AlexsDesignStudy

From CSSEMediaWiki
Revision as of 23:16, 25 September 2009 by AlexGee (Talk | contribs)
Jump to: navigation, search

Contents

SiteSearcher

My design study is on a C# application built for the 400 level secure software course. The application scans websites in a brute force manner trying to find common URL components. When a page or object is found it is saved. If the object is an HTML file then it is scanned and dependencies are downloaded onto the local file system. The HTML page is then transformed to link to these local entities. The program can save the state of objects into XML and restore them to their previous state when loaded.

UML Overview

AlexUML1.png

UML goes here

Patterns

To implement this several patterns are used:

  • Singleton - This pattern is in the ConnectionPool class. The Connection pool handles a global tally of connections to insure that we do not in inadvertently DoS a website.
  • Facade - The NetUtils class is a facade that simplifies the process of dealing with HTTP connections.
  • Strategy - The ObjectHandler and all it's subclasses act as a Strategy for dealing with files that are discovered.


Major Classes

NetUtils

This class contains static methods that are common across several classes. These methods are a façade abstracting the System.IO and System.Net libraries to an interface that is specific to HTTP get operations.

BruteForm

The brute form contains all the code involved in the parsing of attack strings. The NetUtils class is used to retrieve objects once the URL is determined. Additional processing is preformed by ObjectHandlers which are created dynamically based on the type of file that has been discovered.

Program

This class is a hangover from the default C# template.

ConnectionPool

The connection pool is a singleton class that maintains the a list of all active connections. The class simply holds a HashMap of strings. When a URL is requested from the ConnectionPool it first trims the URL down to the target domain. This string is then tested against HashMap. If the map does not contain the string it is entered. If it does then the value is checked against the ConnectionPool's maxConnetions member. The method returns true if a connection is allowed and false if it is not.

Personal tools