public ArrayList protectAndMitigateSQLInjections()
{
ArrayList listOfRulesProcessed = new ArrayList();
// Handle Form data
while (true)
{
bool bFoundSQLInjection = false;
foreach (string sFormKey in HttpRequestToAnalyse.Form)
{
string dataToAnalyse = HttpRequestToAnalyse.Form[sFormKey];
if (ValidatorFunctions.RuleClass_SQLInjectionDetector(dataToAnalyse))
{
// don't show message when no attack is detected
// RulesProcessed += "SQLInjectionDetector" + htmlGreen(" [OK] , ");
}
else
{
HttpRequestToAnalyse.Form[sFormKey] = HttpRequestToAnalyse.Form[sFormKey].Replace("'", "");
listOfRulesProcessed.Add("<b>SQLInjectionDetector</b> " + htmlRed(" [FAILED: SQL INJECTION ATTACK DETECTED (and mitigated)] , "));
bFoundSQLInjection = true;
break;
}
}
if (!bFoundSQLInjection)
{
break;
}
}
// Handle Querystring
while (true)
{
bool bFoundSQLInjection = false;
foreach (string sQuerystringKey in HttpRequestToAnalyse.QueryString)
{
string dataToAnalyse = HttpRequestToAnalyse.QueryString[sQuerystringKey];
if (ValidatorFunctions.RuleClass_SQLInjectionDetector(dataToAnalyse))
{
// don't show message when no attack is detected
// RulesProcessed += "SQLInjectionDetector" + htmlGreen(" [OK] , ");
}
else
{
// string strCorrectedValue = HttpRequestToAnalyse.QueryString[sQuerystringKey].Replace("'","");
// //strCorrectedValue = strCorrectedValue.Replace("'","");
// HttpRequestToAnalyse.QueryString.Remove(sQuerystringKey);
// HttpRequestToAnalyse.QueryString.Add(sQuerystringKey,strCorrectedValue);
HttpRequestToAnalyse.QueryString[sQuerystringKey] = HttpRequestToAnalyse.QueryString[sQuerystringKey].Replace("'", "");
listOfRulesProcessed.Add("<b>SQLInjectionDetector</b> " + htmlRed(" [FAILED: SQL INJECTION ATTACK DETECTED (and mitigated)] , "));
bFoundSQLInjection = true;
break;
}
}
if (!bFoundSQLInjection)
{
break;
}
}
return(listOfRulesProcessed);
}