-
Notifications
You must be signed in to change notification settings - Fork 12
/
Startup.cs
123 lines (103 loc) · 4.36 KB
/
Startup.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
using System;
using System.Collections.Generic;
using System.IO;
using System.Reflection;
using insecure_bank_net.Dao;
using insecure_bank_net.Data;
using insecure_bank_net.Facade;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Data.Sqlite;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace insecure_bank_net
{
public class Startup
{
private IConfiguration Configuration { get; }
private IEnumerable<string> VulnerableAssemblies => new List<string> {"Sustainsys.Saml2"};
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie();
var SqLiteConnection = new SqliteConnection(Configuration.GetConnectionString("DefaultConnection"));
SqLiteConnection.Open();
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlite(SqLiteConnection));
services.AddScoped(typeof(IAccountDao), typeof(AccountDaoImpl));
services.AddScoped(typeof(IActivityDao), typeof(ActivityDaoImpl));
services.AddScoped(typeof(ICashAccountDao), typeof(CashAccountDaoImpl));
services.AddScoped(typeof(ICreditAccountDao), typeof(CreditAccountDaoImpl));
services.AddScoped(typeof(ITransferDao), typeof(TransferDaoImpl));
services.AddScoped(typeof(IAuthenticationFacade), typeof(AuthenticationFacade));
services.AddScoped(typeof(ITransferFacade), typeof(TransferFacadeImpl));
services.AddScoped(typeof(IStorageFacade), typeof(StorageFacadeImpl));
services.AddRazorPages(options =>
{
options.Conventions.AuthorizePage("/Authentication/Login");
options.Conventions.AuthorizeFolder("/User");
options.Conventions.AddPageRoute("/User/Dashboard", "");
});
services.AddHttpContextAccessor();
services.AddSession();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ApplicationDbContext context)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseDatabaseErrorPage();
}
else
{
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseSession();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.Strict
});
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints => endpoints.MapRazorPages() );
context.Database.EnsureDeleted();
context.Database.EnsureCreated();
PopulateDatabase(context);
LoadAssemblies(VulnerableAssemblies);
}
private void PopulateDatabase(ApplicationDbContext context)
{
ApplicationDbContext.connection = context.Database.GetDbConnection();
using var command = ApplicationDbContext.connection.CreateCommand();
command.CommandText = "select count(*) from account";
if (int.Parse(command.ExecuteScalar().ToString()!) == 0)
{
using var stream = GetType().Assembly.GetManifestResourceStream("insecure_bank_net.dataload.sql");
using var reader = new StreamReader(stream!);
var sql = reader.ReadToEnd();
foreach (var item in sql.Split(";", StringSplitOptions.RemoveEmptyEntries))
{
context.Database.ExecuteSqlRaw(item);
}
}
}
private void LoadAssemblies(IEnumerable<string> assemblies)
{
foreach (var assembly in assemblies)
{
Assembly.Load(assembly);
}
}
}
}