I have a piece of code, in which I set true or false depending upon the conditions.
Below is that code
public bool HackerTextExistOrNot(string text)
{
bool flgValid = false;
var attackChars = new char[] { '=', ' ', '-', '@' };
if(attackChars.Contains(text[0]))
{
flgValid = false;
}
else
{
flgValid = true;
}
return flgValid;
}
I have checked for both the bool conditions, but it always goes in strReturnId in main function.
Below is the code.
public static string SaveRecord(RRSOCSaving RRSOCSaving, string Indication)
{
string strReturnId = "";
string strAppURL = ConfigurationManager.AppSettings["AppUrl"].ToString();
string strmail_Content = "";
CommonDB commonObj = new CommonDB();
GET_DATA_BY_STORE objGetData = new GET_DATA_BY_STORE();
try
{
if (objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_CODE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STATE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.CITY) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SITE_STORE_FORMAT) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_SITENAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_SITENAME_LANDL_1) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_SITENAME_LANDL_2) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_ASST_MANAGER_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_ASST_MANAGER_MOBNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_MANAGER_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.MANAGER_MOBNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.EMP_NEAREST_STORE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.EMP_NEAREST_STORE_MOBNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SUPERVISOR_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SUPERVISOR_MOBNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SECURITY_SUP_NAME_STORE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SECURITY_SUP_MOBNO_STORE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NAME_ALIGNED_LPO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.LPO_MOBILENO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALPM_ALPO_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALPM_ALPO_MOBNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.AREA_MANAGER_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.AREA_MANAGER_MOBNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ZONAL_HEAD_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ZONAL_HEAD_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.DVR_IP_ADDRESS) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SIGNET_IP_ADDRESS) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NEAREST_POLICE_STN_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NEAREST_POLICE_STN_CONTNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NEAREST_HOSP_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NEAREST_HOSP_CONTNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NEAREST_FIRE_STN_CONTNAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NEAREST_FIRE_STN_CONTNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_ADDRESS) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_SPACE_SQFT) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.LAUNCH_DATE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.CST_TIN_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STORE_EMAILID) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NO_OF_POS) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NO_OF_CAMERA) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.DVR_MODEL_GESECURITY) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.CAMERA_MODEL) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALIGNED_LPO_MAILDID) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.FACILTY_TEAMNAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.FACILITY_TEAMNO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STATE_HEAD_OPS_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.STATE_HEAD_OPS_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.LPA) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SLP_STATE_HEAD) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SLP_STATE_HEAD_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.UserName) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.CREATED_DATE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.UserName) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.LAST_UPDATED_DATE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ISACTIVE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.LATITUDE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.LONGITUDE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SLP_EMAILID) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ZONAL_ECNUMBER) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ZONAL_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SLP_STATE_ECNUMBER) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALPM_ALPO_ECNUMBER) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.IS_STORE_IN_MALL) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.MALL_CONTROL_ROOM_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.IS_NIGHT_SEC_GUARD_AVAIL) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NIGHT_SEC_GUARD_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.NIGHT_SEC_GUARD_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.IS_NIGHT_PATROL_PARTY_AVAIL) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.PATROL_PARTY_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.PATROL_PARTY_NO) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALPM_ALPO_EMAILID) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALIGNED_LPO_ECNUMBER) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.SLP_STATE) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.FORMAT_GROUP) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALPM_NAME) ||
objGetData.HackerTextExistOrNot(RRSOCSaving.ALPM_ECNUMBER))
{
strReturnId = "Something went wrong due to malicious script attack..!!!";
}
else
{
if (RRSOCSaving.ROLE_ASSIGNED == "SLP State Head")
{
bool blnState1 = Array.Exists(RRSOCSaving.ASSIGNED_STATE.ToString().ToUpper().Split(','), element => element == (RRSOCSaving.STATE).ToString().ToUpper());
if (blnState1)
{
strmail_Content = Get_Email_Content(RRSOCSaving.STORE_CODE, RRSOCSaving.UserName, Indication, RRSOCSaving.STATE, RRSOCSaving.SITE_STORE_FORMAT, RRSOCSaving.STORE_SITENAME);
// SendEmail(RRSOCSaving.UserName, RRSOCSaving.STORE_CODE, RRSOCSaving.SLP_EMAILID, ConfigurationManager.AppSettings["NHQEmail"].ToString(), strmail_Content, Indication);
strReturnId = CommonDB.INSERT_INTO_RRSOC_INFO(RRSOCSaving, Indication);
}
else
{
strReturnId = "User can add data for " RRSOCSaving.ASSIGNED_STATE " only";
}
}
else if (RRSOCSaving.ROLE_ASSIGNED == "NHQ Admin")
{
strmail_Content = Get_Email_Content(RRSOCSaving.STORE_CODE, RRSOCSaving.UserName, Indication, RRSOCSaving.STATE, RRSOCSaving.SITE_STORE_FORMAT, RRSOCSaving.STORE_SITENAME);
// SendEmail(RRSOCSaving.UserName, RRSOCSaving.STORE_CODE, RRSOCSaving.SLP_EMAILID, ConfigurationManager.AppSettings["NHQEmail"].ToString(), strmail_Content, Indication);
strReturnId = CommonDB.INSERT_INTO_RRSOC_INFO(RRSOCSaving, Indication);
//strReturnId = "Record Saved Succesfully";
}
}
}
catch (Exception)
{
throw;
}
return strReturnId;
}
UPDATE I mean to say always in
strReturnId = "Something went wrong due to malicious script attack..!!!";
CodePudding user response:
It seems like your
HackerTextExistOrNot
method returns true when hacker text does NOT exist. Instead of using flgValid just return attackChars.Contains(text[0]) and it should be working correctly.
One more thing - you are creating table each time entering this method, you might consider refactoring this code.