-
Notifications
You must be signed in to change notification settings - Fork 616
/
Copy pathScriptSecurity.cs
96 lines (83 loc) · 2.97 KB
/
ScriptSecurity.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using FastReport.Utils;
using System.Text.RegularExpressions;
namespace FastReport.Web
{
partial class WebReport
{
/// <summary>
/// Sets custom class for checking the report script.
/// </summary>
/// <param name="scriptChecker"></param>
public static void SetScriptSecurity(IScriptChecker scriptChecker)
{
ScriptSecurity.Dispose();
ScriptSecurity = new ScriptSecurity(scriptChecker);
}
}
internal sealed class ScriptSecurity : IDisposable
{
private readonly IScriptChecker ScriptChecker;
internal ScriptSecurity(IScriptChecker checker)
{
ScriptChecker = checker;
Config.ScriptCompile += Config_ScriptCompile;
}
internal void Config_ScriptCompile(object sender, ScriptSecurityEventArgs e)
{
if(Config.EnableScriptSecurity)
e.IsValid = ScriptChecker.IsValid(e.ReportLanguage, e.ReportScript, e.References, e.Report);
}
public void Dispose()
{
Config.ScriptCompile -= Config_ScriptCompile;
}
}
/// <summary>
/// Interface for overriding the standard check of the report script
/// <see cref="IsValid(Language, string, string[], Report)"/>
/// </summary>
public interface IScriptChecker
{
/// <summary>
/// Method for checking the report script
/// </summary>
/// <param name="lang">Report script language</param>
/// <param name="reportScript">Report script</param>
/// <param name="references">Referenced assemblies</param>
/// <param name="report">Report</param>
/// <returns>Returns true if the report passed the validation check</returns>
bool IsValid(Language lang, string reportScript, string[] references, Report report);
}
internal sealed class ScriptChecker : IScriptChecker
{
public bool IsValid(Language lang, string reportScript, string[] references, Report report)
{
// LOGIC
foreach(string reference in references)
{
// in .Net Core need to add reference
if (reference.IndexOf("System.IO.FileSystem") != -1)
return false;
if (reference.IndexOf("Microsoft.AspNetCore") != -1)
return false;
if(reference.IndexOf("System.Net") != -1)
return false;
}
foreach (Regex pattern in Config.ScriptSecurityProps.RegexStopList)
{
if (pattern.IsMatch(reportScript))
return false;
}
foreach (string pattern in Config.ScriptSecurityProps.StopList)
{
if (reportScript.IndexOf(pattern) != -1)
return false;
}
return true;
}
}
}