diff --git a/src/Pidget.AspNet/RequestDataProvider.cs b/src/Pidget.AspNet/RequestDataProvider.cs index 02a4446..48ccd26 100644 --- a/src/Pidget.AspNet/RequestDataProvider.cs +++ b/src/Pidget.AspNet/RequestDataProvider.cs @@ -23,6 +23,7 @@ public RequestData GetRequestData(HttpRequest request) Cookies = GetCookies(request), Headers = GetHeaders(request), QueryString = GetQueryString(request), + Environment = GetEnvironmentVariables() }; public string GetUrl(HttpRequest request) @@ -57,6 +58,9 @@ public IDictionary GetForm(HttpRequest request) ? _sanitizer.SanitizeForm(request) : null; + public IDictionary GetEnvironmentVariables() + => _sanitizer.GetSanitizedEnvironmentVairables(); + private bool IsUrlEncodedForm(string contentType) => contentType != null && contentType.Equals( value: "application/x-www-form-urlencoded", diff --git a/src/Pidget.AspNet/Sanitizing/RequestSanitizer.cs b/src/Pidget.AspNet/Sanitizing/RequestSanitizer.cs index c26cbdc..7838578 100644 --- a/src/Pidget.AspNet/Sanitizing/RequestSanitizer.cs +++ b/src/Pidget.AspNet/Sanitizing/RequestSanitizer.cs @@ -30,6 +30,15 @@ public IDictionary SanitizeCookies(HttpRequest request) public IDictionary SanitizeQuery(HttpRequest request) => request.Query.ToDictionary(k => k.Key, SanitizeHeaderValue); + public IDictionary GetSanitizedEnvironmentVairables() + { + var envVars = Environment.GetEnvironmentVariables(); + + return envVars.Keys.Cast() + .ToDictionary(k => k, k + => SanitizeValue(k, (string)envVars[k])); + } + private string SanitizeCookieValue( KeyValuePair kvp) => IsAuth(kvp.Key) || IsSession(kvp.Key) diff --git a/test/Pidget.AspNet.Test/RequestDataProviderTests.cs b/test/Pidget.AspNet.Test/RequestDataProviderTests.cs index 94856bd..5bdbab9 100644 --- a/test/Pidget.AspNet.Test/RequestDataProviderTests.cs +++ b/test/Pidget.AspNet.Test/RequestDataProviderTests.cs @@ -190,6 +190,17 @@ public void NullForm_ReturnsNull() Assert.Null(form); } + [Theory, InlineData("ASPNET_ENVIRONMENT", "Development")] + public void SetsEnvironmentVariables(string name, string value) + { + Environment.SetEnvironmentVariable(name, value); + + var envVars = RequestData.GetEnvironmentVariables(); + + Assert.Contains(name, envVars.Keys); + Assert.Contains(value, envVars.Values); + } + public void GetData() { var requestMock = new Mock(); @@ -229,6 +240,8 @@ public void GetData() PairsToDictionary(new[] { "foo=bar" }, s => new StringValues(s)))) .Verifiable(); + Environment.SetEnvironmentVariable("foo", "bar"); + var request = RequestData.GetRequestData(requestMock.Object); requestMock.Verify(); @@ -239,6 +252,8 @@ public void GetData() Assert.NotNull(request.Headers); Assert.NotNull(request.Cookies); Assert.NotNull(request.Data); + Assert.True(request.Environment + .Contains(new KeyValuePair("foo", "bar"))); } private static Dictionary PairsToDictionary( diff --git a/test/Pidget.AspNet.Test/RequestSanitizerTests.cs b/test/Pidget.AspNet.Test/RequestSanitizerTests.cs index 2d66e74..50cdc9b 100644 --- a/test/Pidget.AspNet.Test/RequestSanitizerTests.cs +++ b/test/Pidget.AspNet.Test/RequestSanitizerTests.cs @@ -119,5 +119,19 @@ public void GetQuery_ReturnsProvidedQuery(string query, string expectedQuery) Assert.Equal(expectedQuery, actual: QueryString.Create(sanitizedParams).ToUriComponent()); } + + [Theory, InlineData("password", "foo", "OMITTED")] + public void SanitizesEnvironmentVariables(string name, + string value, + string expectedValue) + { + Environment.SetEnvironmentVariable(name, value); + + var sanitizedParams = RequestSanitizer.Default + .GetSanitizedEnvironmentVairables(); + + Assert.Equal(expectedValue, + actual: sanitizedParams[name]); + } } }