From c624919710505fe88d4bbceff6ad5ce4d5bad6ea Mon Sep 17 00:00:00 2001
From: elitsa <elm@umbraco.dk>
Date: Mon, 27 Jan 2020 16:38:02 +0100
Subject: [PATCH] Moving Security HealthChecks to Abstractions proj

---
 .../HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs | 10 ++++++----
 .../HealthCheck/Checks/Security/ClickJackingCheck.cs   |  5 +++--
 .../HealthCheck/Checks/Security/HstsCheck.cs           |  5 +++--
 .../HealthCheck/Checks/Security/NoSniffCheck.cs        |  5 +++--
 .../HealthCheck/Checks/Security/XssProtectionCheck.cs  |  5 +++--
 src/Umbraco.Abstractions/Umbraco.Abstractions.csproj   |  1 +
 6 files changed, 19 insertions(+), 12 deletions(-)
 rename src/{Umbraco.Web => Umbraco.Abstractions}/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs (97%)
 rename src/{Umbraco.Web => Umbraco.Abstractions}/HealthCheck/Checks/Security/ClickJackingCheck.cs (84%)
 rename src/{Umbraco.Web => Umbraco.Abstractions}/HealthCheck/Checks/Security/HstsCheck.cs (91%)
 rename src/{Umbraco.Web => Umbraco.Abstractions}/HealthCheck/Checks/Security/NoSniffCheck.cs (84%)
 rename src/{Umbraco.Web => Umbraco.Abstractions}/HealthCheck/Checks/Security/XssProtectionCheck.cs (90%)

diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
similarity index 97%
rename from src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
rename to src/Umbraco.Abstractions/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
index 6c61f0d1c8..f735c6100a 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
+++ b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs
@@ -7,7 +7,7 @@ using System.Text.RegularExpressions;
 using System.Xml.Linq;
 using System.Xml.XPath;
 using Umbraco.Core;
-using Umbraco.Web.Composing;
+using Umbraco.Core.IO;
 using Umbraco.Core.Services;
 
 namespace Umbraco.Web.HealthCheck.Checks.Security
@@ -23,19 +23,21 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
         private readonly string _value;
         private readonly string _localizedTextPrefix;
         private readonly bool _metaTagOptionAvailable;
+        private readonly IIOHelper _ioHelper;
 
         protected BaseHttpHeaderCheck(
             IRuntimeState runtime,
             ILocalizedTextService textService,
-            string header, string value, string localizedTextPrefix, bool metaTagOptionAvailable)
+            string header, string value, string localizedTextPrefix, bool metaTagOptionAvailable, IIOHelper ioHelper)
         {
             Runtime = runtime;
             TextService = textService ?? throw new ArgumentNullException(nameof(textService));
-
+            _ioHelper = ioHelper;
             _header = header;
             _value = value;
             _localizedTextPrefix = localizedTextPrefix;
             _metaTagOptionAvailable = metaTagOptionAvailable;
+
         }
 
         /// <summary>
@@ -168,7 +170,7 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
             {
                 // There don't look to be any useful classes defined in https://msdn.microsoft.com/en-us/library/system.web.configuration(v=vs.110).aspx
                 // for working with the customHeaders section, so working with the XML directly.
-                var configFile = Current.IOHelper.MapPath("~/Web.config");
+                var configFile = _ioHelper.MapPath("~/Web.config");
                 var doc = XDocument.Load(configFile);
                 var systemWebServerElement = doc.XPathSelectElement("/configuration/system.webServer");
                 var httpProtocolElement = systemWebServerElement.Element("httpProtocol");
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/ClickJackingCheck.cs
similarity index 84%
rename from src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
rename to src/Umbraco.Abstractions/HealthCheck/Checks/Security/ClickJackingCheck.cs
index 359bfa83cb..2a3a0a9dab 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/ClickJackingCheck.cs
+++ b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/ClickJackingCheck.cs
@@ -1,4 +1,5 @@
 using Umbraco.Core;
+using Umbraco.Core.IO;
 using Umbraco.Core.Services;
 
 namespace Umbraco.Web.HealthCheck.Checks.Security
@@ -10,8 +11,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
         Group = "Security")]
     public class ClickJackingCheck : BaseHttpHeaderCheck
     {
-        public ClickJackingCheck(IRuntimeState runtime, ILocalizedTextService textService)
-            : base(runtime, textService, "X-Frame-Options", "sameorigin", "clickJacking", true)
+        public ClickJackingCheck(IRuntimeState runtime, ILocalizedTextService textService, IIOHelper ioHelper)
+            : base(runtime, textService, "X-Frame-Options", "sameorigin", "clickJacking", true, ioHelper)
         {
         }
     }
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/HstsCheck.cs
similarity index 91%
rename from src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs
rename to src/Umbraco.Abstractions/HealthCheck/Checks/Security/HstsCheck.cs
index d0da243ced..7ce7a80c93 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/HstsCheck.cs
+++ b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/HstsCheck.cs
@@ -1,4 +1,5 @@
 using Umbraco.Core;
+using Umbraco.Core.IO;
 using Umbraco.Core.Services;
 
 namespace Umbraco.Web.HealthCheck.Checks.Security
@@ -15,8 +16,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
         // and the blog post of Troy Hunt (https://www.troyhunt.com/understanding-http-strict-transport/)
         // If you want do to it perfectly, you have to submit it https://hstspreload.org/,
         // but then you should include subdomains and I wouldn't suggest to do that for Umbraco-sites.
-        public HstsCheck(IRuntimeState runtime, ILocalizedTextService textService)
-            : base(runtime, textService, "Strict-Transport-Security", "max-age=10886400", "hSTS", true)
+        public HstsCheck(IRuntimeState runtime, ILocalizedTextService textService, IIOHelper ioHelper)
+            : base(runtime, textService, "Strict-Transport-Security", "max-age=10886400", "hSTS", true, ioHelper)
         {
         }
     }
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/NoSniffCheck.cs b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/NoSniffCheck.cs
similarity index 84%
rename from src/Umbraco.Web/HealthCheck/Checks/Security/NoSniffCheck.cs
rename to src/Umbraco.Abstractions/HealthCheck/Checks/Security/NoSniffCheck.cs
index ceeec152ad..392d8c94db 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/NoSniffCheck.cs
+++ b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/NoSniffCheck.cs
@@ -1,4 +1,5 @@
 using Umbraco.Core;
+using Umbraco.Core.IO;
 using Umbraco.Core.Services;
 
 namespace Umbraco.Web.HealthCheck.Checks.Security
@@ -10,8 +11,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
         Group = "Security")]
     public class NoSniffCheck : BaseHttpHeaderCheck
     {
-        public NoSniffCheck(IRuntimeState runtime, ILocalizedTextService textService)
-            : base(runtime, textService, "X-Content-Type-Options", "nosniff", "noSniff", false)
+        public NoSniffCheck(IRuntimeState runtime, ILocalizedTextService textService, IIOHelper ioHelper)
+            : base(runtime, textService, "X-Content-Type-Options", "nosniff", "noSniff", false, ioHelper)
         {
         }
     }
diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/XssProtectionCheck.cs b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/XssProtectionCheck.cs
similarity index 90%
rename from src/Umbraco.Web/HealthCheck/Checks/Security/XssProtectionCheck.cs
rename to src/Umbraco.Abstractions/HealthCheck/Checks/Security/XssProtectionCheck.cs
index dc25aa6a65..8881221923 100644
--- a/src/Umbraco.Web/HealthCheck/Checks/Security/XssProtectionCheck.cs
+++ b/src/Umbraco.Abstractions/HealthCheck/Checks/Security/XssProtectionCheck.cs
@@ -1,4 +1,5 @@
 using Umbraco.Core;
+using Umbraco.Core.IO;
 using Umbraco.Core.Services;
 
 namespace Umbraco.Web.HealthCheck.Checks.Security
@@ -15,8 +16,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security
         // and the blog post of Troy Hunt (https://www.troyhunt.com/understanding-http-strict-transport/)
         // If you want do to it perfectly, you have to submit it https://hstspreload.appspot.com/,
         // but then you should include subdomains and I wouldn't suggest to do that for Umbraco-sites.
-        public XssProtectionCheck(IRuntimeState runtime, ILocalizedTextService textService)
-            : base(runtime, textService, "X-XSS-Protection", "1; mode=block", "xssProtection", true)
+        public XssProtectionCheck(IRuntimeState runtime, ILocalizedTextService textService, IIOHelper ioHelper)
+            : base(runtime, textService, "X-XSS-Protection", "1; mode=block", "xssProtection", true, ioHelper)
         {
         }
     }
diff --git a/src/Umbraco.Abstractions/Umbraco.Abstractions.csproj b/src/Umbraco.Abstractions/Umbraco.Abstractions.csproj
index fb5d256c95..144cdb33b6 100644
--- a/src/Umbraco.Abstractions/Umbraco.Abstractions.csproj
+++ b/src/Umbraco.Abstractions/Umbraco.Abstractions.csproj
@@ -26,6 +26,7 @@
     </ItemGroup>
 
     <ItemGroup>
+      <Folder Include="HealthCheck\NotificationMethods\" />
       <Folder Include="Logging\Viewer" />
       <Folder Include="Migrations\Upgrade\V_8_6_0" />
     </ItemGroup>