SecurityHelpers.cs
using System.Net;
using System.Text; namespace GenXdev.Helpers { public static class SecurityHelper { public static string SanitizeFileName(string name, bool giveUniqueSuffix = false) { var invalidChars = Path.GetInvalidPathChars(); var sb = new StringBuilder(name.Length); foreach (var c in name.ToCharArray()) { if (Array.IndexOf(invalidChars, c) >= 0) { sb.Append('_'); } else switch (Char.ToLower(c)) { case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': case 'g': case 'h': case 'i': case 'j': case 'k': case 'l': case 'm': case 'n': case 'o': case 'p': case 'q': case 'r': case 's': case 't': case 'u': case 'v': case 'w': case 'x': case 'y': case 'z': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': case '0': case '!': case '@': case '#': case '$': case '&': case '(': case ')': case '_': case '-': case '+': case '=': case '{': case '}': case '[': case ']': case '.': case ',': sb.Append(c); break; default: sb.Append('_'); break; } } if (giveUniqueSuffix) { sb.Append("_" + ((UInt32)name.Trim().ToLowerInvariant().GetHashCode()).ToString().PadLeft(10, '0')); } return sb.ToString().Replace("__", "_"); } public static bool IsSafePublicURL(string URL) { try { Uri url = new Uri(URL); return HostOrIPPublic(url.Host); } catch { return false; } } public static bool IsSafePublicURL(Uri URL) { return HostOrIPPublic(URL.Host); } public static bool HostOrIPPublic(string HostName) { bool result = true; try { IPAddress[] addresslist = Dns.GetHostAddresses(HostName.Trim()); foreach (IPAddress address in addresslist) { if (!IsPublicIpAddress(address)) { return false; } } } catch { result = false; } return result; } public static async Task<bool> HostOrIPPublicAsync(string HostName) { bool result = true; try { var addresslist = await Task.Factory.FromAsync<IPAddress[]>( Dns.BeginGetHostAddresses(HostName.Trim(), null, null), Dns.EndGetHostAddresses); foreach (IPAddress address in addresslist) { if (!IsPublicIpAddress(address)) { return false; } } } catch { result = false; } return result; } public static bool IsPublicIpAddress(IPAddress address) { try { // (address.AddressFamily == AddressFamily.InterNetwork); String[] straryIPAddress = address.ToString().Split(new String[] { "." }, StringSplitOptions.RemoveEmptyEntries); int[] iaryIPAddress = new int[] { int.Parse(straryIPAddress[0]), int.Parse(straryIPAddress[1]), int.Parse(straryIPAddress[2]), int.Parse(straryIPAddress[3]) }; if (iaryIPAddress[0] == 10 || (iaryIPAddress[0] == 127 && (iaryIPAddress[1] == 0) && (iaryIPAddress[2] == 0) && (iaryIPAddress[3] == 1)) || (iaryIPAddress[0] == 192 && iaryIPAddress[1] == 168) || (iaryIPAddress[0] == 172 && (iaryIPAddress[1] >= 16 && iaryIPAddress[1] <= 31)) ) { return false; } } catch { } return true; } } } |