Netcore/feature/healthcheck replaceconfiglogic (#8934)

* Started moving to JSON instead of config. Mild refactoring but overall keeping it the same, except for injecting IConfiguration and JSON parsing instead of XML Tests currently unaffected, need to increase coverage * Moved to constants for appsettings keys Moved from IConfiguration to global settings - later to be replaced with IOptions Updated translation messages Installed IOptions ready for new PR Updated to new interface, IConfigurationService * Post-merge fix * Namespace move from Umbraco.Web to Umbraco.Core where appropriate * Renamed abstractsettings (from abstractconfig) Moving out of configservice into the POCO config check * Made the IIsCustomErrors healthcheck as obsolete, as no web.config setting). Investigate reintroducing this check in the .NET Core way (UseDevelopment). Reducing use of abstractsettings as not needed - we don't need a config service to read the config settings anymore as they're all explicit POCOs. Consolidated health-checks in project. * Removed test views that weren't meant to be added * Returned to use of abstractsettings with different use * Moved more health checks into correct folder/namespace, and enum into their own file * Correct namespace * Git history/compare lost due to file move, temporarily moving back to original folder. Will do another PR to move after this * Use existing GetStatus in abstract check for Debug mode * Updating to return to previous logic and putting files back into line * Macro errors returned to previous logic * Reuse abstractsettings class * Swapped order to assist with reviewing PR * Updated to include itempath * Not implemented comment to avoid confusion Implemented NotificationEmailCheck * Changed to IOptionsMonitor as per PR comments. Removed configurationservice as we need to rethink the fixing strategy. Updated logger. Needs to show fix message instead of fixing. Temporary fix for IIS version * Switched to IOptionsMonitor for all * No longer attempts to actually fix header in config. Still need to show suggestions. Co-authored-by: Elitsa Marinovska <elm@umbraco.dk>
2020-10-21 10:29:25 +01:00
parent 2bb3afb69d
commit 7a570110d0
64 changed files with 531 additions and 632 deletions
--- a/src/Umbraco.Core/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
+++ b/src/Umbraco.Core/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
@@ -4,13 +4,11 @@ using System.IO;
 using System.Linq;
 using System.Net;
 using System.Text.RegularExpressions;
-using System.Xml.Linq;
-using System.Xml.XPath;
-using Umbraco.Core;
-using Umbraco.Core.IO;
+using Microsoft.Extensions.Configuration;
 using Umbraco.Core.Services;
+using Umbraco.Web;

-namespace Umbraco.Web.HealthCheck.Checks.Security
+namespace Umbraco.Core.HealthCheck.Checks.Security
 {
    public abstract class BaseHttpHeaderCheck : HealthCheck
    {
@@ -23,16 +21,14 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
        private readonly string _localizedTextPrefix;
        private readonly bool _metaTagOptionAvailable;
        private readonly IRequestAccessor _requestAccessor;
-        private readonly IIOHelper _ioHelper;

        protected BaseHttpHeaderCheck(
            IRequestAccessor requestAccessor,
            ILocalizedTextService textService,
-            string header, string value, string localizedTextPrefix, bool metaTagOptionAvailable, IIOHelper ioHelper)
+            string header, string value, string localizedTextPrefix, bool metaTagOptionAvailable)
        {
            TextService = textService ?? throw new ArgumentNullException(nameof(textService));
            _requestAccessor = requestAccessor;
-            _ioHelper = ioHelper;
            _header = header;
            _value = value;
            _localizedTextPrefix = localizedTextPrefix;
@@ -72,7 +68,7 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
            var success = false;

            // Access the site home page and check for the click-jack protection header or meta tag
-            var url =  _requestAccessor.GetApplicationUrl();
+            var url = _requestAccessor.GetApplicationUrl();
            var request = WebRequest.Create(url);
            request.Method = "GET";
            try
@@ -146,7 +142,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
        private HealthCheckStatus SetHeaderInConfig()
        {
            var errorMessage = string.Empty;
-            var success = SaveHeaderToConfigFile(out errorMessage);
+            //TODO: edit to show fix suggestion instead of making fix
+            var success = true;

            if (success)
            {
@@ -158,64 +155,10 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
            }

            return
-                new HealthCheckStatus(TextService.Localize("healthcheck/setHeaderInConfigError", new [] { errorMessage }))
+                new HealthCheckStatus(TextService.Localize("healthcheck/setHeaderInConfigError", new[] { errorMessage }))
                {
                    ResultType = StatusResultType.Error
                };
        }
-
-        private bool SaveHeaderToConfigFile(out string errorMessage)
-        {
-            try
-            {
-                // There don't look to be any useful classes defined in https://msdn.microsoft.com/en-us/library/system.web.configuration(v=vs.110).aspx
-                // for working with the customHeaders section, so working with the XML directly.
-                var configFile = _ioHelper.MapPath("~/Web.config");
-                var doc = XDocument.Load(configFile);
-                var systemWebServerElement = doc.XPathSelectElement("/configuration/system.webServer");
-                var httpProtocolElement = systemWebServerElement.Element("httpProtocol");
-                if (httpProtocolElement == null)
-                {
-                    httpProtocolElement = new XElement("httpProtocol");
-                    systemWebServerElement.Add(httpProtocolElement);
-                }
-
-                var customHeadersElement = httpProtocolElement.Element("customHeaders");
-                if (customHeadersElement == null)
-                {
-                    customHeadersElement = new XElement("customHeaders");
-                    httpProtocolElement.Add(customHeadersElement);
-                }
-
-                var removeHeaderElement = customHeadersElement.Elements("remove")
-                    .SingleOrDefault(x => x.Attribute("name")?.Value.Equals(_value, StringComparison.InvariantCultureIgnoreCase) == true);
-                if (removeHeaderElement == null)
-                {
-                    customHeadersElement.Add(
-                        new XElement("remove",
-                            new XAttribute("name", _header)));
-                }
-
-                var addHeaderElement = customHeadersElement.Elements("add")
-                    .SingleOrDefault(x => x.Attribute("name")?.Value.Equals(_header, StringComparison.InvariantCultureIgnoreCase) == true);
-                if (addHeaderElement == null)
-                {
-                    customHeadersElement.Add(
-                        new XElement("add",
-                            new XAttribute("name", _header),
-                            new XAttribute("value", _value)));
-                }
-
-                doc.Save(configFile);
-
-                errorMessage = string.Empty;
-                return true;
-            }
-            catch (Exception ex)
-            {
-                errorMessage = ex.Message;
-                return false;
-            }
-        }
    }
 }