erro $"Stack Trace: \n {Error?.StackTrace?.TrimStart()}" : ""); - WriteLog("Error", Title, DisplayText, callerName, callerFile, callerLineNumber, ConsoleColor.Red); + WriteLog("Error", Title, DisplayText, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.Red); } - public static void WriteError(string Title, string Text, bool LogStackTrace, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteError(string Title, string Text, bool LogStackTrace, bool containsLdapDn = false, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { string DisplayText = (Text != null ? @@ -143,7 +140,7 @@ public static void WriteError(string Title, string Text, bool LogStackTrace, [Ca $"Stack Trace: \n {Environment.StackTrace}" : ""); - WriteLog("Error", Title, DisplayText, callerName, callerFile, callerLineNumber, ConsoleColor.Red); + WriteLog("Error", Title, DisplayText, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.Red); } /// @@ -152,18 +149,19 @@ public static void WriteError(string Title, string Text, bool LogStackTrace, [Ca /// /// The title of the audit log entry. /// The content of the audit log entry. + /// The audit log entry contains ldap DN data so, do not strip ldap dn delimters (,/=). /// Whether to append a separator line to the log entry. Default is true. /// The name of the calling method (automatically supplied). /// The file path of the calling method (automatically supplied). /// The line number in the source file at which the method is called (automatically supplied). - public static void WriteAudit(string Title, string Text, bool WithSeparatorLine = true, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteAudit(string Title, string Text, bool WithSeparatorLine = true, bool containsLdapDn = true, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { if (WithSeparatorLine) { Text += $"{Environment.NewLine}----{Environment.NewLine}"; } - WriteLog("Audit", Title, Text, callerName, callerFile, callerLineNumber, ConsoleColor.Yellow); + WriteLog("Audit", Title, Text, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.Yellow); } /// @@ -172,13 +170,14 @@ public static void WriteAudit(string Title, string Text, bool WithSeparatorLine /// /// The title of the audit log entry. /// The content of the audit log entry. + /// The audit log entry contains ldap DN data so, do not strip ldap dn delimters (,/=). /// The name of the user performing the action. /// The distinguished name (DN) of the user. /// Whether to append a separator line to the log entry. Default is true. /// The name of the calling method (automatically supplied). /// The file path of the calling method (automatically supplied). /// The line number in the source file at which the method is called (automatically supplied). - public static void WriteAudit(string Title, string Text, string UserName, string UserDN, bool WithSeparatorLine = true, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) + public static void WriteAudit(string Title, string Text, string UserName, string UserDN, bool WithSeparatorLine = true, bool containsLdapDn = false, [CallerMemberName] string callerName = "", [CallerFilePath] string callerFile = "", [CallerLineNumber] int callerLineNumber = 0) { if (!string.IsNullOrEmpty(UserName)) { @@ -195,13 +194,13 @@ public static void WriteAudit(string Title, string Text, string UserName, string Text += $"{Environment.NewLine}----{Environment.NewLine}"; } - WriteLog("Audit", Title, Text, callerName, callerFile, callerLineNumber, ConsoleColor.Yellow); + WriteLog("Audit", Title, Text, containsLdapDn, callerName, callerFile, callerLineNumber, ConsoleColor.Yellow); } - private static void WriteLog(string LogType, string Title, string Text, string Method, string Path, int Line, ConsoleColor? ForegroundColor = null, ConsoleColor? BackgroundColor = null) + private static void WriteLog(string LogType, string Title, string Text, bool containsLdapDn, string Method, string Path, int Line, ConsoleColor? ForegroundColor = null, ConsoleColor? BackgroundColor = null) { string File = Path.Split('\\', '/').Last(); // do not show the full file path, just the basename - WriteInColor($"{DateTime.Now.ToString("yyyy-MM-ddTHH:mm:sszzz")} {LogType} - {Title} ({File} in line {Line}), {Text}", ForegroundColor, BackgroundColor); + WriteInColor($"{DateTime.Now.ToString("yyyy-MM-ddTHH:mm:sszzz")} {LogType} - {Title} ({File} in line {Line}), {Text}", ForegroundColor, BackgroundColor, containsLdapDn); } public static void WriteAlert(string Title, string Text) @@ -210,18 +209,18 @@ public static void WriteAlert(string Title, string Text) WriteInColor($"FWORCHAlert - {Title}, {Text}"); } - private static void WriteInColor(string Text, ConsoleColor? ForegroundColor = null, ConsoleColor? BackgroundColor = null) + private static void WriteInColor(string Text, ConsoleColor? ForegroundColor = null, ConsoleColor? BackgroundColor = null, bool containsLdapDn = false) { semaphore.Wait(); if (ForegroundColor != null) Console.ForegroundColor = (ConsoleColor)ForegroundColor; if (BackgroundColor != null) Console.BackgroundColor = (ConsoleColor)BackgroundColor; - Console.Out.WriteLine(Text.SanitizeMand()); // TODO: async method ? + Console.Out.WriteLine(Text.SanitizeMand(containsLdapDn)); // TODO: async method ? Console.ResetColor(); semaphore.Release(); } - + public static void TryWriteLog(LogType logType, string title, string text, bool condition) { if (condition) diff --git a/roles/middleware/files/FWO.Middleware.Server/LdapBasic.cs b/roles/middleware/files/FWO.Middleware.Server/LdapBasic.cs index 6f8ebb7774..dc62bd0384 100644 --- a/roles/middleware/files/FWO.Middleware.Server/LdapBasic.cs +++ b/roles/middleware/files/FWO.Middleware.Server/LdapBasic.cs @@ -47,9 +47,9 @@ private async Task Connect() { try { - LdapConnectionOptions ldapOptions = new (); + LdapConnectionOptions ldapOptions = new(); if (Tls) ldapOptions.ConfigureRemoteCertificateValidationCallback((object sen, X509Certificate? cer, X509Chain? cha, SslPolicyErrors err) => true); // todo: allow real cert validation - LdapConnection connection = new (ldapOptions) { SecureSocketLayer = Tls, ConnectionTimeout = timeOutInMs }; + LdapConnection connection = new(ldapOptions) { SecureSocketLayer = Tls, ConnectionTimeout = timeOutInMs }; await connection.ConnectAsync(Address, Port); return connection; @@ -304,7 +304,7 @@ public static string GetFirstName(LdapEntry user) { return user.GetAttributeSet().ContainsKey("givenName") ? user.Get("givenName").StringValue : ""; } - + /// /// Get the last name for the given user /// @@ -333,17 +333,17 @@ public static string GetName(LdapEntry user) } return ""; } - + /// /// Get the tenant name for the given user /// /// tenant name of the given user public string GetTenantName(LdapEntry user) { - DistName dn = new (user.Dn); - return dn.GetTenantNameViaLdapTenantLevel (TenantLevel); + DistName dn = new(user.Dn); + return dn.GetTenantNameViaLdapTenantLevel(TenantLevel); } - + /// /// Get the groups for the given user /// @@ -408,7 +408,7 @@ public async Task SetPassword(string userDn, string newPassword) if (await TryBind(connection, WriteUser, WriteUserPwd)) { // authentication was successful: set new password - LdapAttribute attribute = new ("userPassword", newPassword); + LdapAttribute attribute = new("userPassword", newPassword); LdapModification[] mods = [new LdapModification(LdapModification.Replace, attribute)]; await connection.ModifyAsync(userDn, mods); @@ -483,7 +483,7 @@ public async Task AddUser(string userDn, string password, string email) await TryBind(connection, WriteUser, WriteUserPwd); string userName = new DistName(userDn).UserName; - LdapAttributeSet attributeSet = new () + LdapAttributeSet attributeSet = new() { new LdapAttribute("objectclass", "inetOrgPerson"), new LdapAttribute("sn", userName), @@ -493,7 +493,7 @@ public async Task AddUser(string userDn, string password, string email) new LdapAttribute("mail", email) }; - LdapEntry newEntry = new (userDn, attributeSet); + LdapEntry newEntry = new(userDn, attributeSet); try { @@ -527,8 +527,8 @@ public async Task UpdateUser(string userDn, string email) using LdapConnection connection = await Connect(); // Authenticate as write user await TryBind(connection, WriteUser, WriteUserPwd); - LdapAttribute attribute = new ("mail", email); - LdapModification[] mods = [new (LdapModification.Replace, attribute)]; + LdapAttribute attribute = new("mail", email); + LdapModification[] mods = [new(LdapModification.Replace, attribute)]; try { @@ -594,7 +594,7 @@ private static bool IsFullyQualifiedDn(string name) /// true if user added public async Task AddUserToEntry(string userDn, string entry) { - Log.WriteInfo("Add User to Entry", $"Trying to add User: \"{userDn}\" to Entry: \"{entry}\""); + Log.WriteInfo("Add User to Entry", $"Trying to add User: \"{userDn}\" to Entry: \"{entry}\"", true); return await ModifyUserInEntry(userDn, entry, LdapModification.Add); } diff --git a/roles/ui/files/FWO.UI/Services/UrlSanitizer.cs b/roles/ui/files/FWO.UI/Services/UrlSanitizer.cs index a8ae020044..77fa689022 100644 --- a/roles/ui/files/FWO.UI/Services/UrlSanitizer.cs +++ b/roles/ui/files/FWO.UI/Services/UrlSanitizer.cs @@ -24,9 +24,9 @@ public sealed partial class UrlSanitizer : IUrlSanitizer string decoded = HttpUtility.UrlDecode(normalizedInput); decoded = HttpUtility.HtmlDecode(decoded); - if (MyRegex().IsMatch(decoded) || - MyRegex1().IsMatch(decoded) || - MyRegex2().IsMatch(decoded) + if (RegExFindScript().IsMatch(decoded) || + RegExFindOn().IsMatch(decoded) || + RegExFindJavascript().IsMatch(decoded) ) // e.g. onload=, onclick= { BlockingUrlLog(input); @@ -91,13 +91,13 @@ private static void BlockingUrlLog(string url) } [GeneratedRegex(@"<\s*script\b", RegexOptions.IgnoreCase, "en-US")] - private static partial Regex MyRegex(); + private static partial Regex RegExFindScript(); [GeneratedRegex(@"on\w+\s*=", RegexOptions.IgnoreCase, "en-US")] - private static partial Regex MyRegex1(); + private static partial Regex RegExFindOn(); [GeneratedRegex(@"javascript\s*:", RegexOptions.IgnoreCase, "en-US")] - private static partial Regex MyRegex2(); + private static partial Regex RegExFindJavascript(); } }