|
|
|
Script Example Patching .NET Code |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : New page This example shows how to use O2's .Net Static Analysis Engine AST based to automatically patch the source code and make all Response.Write methods safe by wrapping them with the AntiXss.HtmlEncode method screenshots the script sourcecode included at the end of this article is also available inside the O2's Scripts folder Image 9_22_2010_5_28_37_PM_tmp3868.jpg when executed double-click , the following GUI will appear Image 9_22_2010_5_29_32_PM_tmp3870.jpg the code on the left is loaded from the file Request.Write.cs also included in the O2 Scripts folder Image 9_22_2010_5_32_04_PM_tmp3873.jpg the code on the right has been automatically created and patched note how the code on the left has a direct Request.Write ... invocation Image 9_22_2010_5_33_27_PM_tmp3874.jpg and the code on the right has the same call using an AntiXss.HtmlEncode method Image 9_22_2010_5_34_21_PM_tmp3875.jpg the patching is done in real time. So for example if we change the original Request.Write ... invocation and add another new method Image 9_22_2010_5_36_24_PM_tmp38AE.jpg the code on the right will automatically reflect the changes Image 9_22_2010_5_36_57_PM_tmp38AF.jpg sourcecode panel.clear var topPanel panel var topPanel O2Gui.open Fixing Response.Write ,1000,500 var controls topPanel.add_1x1 Original Code , Patched Code var originalCode controls 0 .add_SourceCodeEditor var patchedCode controls 1 .add_SourceCodeEditor originalCode.eDocumentDataChanged text if text.valid var csharpAst text.csharpAst show.info csharpAst.CompilationUnit.iNodes foreach var invocationExpression in csharpAst.CompilationUnit.iNodes var memberReference invocationExpression.TargetObject as MemberReferenceExpression if memberReference.notNull memberReference.MemberName Write var className AntiXss var methodName HtmlEncode var newMemberReference new MemberReferenceExpression new IdentifierExpression className ,methodName var newInvocationExpression new InvocationExpression newMemberReference newInvocationExpression.Arguments.AddRange invocationExpression.Arguments invocationExpression.Arguments.Clear invocationExpression.Arguments.Add newInvocationExpression csharpAst.CompilationUnit.add_Using Microsoft.Security.Application var patchedCSharpCode csharpAst.CompilationUnit.csharpCode patchedCSharpCode O2Ref AntiXSSLibrary.dll .line patchedCSharpCode so that it compiles OK var patchedCSharpFile patchedCSharpCode.saveWithExtension .cs patchedCode.open patchedCSharpFile var originalFile Request.Write.cs .local originalCode.open originalFile using ICSharpCode.NRefactory.Parser using ICSharpCode.NRefactory.Ast using ICSharpCode.NRefactory using O2.API.AST.CSharp using O2.API.AST.ExtensionMethods using O2.API.AST.ExtensionMethods.CSharp O2Ref O2_API_AST.dll Category Script Example
Les derniers articles du site " Recent changes en " :
- O2 Presentation at Event
- User Fabricio
- O2 Blog Entries
- File 7 21 2011 1 00 59 PM tmp9003.jpg
- File Open-source-icon-e1310696581917.png
- File 7 21 2011 12 59 42 PM tmp3EAA.jpg
- File 4 10 2011 7 38 23 AM tmp561C.jpg
- File 4 10 2011 7 06 43 AM tmp616F.jpg
- File 4 10 2011 7 14 27 AM tmp720B.jpg
- Blog Post
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
