From 50e671c40c7bc1a83f7cb43c6c9e794390828e82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damian=20B=C3=BCchel?= <damian.buechel@let.ethz.ch>
Date: Tue, 3 Mar 2020 15:38:48 +0100
Subject: [PATCH] SEBWIN-374: Implemented sanitation mechanism for browser
 engine data in legacy configuration files.

---
 .../ConfigurationData/DataProcessor.cs        |  92 ++-------------
 .../ConfigurationData/Json.cs                 | 106 ++++++++++++++++++
 .../SafeExamBrowser.Configuration.csproj      |   1 +
 3 files changed, 119 insertions(+), 80 deletions(-)
 create mode 100644 SafeExamBrowser.Configuration/ConfigurationData/Json.cs

diff --git a/SafeExamBrowser.Configuration/ConfigurationData/DataProcessor.cs b/SafeExamBrowser.Configuration/ConfigurationData/DataProcessor.cs
index a0c9df35..e5767903 100644
--- a/SafeExamBrowser.Configuration/ConfigurationData/DataProcessor.cs
+++ b/SafeExamBrowser.Configuration/ConfigurationData/DataProcessor.cs
@@ -8,11 +8,10 @@
 
 using System;
 using System.Collections.Generic;
-using System.Globalization;
 using System.IO;
-using System.Linq;
 using System.Security.Cryptography;
 using SafeExamBrowser.Settings;
+using SafeExamBrowser.Settings.Applications;
 
 namespace SafeExamBrowser.Configuration.ConfigurationData
 {
@@ -22,6 +21,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 		{
 			AllowReconfiguration(settings);
 			CalculateConfigurationKey(rawData, settings);
+			RemoveLegacyBrowser(settings);
 		}
 
 		private void AllowReconfiguration(AppSettings settings)
@@ -35,7 +35,7 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			using (var stream = new MemoryStream())
 			using (var writer = new StreamWriter(stream))
 			{
-				Serialize(rawData, writer);
+				Json.Serialize(rawData, writer);
 
 				writer.Flush();
 				stream.Seek(0, SeekOrigin.Begin);
@@ -47,91 +47,23 @@ namespace SafeExamBrowser.Configuration.ConfigurationData
 			}
 		}
 
-		private void Serialize(IDictionary<string, object> dictionary, StreamWriter stream)
+		private void RemoveLegacyBrowser(AppSettings settings)
 		{
-			var orderedByKey = dictionary.OrderBy(d => d.Key, StringComparer.InvariantCulture).ToList();
+			var legacyBrowser = default(WhitelistApplication);
 
-			stream.Write('{');
-
-			foreach (var kvp in orderedByKey)
+			foreach (var application in settings.Applications.Whitelist)
 			{
-				var process = true;
+				var isEnginePath = application.ExecutablePath?.Contains("xulrunner") == true;
+				var isFirefox = application.ExecutableName?.Equals("firefox.exe", StringComparison.OrdinalIgnoreCase) == true;
+				var isXulRunner = application.ExecutableName?.Equals("xulrunner.exe", StringComparison.OrdinalIgnoreCase) == true;
 
-				process &= !kvp.Key.Equals(Keys.General.OriginatorVersion, StringComparison.OrdinalIgnoreCase);
-				process &= !(kvp.Value is IDictionary<string, object> d) || d.Any();
-
-				if (process)
+				if (isEnginePath && (isFirefox || isXulRunner))
 				{
-					stream.Write('"');
-					stream.Write(kvp.Key);
-					stream.Write('"');
-					stream.Write(':');
-					Serialize(kvp.Value, stream);
-
-					if (kvp.Key != orderedByKey.Last().Key)
-					{
-						stream.Write(',');
-					}
+					legacyBrowser = application;
 				}
 			}
 
-			stream.Write('}');
-		}
-
-		private void Serialize(IList<object> list, StreamWriter stream)
-		{
-			stream.Write('[');
-
-			foreach (var item in list)
-			{
-				Serialize(item, stream);
-
-				if (item != list.Last())
-				{
-					stream.Write(',');
-				}
-			}
-
-			stream.Write(']');
-		}
-
-		private void Serialize(object value, StreamWriter stream)
-		{
-			switch (value)
-			{
-				case IDictionary<string, object> dictionary:
-					Serialize(dictionary, stream);
-					break;
-				case IList<object> list:
-					Serialize(list, stream);
-					break;
-				case byte[] data:
-					stream.Write('"');
-					stream.Write(Convert.ToBase64String(data));
-					stream.Write('"');
-					break;
-				case DateTime date:
-					stream.Write(date.ToString("o"));
-					break;
-				case bool boolean:
-					stream.Write(boolean.ToString().ToLower());
-					break;
-				case int integer:
-					stream.Write(integer.ToString(NumberFormatInfo.InvariantInfo));
-					break;
-				case double number:
-					stream.Write(number.ToString(NumberFormatInfo.InvariantInfo));
-					break;
-				case string text:
-					stream.Write('"');
-					stream.Write(text);
-					stream.Write('"');
-					break;
-				case null:
-					stream.Write('"');
-					stream.Write('"');
-					break;
-			}
+			settings.Applications.Whitelist.Remove(legacyBrowser);
 		}
 	}
 }
diff --git a/SafeExamBrowser.Configuration/ConfigurationData/Json.cs b/SafeExamBrowser.Configuration/ConfigurationData/Json.cs
new file mode 100644
index 00000000..7c023fdd
--- /dev/null
+++ b/SafeExamBrowser.Configuration/ConfigurationData/Json.cs
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2020 ETH Zürich, Educational Development and Technology (LET)
+ * 
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using System.IO;
+using System.Linq;
+
+namespace SafeExamBrowser.Configuration.ConfigurationData
+{
+	internal static class Json
+	{
+		internal static void Serialize(IDictionary<string, object> dictionary, StreamWriter stream)
+		{
+			var orderedByKey = dictionary.OrderBy(d => d.Key, StringComparer.InvariantCulture).ToList();
+
+			stream.Write('{');
+
+			foreach (var kvp in orderedByKey)
+			{
+				var process = true;
+
+				process &= !kvp.Key.Equals(Keys.General.OriginatorVersion, StringComparison.OrdinalIgnoreCase);
+				process &= !(kvp.Value is IDictionary<string, object> d) || d.Any();
+
+				if (process)
+				{
+					stream.Write('"');
+					stream.Write(kvp.Key);
+					stream.Write('"');
+					stream.Write(':');
+					Serialize(kvp.Value, stream);
+
+					if (kvp.Key != orderedByKey.Last().Key)
+					{
+						stream.Write(',');
+					}
+				}
+			}
+
+			stream.Write('}');
+		}
+
+		private static void Serialize(IList<object> list, StreamWriter stream)
+		{
+			stream.Write('[');
+
+			foreach (var item in list)
+			{
+				Serialize(item, stream);
+
+				if (item != list.Last())
+				{
+					stream.Write(',');
+				}
+			}
+
+			stream.Write(']');
+		}
+
+		private static void Serialize(object value, StreamWriter stream)
+		{
+			switch (value)
+			{
+				case IDictionary<string, object> dictionary:
+					Serialize(dictionary, stream);
+					break;
+				case IList<object> list:
+					Serialize(list, stream);
+					break;
+				case byte[] data:
+					stream.Write('"');
+					stream.Write(Convert.ToBase64String(data));
+					stream.Write('"');
+					break;
+				case DateTime date:
+					stream.Write(date.ToString("o"));
+					break;
+				case bool boolean:
+					stream.Write(boolean.ToString().ToLower());
+					break;
+				case int integer:
+					stream.Write(integer.ToString(NumberFormatInfo.InvariantInfo));
+					break;
+				case double number:
+					stream.Write(number.ToString(NumberFormatInfo.InvariantInfo));
+					break;
+				case string text:
+					stream.Write('"');
+					stream.Write(text);
+					stream.Write('"');
+					break;
+				case null:
+					stream.Write('"');
+					stream.Write('"');
+					break;
+			}
+		}
+	}
+}
diff --git a/SafeExamBrowser.Configuration/SafeExamBrowser.Configuration.csproj b/SafeExamBrowser.Configuration/SafeExamBrowser.Configuration.csproj
index dde70438..be9324c2 100644
--- a/SafeExamBrowser.Configuration/SafeExamBrowser.Configuration.csproj
+++ b/SafeExamBrowser.Configuration/SafeExamBrowser.Configuration.csproj
@@ -67,6 +67,7 @@
     <Compile Include="ConfigurationData\DataMapping\ServiceDataMapper.cs" />
     <Compile Include="ConfigurationData\DataMapping\UserInterfaceDataMapper.cs" />
     <Compile Include="ConfigurationData\DataProcessor.cs" />
+    <Compile Include="ConfigurationData\Json.cs" />
     <Compile Include="ConfigurationData\Keys.cs" />
     <Compile Include="ConfigurationData\DataValues.cs" />
     <Compile Include="Cryptography\CertificateStore.cs" />