Everything was working fine – we get inbound text messages and this webpage accepts the call – parses out the data and then inserts into our database – a few days ago they started sending SOME of the url calls with a different encoding and now when it’s parsed there are odd characters in the string
Even the clickatell website when looking at the message on their reports - doesn't display properly - it inserts funky characters between each letter of the text. Assuming this is because end users are sending emoticons or something like that.
URL Call being sent to us –
http://website/clickatell.aspx?api_id=3360511&from=12173726674×tamp=2018-01-24%2019%3A16%3A54&text=%00I%20%19%00m%00%20%00p%00e%00r%00m%00%20%00r%00i%00g%00h%00t%00%20%00n%00o%00w%00.%00%20%00B%00u%00t%00%20%00i%00f%00%20%00I%00%20%00s%00t%00a%00r%00t%00%20%00t%00r%00a%00v%00e%00l%00i%00n%00g%00%20%00a%00g%00a%00i%00n%00%2C%00%20%00I%20%19%00l%00l%00%20%00c%00o%00n%00t%00a%00c%00t%00%20%00y%00o&charset=UTF-16BE&udh=050003110201&moMsgId=a15c4039887a22425e9c42b86f6ddca4&to=17752374422
Normal URL call -
http://website/clickatell.aspx?api_id=3360511&from=15204455150×tamp=2018-04-17%2019%3A17%3A05&text=Okay.%20I%27ll%20post%20it%20up%20in%20a%20bit.%20&charset=ISO-8859-1&udh=&moMsgId=f1690c98ff631db19ef26e619fd6f9e4&to=17752374422
ASPX Code (.Net 3.5) the If looks for the new encoding charset and executes the IF
if (Request.Url.ToString().IndexOf("UTF-16BE") > 0)
{
if (Request["api_id"] != null) sAPIId = Server.UrlDecode(Request["api_id"]);
if (Request["moMsgId"] != null) sMsgId = Server.UrlDecode(Request["moMsgId"]);
if (Request["from"] != null) sSource = Server.UrlDecode(Request["from"]);
if (Request["to"] != null) sTarget = Server.UrlDecode(Request["to"]);
if (Request["udh"] != null) sHeader = Server.UrlDecode(Request["udh"]);
if (Request["text"] != null) sText = Server.UrlDecode(Request["text"]);
}
else
{
if (Request["api_id"] != null) sAPIId = Request["api_id"];
if (Request["moMsgId"] != null) sMsgId = Request["moMsgId"];
if (Request["from"] != null) sSource = Request["from"];
if (Request["to"] != null) sTarget = Request["to"];
if (Request["udh"] != null) sHeader = Request["udh"];
if (Request["text"] != null) sText = Request["text"];
}
UrlDecode results in this – I’m sure there is an easy way to get from the hex encoding above to just a plain string – but I can’t seem to track it down.
"\0I _\0m\0 \0p\0e\0r\0m\0 \0r\0i\0g\0h\0t\0 \0n\0o\0w\0.\0 \0B\0u\0t\0 \0i\0f\0 \0I\0 \0s\0t\0a\0r\0t\0 \0t\0r\0a\0v\0e\0l\0i\0n\0g\0 \0a\0g\0a\0i\0n\0,\0 \0I _\0l\0l\0 \0c\0o\0n\0t\0a\0c\0t\0 \0y\0o"
Also tried Encoding.GetEncoding("ISO-8859-1").GetString(Encoding.Convert(Encoding.UTF8, Encoding.GetEncoding("ISO-8859-1"), Encoding.UTF8.GetBytes(Request.Url))) – but gave same result
Related
After running veracode scan, I got the CWE 113 error. I had found a solution to replace the cookie value, but still the issue is not fixed.
Fix for CWE-113: Improper Neutralization of CRLF Sequences in HTTP
Headers ('HTTP Response Splitting')
string ReplaceHTTPRequestValue(string Value)
{
string replacedValue = string.Empty;
if (!string.IsNullOrEmpty(Value))
{
replacedValue = Value.Replace("\r", string.Empty)
.Replace("%0d", string.Empty)
.Replace("%0D", string.Empty)
.Replace("\n", string.Empty)
.Replace("%0a", string.Empty)
.Replace("%0A", string.Empty);
}
return replacedValue;
}
void WebTrends_PreRender()
{
HttpCookie cookie = Request.Cookies["WT_CID"];
string campaignIdVal = string.Empty;
if (cookie != null)
{
campaignIdVal = ReplaceHTTPRequestValue(Request.Cookies["WT_CID"].Value);
}
else
{
campaignIdVal = string.Empty;
}
}
How can I solve this?
Please take a look at this link
https://community.veracode.com/s/question/0D53n00007YVaMrCAL/how-to-fix-flaws-for-cwe-id-113-http-response-splitting
It is likely the reason the flaw continues to be reported is because
the functions you are using are not in the list of Supported Cleansing
Functions, which you can find in the Help Center here:
https://help.veracode.com/go/review_cleansers. For example the
supported function org.owasp.encoder.Encode.forJava() would cleanse
for CWE-113, as well as CWE-117, CWE-80 and CWE-93. Please note that
it is important to select the appropriate cleansing function for the
context.
string ReplaceHTTPRequestValue(string Value)
{
string NonCRLF = string.Empty;
foreach (char item in Value)
{
NonCRLF += item.ToString().Replace("\n", "").Replace("\r","");
}
return NonCRLF;
}
Folks,
I'm doing a post on a web page with emoji / emoticon. But after posted the site does not display the emoticon. Must you use a different Encoding? If so how can I do?
Example have this emoji 👐💓⛪🌇 the site only shows me that ⛪ Other special characters appear.
if (currentElement.GetAttribute("type") == "submit")
if (currentElement.Name == "view_post")
{
string postagem = txtPublicacao.Text;
HtmlElement elea = webBrowser1.Document.GetElementById("u_0_0");
if (elea != null)
elea.SetAttribute("value", postagem);
currentElement.InvokeMember("click");
}
I think you can prevent yourself from experiencing some future grief by ensuring that blocks are enclosed in brackets like so:
if (currentElement.GetAttribute("type") == "submit")
{
if (currentElement.Name == "view_post")
{
string postagem = txtPublicacao.Text;
HtmlElement elea = webBrowser1.Document.GetElementById("u_0_0");
// if condition and response either on one line:
if (elea != null) elea.SetAttribute("value", postagem);
// ...or use "{}" in preparation for possible future additions to the reponse to the if condition
if (elea != null)
{
elea.SetAttribute("value", postagem);
}
currentElement.InvokeMember("click");
}
}
Or better yet, since you have two consecutive "ifs" before code is executed, combine them like so:
if ((currentElement.GetAttribute("type") == "submit") &&
(currentElement.Name == "view_post"))
{
string postagem = txtPublicacao.Text;
HtmlElement elea = webBrowser1.Document.GetElementById("u_0_0");
if (elea != null) elea.SetAttribute("value", postagem);
currentElement.InvokeMember("click");
}
I'm using selenium to test a webapp.
It has to do with adding Announcements/data. It has alot of inputs...
Problem: Randomly, text-A, meant for input-A get typed in input-B as well as text-B.
Since there's a lot of repetition, I read text-inputs from xml and return a dictionary. And type text as so
public AnnouncementAdvertiserFields TypeAdvertiserFields(string pathToXml)
{
var xmlParser = new XmlParser();
Dictionary<string, string> fields = xmlParser.TypeAdvertiserFieldsFromXml(pathToXml);
string name;
string coAddress;
string streetName;
string streetNo;
string streetFloor;
string streetDoor;
string city;
string postalCode;
string postalCity;
string phoneNo;
string mobileNo;
string faxNo;
string country;
string journalNo;
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.Name, out name);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.CoAdress, out coAddress);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.Streetname, out streetName);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.StreetNumber, out streetNo);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.StreetFloor, out streetFloor);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.StreetDoor, out streetDoor);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.City, out city);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.PostalCode, out postalCode);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.PostalCity, out postalCity);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.PhoneNumber, out phoneNo);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.MobilePhoneNumber, out mobileNo);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.FaxNumber, out faxNo);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.Country, out country);
fields.TryGetValue(WebTesting.Common.Constants.AdvertiserFieldNames.JounalNo, out journalNo);
if (name != string.Empty) TypeName(name);
if (coAddress != string.Empty) TypeCoAddress(coAddress);
if (streetName != string.Empty) TypeStreetName(streetName);
if (streetNo != string.Empty) TypeStreetNumber(streetNo);
if (streetFloor != string.Empty) TypeStreetFloor(streetFloor);
if (streetDoor != string.Empty) TypeStreetDoor(streetDoor);
if (city != string.Empty) TypeCity(city);
if (postalCode != string.Empty) TypePostalCode(postalCode);
if (postalCity != string.Empty) TypePostalCity(postalCity);
if (phoneNo != string.Empty) TypePhoneNumber(phoneNo);
if (mobileNo != string.Empty) TypeMobilePhoneNumber(mobileNo);
if (faxNo != string.Empty) TypefaxNumber(faxNo);
if (country != string.Empty) SelectCountryByValue(country);
if (journalNo != string.Empty) TypeJournalNumber(journalNo);
return this;
}
Example of TypeName from AnnouncementAdvertiserFields
public void TypeName(string name)
{
TypeText(name, _nameInputLocator);
}
TypeName calls generic TypeText method from a superclass.
protected void TypeText(string text, By locator)
{
Webdriver.FindElement(locator).SendKeys(text);
}
Type AnnouncementAdvertiserFields is a property on the page object page of the specific announcement type.
I have tried using both implicit wait and explicit wait. With sooooooo many combinations of ExpectedConditions
TextToBePresentInElement before and after SendKeys
ElementExists
ElementIsVisible
I would think code like this should work
var wait = new WebDriverWait(Webdriver, TimeSpan.FromSeconds(5));
wait.Until(ExpectedConditions.ElementIsVisible(locator));
var element = Webdriver.FindElement(locator);
element.Clear();
wait.Until(ExpectedConditions.TextToBePresentInElement(element, ""));
element.SendKeys(text);
Wait.Until(ExpectedConditions.TextToBePresentInElement(FindStdkElement(locator), text));
I also tried using the SelectElement but to no avail.
If I debug my way through, everything is dandy and great. No errors. But when I run the test, sometimes it passes other times fails. I cannot find any system as to which fields fails. It's random...
When I run the tests from my local machine I have no issues. But when run from machine in DEV, they fail sporadically. DEV-machine is less powerfull than local, which makes my think it might be a timing issue. That maybe Selenium is is typing to fast for the browser to keep up.
I use Nunit as testframework. With ReSharper.
Any help or directions will be much appreciated. thanks guys
I think there can be timing issues. If there is time out then increase the time out that you have given and then run it again and check weather there is failed tests in you DEV machine.
To increase timeout. Try this...
driver.manage().timeouts().implicitlyWait(30, TimeUnit.SECONDS);
Reference - http://docs.seleniumhq.org/docs/04_webdriver_advanced.jsp
I'm using the new gmail api in c# application, and I want to know how I can read the body of a message after getting the message with the get method? Can i get a MailMessage object from the "Raw" property of the message (to create a Raw from a mailMessage i use this, is there a way to convert it back?), or i need to use the "Payload" property?
This is my code: (the ListMessages and the GetMessage methods are from the
API Reference on google's site)
List<Message> msgList = ListMessages(gs, "me", "is:unread");
string id = msgList[0].Id;
Message msg = GetMessage(gs, "me", id);
Now what?
Please help.
Thanks.
From the API, your Message (1) has a Payload property of type MessagePart (2). MessagePart has a Body property of type MessagePartBody (3) which (finally) has a string Data property.
Data is the content of the message, so (using your example code) to get the message you would do something like:
msg.Payload.Body.Data
From there, how you use it is up to you, although you have to be aware that there may or may not be HTML in that value. From the API reference, we also see this for the Parts property of the Payload:
For non- container MIME message part types, such as text/plain, this
field is empty
So you could make the assumption that if msg.Payload.Parts contains no elements then it is a plain-text message.
The Gmail API is not super easy to use. They really leave a lot to the user to just figure out.
You're going to need to use recursion to get the correct structure and do some decoding of the message. The structure of the JSON is going to be very different depending on the format of the message, if there are attachments and the sending client.
This guide goes over exactly how to handle extracting the HTML and Plain text versions of the body.
Here part of the code from the guide that shows how to extract the body parts:
public static void ExtractMessagePart(MessagePart part, ref EmailMessageModel message)
{
if (part == null)
return;
var contentDisposition = part.Headers?.FirstOrDefault(h => h.Name == "Content-Disposition");
if (contentDisposition != null && (contentDisposition.Value.StartsWith("attachment") || contentDisposition.Value == "inline"))
{
message.Attachments.Add(new DragnetTech.EventProcessors.Email.EmailMessageModel.Attachment
{
AttachmentId = part.Body.AttachmentId,
Filename = part.Filename,
ContentID = contentDisposition.Value.StartsWith("inline") || part.Headers?.FirstOrDefault(h => h.Name == "Content-ID") != null ? Utils.UnescapeUnicodeCharacters(part.Headers.FirstOrDefault(h => h.Name == "Content-ID")?.Value) : null,
Size = part.Body.Size ?? 0,
ExchangeID = part.Body.AttachmentId,
Data = part.Body.Data,
ContentType = part.Headers?.FirstOrDefault(h => h.Name == "Content-Type")?.Value
});
}
else
{
if (part.MimeType == "text/plain")
{
message.Body = DecodeSection(part.Headers?.FirstOrDefault(h => h.Name == "Content-Transfer-Encoding")?.Value, part.Body?.Data);
message.IsHtml = false;
}
else if (part.MimeType == "text/html")
{
message.Body = DecodeSection(part.Headers?.FirstOrDefault(h => h.Name == "Content-Transfer-Encoding")?.Value, part.Body?.Data);
message.IsHtml = true;
}
}
if (part.Parts != null)
{
foreach (var np in part.Parts)
{
ExtractMessagePart(np, ref message);
}
}
}
I am accessing From value of each mail from nsf file.
As:
NotesView sent = _NotesDatabase.GetView("($Sent)");
if (sent != null)
{
NotesDocument docSent = sent.GetFirstDocument();
if (docSent != null)
{
while (docSent != null)
{
String Subject = ( (object[]) DocSent.GetItemValue("Subject"))[0] as String;
Message.Show(Subject);
docSent = sent.GetNextDocument(docSent);
}//while
}
}
But there are some mails for which i am getting "null" value (it contains SendTo,Subject e.t.c values: viewed in lotus notes).
So i can't access Subject of it.
Why it is happening?
i checked Form value it is "Memo"
If you're getting a null value from GetItemValue, then the field is probably not on the document. You can check for this condition using the HasItem method of the NotesDocument class, as in:
if (docSent.hasItem("Subject")) {
...
}