changed to set DES encryption obsolte

added configuration ExceptionDetailsEnabled to hide exception detials
michaelschwarz · Oct 10, 2024 · 913f4b3 · 913f4b3
1 parent b39fc89
commit 913f4b3
Show file tree

Hide file tree

Showing 7 changed files with 243 additions and 175 deletions.
diff --git a/AjaxPro/Configuration/AjaxSettingsSectionHandler.cs b/AjaxPro/Configuration/AjaxSettingsSectionHandler.cs
@@ -37,6 +37,7 @@
  * MS	21-10-27	added allowed customized types for JSON deserialization
  * MS	21-10-30	added contentSecurityPolicy to specify a nonce for all scripts
  * MS   23-05-25    added a configuration to not throw an exception when a property is not supported to read from
+ * MS   24-10-10    added configuration ExceptionDetailsEnabled to hide exception detials
  * 
  * 
  * 
@@ -162,6 +163,11 @@ public object Create(object parent, object configContext, System.Xml.XmlNode sec
                     if (n.SelectSingleNode("@enabled") != null && n.SelectSingleNode("@enabled").InnerText == "true")
                         settings.IgnoreNotSupportedProperties = true;
                 }
+                else if (n.Name == "exceptionDetails")
+                {
+                    if (n.SelectSingleNode("@enabled") != null && n.SelectSingleNode("@enabled").InnerText == "true")
+                        settings.ExceptionDetailsEnabled = true;
+                }
                 else if (n.Name == "contentSecurityPolicy")
                 {
                     var a = n.SelectSingleNode("@nonce");

diff --git a/AjaxPro/JSON/Converters/ExceptionConverter.cs b/AjaxPro/JSON/Converters/ExceptionConverter.cs
@@ -27,6 +27,7 @@
  * MS	06-05-24	initial version
  * MS	06-09-24	use QuoteString instead of Serialize
  * MS	06-09-26	improved performance using StringBuilder
+ * MS   24-10-10    added configuration ExceptionDetailsEnabled to hide exception detials
  * 
  * 
  */
@@ -83,25 +84,33 @@ public override void Serialize(object o, StringBuilder sb)
             // in the object the callback JavaScript method will get.
 
             sb.Append("{\"Message\":");
-            JavaScriptUtil.QuoteString(ex.Message, sb);
-            sb.Append(",\"Type\":");
-            JavaScriptUtil.QuoteString(o.GetType().FullName, sb);
-#if (!JSONLIB)
-            if (AjaxPro.Utility.Settings.DebugEnabled)
-            {
-                sb.Append(",\"Stack\":");
-                JavaScriptUtil.QuoteString(ex.StackTrace, sb);
 
-                if (ex.TargetSite != null)
+            if (!AjaxPro.Utility.Settings.ExceptionDetailsEnabled)
+            {
+                JavaScriptUtil.QuoteString("An error occurred.", sb);
+            }
+            else
+            {
+                JavaScriptUtil.QuoteString(ex.Message, sb);
+                sb.Append(",\"Type\":");
+                JavaScriptUtil.QuoteString(o.GetType().FullName, sb);
+#if (!JSONLIB)
+                if (AjaxPro.Utility.Settings.DebugEnabled)
                 {
-                    sb.Append(",\"TargetSite\":");
-                    JavaScriptUtil.QuoteString(ex.TargetSite.ToString(), sb);
-                }
+                    sb.Append(",\"Stack\":");
+                    JavaScriptUtil.QuoteString(ex.StackTrace, sb);
 
-                sb.Append(",\"Source\":");
-                JavaScriptUtil.QuoteString(ex.Source, sb);
-            }
+                    if (ex.TargetSite != null)
+                    {
+                        sb.Append(",\"TargetSite\":");
+                        JavaScriptUtil.QuoteString(ex.TargetSite.ToString(), sb);
+                    }
+
+                    sb.Append(",\"Source\":");
+                    JavaScriptUtil.QuoteString(ex.Source, sb);
+                }
 #endif
+            }
             sb.Append("}");
         }
 

diff --git a/AjaxPro/Security/DecryptTransformer.cs b/AjaxPro/Security/DecryptTransformer.cs
@@ -23,6 +23,11 @@
  * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 
  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
+/*
+ * MS	24-10-10	changed to set DES encryption obsolete
+ * 
+ * 
+ */
 using System;
 using System.Security.Cryptography;
 
@@ -76,7 +81,14 @@ internal ICryptoTransform GetCryptoServiceProvider(byte[] bytesKey)
 					rijndael.Mode = CipherMode.CBC;
 					return rijndael.CreateDecryptor(bytesKey, initVec);
 
-				default:
+                case EncryptionAlgorithm.Aes:
+                    AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
+                    aes.Mode = CipherMode.CBC;
+                    aes.Key = bytesKey;
+                    aes.IV = initVec;
+                    return aes.CreateDecryptor();
+
+                default:
 					throw new CryptographicException("Algorithm ID '" + algorithmID + "' not supported!");
 			}
 		}