Merge branch 'fix-security-issues'

museumsvictoria · May 11, 2021 · 2b03220 · 2b03220
2 parents f4a20a5 + 4a2b233
commit 2b03220
Show file tree

Hide file tree

Showing 14 changed files with 206 additions and 189 deletions.
diff --git a/src/CollectionsOnline.Core/CollectionsOnline.Core.csproj b/src/CollectionsOnline.Core/CollectionsOnline.Core.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>CollectionsOnline.Core</RootNamespace>
     <AssemblyName>CollectionsOnline.Core</AssemblyName>
-    <TargetFrameworkVersion>v4.5.1</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
@@ -33,16 +33,26 @@
     <WarningLevel>4</WarningLevel>
   </PropertyGroup>
   <ItemGroup>
+    <Reference Include="AngleSharp, Version=0.15.0.0, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea">
+      <HintPath>..\packages\AngleSharp.0.15.0\lib\net472\AngleSharp.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="AngleSharp.Css, Version=0.15.0.0, Culture=neutral, PublicKeyToken=e83494dcdc6d31ea">
+      <HintPath>..\packages\AngleSharp.Css.0.15.0\lib\net472\AngleSharp.Css.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="CsQuery">
       <HintPath>..\packages\CsQuery.1.3.4\lib\net40\CsQuery.dll</HintPath>
     </Reference>
     <Reference Include="HtmlAgilityPack">
       <HintPath>..\packages\HtmlAgilityPack.1.4.9\lib\Net45\HtmlAgilityPack.dll</HintPath>
     </Reference>
-    <Reference Include="HtmlSanitizer, Version=2.0.5735.24296, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\HtmlSanitizer.2.0.5735.24296\lib\net40\HtmlSanitizer.dll</HintPath>
+    <Reference Include="HtmlSanitizer, Version=5.0.0.0, Culture=neutral, PublicKeyToken=61c49a1a9e79cc28">
+      <HintPath>..\packages\HtmlSanitizer.5.0.404\lib\net46\HtmlSanitizer.dll</HintPath>
       <Private>True</Private>
     </Reference>
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="mscorlib" />
     <Reference Include="Ninject, Version=3.2.0.0, Culture=neutral, PublicKeyToken=c7192dc5380945e7, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\packages\Ninject.3.2.2.0\lib\net45-full\Ninject.dll</HintPath>
@@ -75,6 +85,14 @@
     <Reference Include="System.ComponentModel.Composition" />
     <Reference Include="System.Configuration" />
     <Reference Include="System.Core" />
+    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.5.0.0\lib\net45\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
+    <Reference Include="System.Text.Encoding.CodePages, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+      <HintPath>..\packages\System.Text.Encoding.CodePages.5.0.0\lib\net461\System.Text.Encoding.CodePages.dll</HintPath>
+      <Private>True</Private>
+    </Reference>
     <Reference Include="System.XML" />
   </ItemGroup>
   <ItemGroup>

diff --git a/src/CollectionsOnline.Core/Utilities/HtmlConverter.cs b/src/CollectionsOnline.Core/Utilities/HtmlConverter.cs
@@ -29,11 +29,13 @@ public static HtmlSanitizerResult HtmlSanitizer(string html)
         {
             var sanitizer = new HtmlSanitizer(DefaultAllowedTags, allowedAttributes:DefaultAllowedAttributes);
 
+            sanitizer.KeepChildNodes = true;
+
             var result = new HtmlSanitizerResult();
 
-            sanitizer.RemovingTag += ((s, e) => { result.HasRemovedTag = true; });
-            sanitizer.RemovingStyle += ((s, e) => { result.HasRemovedStyle = true; });
-            sanitizer.RemovingAttribute += ((s, e) => { result.HasRemovedAttribute = true; });
+            sanitizer.RemovingTag += (s, e) => { result.HasRemovedTag = true; };
+            sanitizer.RemovingStyle += (s, e) => { result.HasRemovedStyle = true; };
+            sanitizer.RemovingAttribute += (s, e) => { result.HasRemovedAttribute = true; };
 
             result.Html = sanitizer.Sanitize(html);
 

diff --git a/src/CollectionsOnline.Core/packages.config b/src/CollectionsOnline.Core/packages.config
@@ -1,11 +1,15 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
+  <package id="HtmlSanitizer" version="5.0.404" targetFramework="net472" />
+  <package id="AngleSharp" version="0.15.0" targetFramework="net472" />
+  <package id="AngleSharp.Css" version="0.15.0" targetFramework="net472" />
   <package id="CsQuery" version="1.3.4" targetFramework="net451" />
   <package id="HtmlAgilityPack" version="1.4.9" targetFramework="net451" />
-  <package id="HtmlSanitizer" version="2.0.5735.24296" targetFramework="net451" />
   <package id="Ninject" version="3.2.2.0" targetFramework="net45" />
   <package id="RavenDB.Client" version="3.5.1" targetFramework="net451" />
   <package id="Serilog" version="1.5.14" targetFramework="net451" />
   <package id="Serilog.Sinks.Seq" version="1.5.27" targetFramework="net451" />
   <package id="SerilogMetrics" version="1.0.33" targetFramework="net451" />
+  <package id="System.Runtime.CompilerServices.Unsafe" version="5.0.0" targetFramework="net472" />
+  <package id="System.Text.Encoding.CodePages" version="5.0.0" targetFramework="net472" />
 </packages>
diff --git a/src/CollectionsOnline.Import/App.config b/src/CollectionsOnline.Import/App.config
@@ -1,59 +1,59 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <startup>
-    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" />
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/>
   </startup>
   <appSettings>
-    <add key="DatabaseUrl" value="" />
-    <add key="DatabaseName" value="" />
-    <add key="EmuServerHost" value="" />
-    <add key="EmuServerPort" value="" />
-    <add key="WebSitePath" value="" />
-    <add key="WebSiteUser" value="" />
-    <add key="WebSitePassword" value="" />
-    <add key="WebSiteComputer" value="" />
-    <add key="WebSiteDomain" value="" />
-    <add key="GoogleApiKey" value="" />
-    <add key="OverwriteExistingMedia" value="false" />
-    <add key="SkipExistingDocuments" value="false" />
-    <add key="SeqUrl" value="" />
-    <add key="serilog:minimum-level" value="Debug" />
-    <add key="serilog:enrich:with-property:Environment" value="Development" />
-    <add key="serilog:enrich:with-property:Application" value="MV Collections Import" />
+    <add key="DatabaseUrl" value=""/>
+    <add key="DatabaseName" value=""/>
+    <add key="EmuServerHost" value=""/>
+    <add key="EmuServerPort" value=""/>
+    <add key="WebSitePath" value=""/>
+    <add key="WebSiteUser" value=""/>
+    <add key="WebSitePassword" value=""/>
+    <add key="WebSiteComputer" value=""/>
+    <add key="WebSiteDomain" value=""/>
+    <add key="GoogleApiKey" value=""/>
+    <add key="OverwriteExistingMedia" value="false"/>
+    <add key="SkipExistingDocuments" value="false"/>
+    <add key="SeqUrl" value=""/>
+    <add key="serilog:minimum-level" value="Debug"/>
+    <add key="serilog:enrich:with-property:Environment" value="Development"/>
+    <add key="serilog:enrich:with-property:Application" value="MV Collections Import"/>
   </appSettings>
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
-        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
+        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="MiniProfiler" publicKeyToken="b44f9351044011a3" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-3.0.10.0" newVersion="3.0.10.0" />
+        <assemblyIdentity name="MiniProfiler" publicKeyToken="b44f9351044011a3" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-3.0.10.0" newVersion="3.0.10.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="System.Net.Http.Primitives" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-4.2.29.0" newVersion="4.2.29.0" />
+        <assemblyIdentity name="System.Net.Http.Primitives" publicKeyToken="b03f5f7f11d50a3a" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-4.2.29.0" newVersion="4.2.29.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Google.Apis" publicKeyToken="4b01fa6e34db77ab" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.9.3.19379" newVersion="1.9.3.19379" />
+        <assemblyIdentity name="Google.Apis" publicKeyToken="4b01fa6e34db77ab" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.9.3.19379" newVersion="1.9.3.19379"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Google.Apis.Core" publicKeyToken="4b01fa6e34db77ab" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.9.3.19379" newVersion="1.9.3.19379" />
+        <assemblyIdentity name="Google.Apis.Core" publicKeyToken="4b01fa6e34db77ab" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.9.3.19379" newVersion="1.9.3.19379"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Google.Apis.PlatformServices" publicKeyToken="4b01fa6e34db77ab" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.9.3.19381" newVersion="1.9.3.19381" />
+        <assemblyIdentity name="Google.Apis.PlatformServices" publicKeyToken="4b01fa6e34db77ab" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.9.3.19381" newVersion="1.9.3.19381"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="Serilog" publicKeyToken="24c2f752a8e58a10" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.5.0.0" newVersion="1.5.0.0" />
+        <assemblyIdentity name="Serilog" publicKeyToken="24c2f752a8e58a10" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.5.0.0" newVersion="1.5.0.0"/>
       </dependentAssembly>
       <dependentAssembly>
-        <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-1.2.14.0" newVersion="1.2.14.0" />
+        <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral"/>
+        <bindingRedirect oldVersion="0.0.0.0-1.2.14.0" newVersion="1.2.14.0"/>
       </dependentAssembly>
     </assemblyBinding>
   </runtime>

diff --git a/src/CollectionsOnline.Import/CollectionsOnline.Import.csproj b/src/CollectionsOnline.Import/CollectionsOnline.Import.csproj
@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>CollectionsOnline.Import</RootNamespace>
     <AssemblyName>CollectionsOnline.Import</AssemblyName>
-    <TargetFrameworkVersion>v4.5.1</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\</SolutionDir>
     <RestorePackages>true</RestorePackages>
@@ -46,28 +46,28 @@
       <HintPath>..\packages\BouncyCastle.1.7.0\lib\Net40-Client\BouncyCastle.Crypto.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Google.Apis, Version=1.9.3.19379, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab, processorArchitecture=MSIL">
-      <HintPath>..\packages\Google.Apis.1.9.3\lib\net40\Google.Apis.dll</HintPath>
+    <Reference Include="Google.Apis, Version=1.51.0.0, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab">
+      <HintPath>..\packages\Google.Apis.1.51.0\lib\net45\Google.Apis.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Google.Apis.Auth, Version=1.9.3.19379, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab, processorArchitecture=MSIL">
-      <HintPath>..\packages\Google.Apis.Auth.1.9.3\lib\net40\Google.Apis.Auth.dll</HintPath>
+    <Reference Include="Google.Apis.Auth, Version=1.51.0.0, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab">
+      <HintPath>..\packages\Google.Apis.Auth.1.51.0\lib\net45\Google.Apis.Auth.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Google.Apis.Auth.PlatformServices, Version=1.9.3.19383, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab, processorArchitecture=MSIL">
-      <HintPath>..\packages\Google.Apis.Auth.1.9.3\lib\net40\Google.Apis.Auth.PlatformServices.dll</HintPath>
+    <Reference Include="Google.Apis.Auth.PlatformServices, Version=1.51.0.0, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab">
+      <HintPath>..\packages\Google.Apis.Auth.1.51.0\lib\net45\Google.Apis.Auth.PlatformServices.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Google.Apis.Core, Version=1.9.3.19379, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab, processorArchitecture=MSIL">
-      <HintPath>..\packages\Google.Apis.Core.1.9.3\lib\portable-net40+sl50+win+wpa81+wp80\Google.Apis.Core.dll</HintPath>
+    <Reference Include="Google.Apis.Core, Version=1.51.0.0, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab">
+      <HintPath>..\packages\Google.Apis.Core.1.51.0\lib\net45\Google.Apis.Core.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Google.Apis.PlatformServices, Version=1.9.3.19381, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab, processorArchitecture=MSIL">
-      <HintPath>..\packages\Google.Apis.1.9.3\lib\net40\Google.Apis.PlatformServices.dll</HintPath>
+    <Reference Include="Google.Apis.PlatformServices, Version=1.51.0.0, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab">
+      <HintPath>..\packages\Google.Apis.1.51.0\lib\net45\Google.Apis.PlatformServices.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Google.Apis.YouTube.v3, Version=1.9.2.154, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab, processorArchitecture=MSIL">
-      <HintPath>..\packages\Google.Apis.YouTube.v3.1.9.2.1540\lib\portable-net40+sl50+win+wpa81+wp80\Google.Apis.YouTube.v3.dll</HintPath>
+    <Reference Include="Google.Apis.YouTube.v3, Version=1.51.0.2294, Culture=neutral, PublicKeyToken=4b01fa6e34db77ab">
+      <HintPath>..\packages\Google.Apis.YouTube.v3.1.51.0.2294\lib\net45\Google.Apis.YouTube.v3.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="imu-1.0.03">
@@ -93,8 +93,8 @@
       <HintPath>..\packages\Microsoft.Bcl.Async.1.0.168\lib\net40\Microsoft.Threading.Tasks.Extensions.Desktop.dll</HintPath>
       <Private>True</Private>
     </Reference>
-    <Reference Include="Newtonsoft.Json, Version=7.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <HintPath>..\packages\Newtonsoft.Json.7.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Newtonsoft.Json, Version=12.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed">
+      <HintPath>..\packages\Newtonsoft.Json.12.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Ninject, Version=3.2.0.0, Culture=neutral, PublicKeyToken=c7192dc5380945e7, processorArchitecture=MSIL">

diff --git a/src/CollectionsOnline.Import/packages.config b/src/CollectionsOnline.Import/packages.config
@@ -2,17 +2,17 @@
 <packages>
   <package id="AutoMapper" version="4.2.1" targetFramework="net451" />
   <package id="BouncyCastle" version="1.7.0" targetFramework="net451" />
-  <package id="Google.Apis" version="1.9.3" targetFramework="net451" />
-  <package id="Google.Apis.Auth" version="1.9.3" targetFramework="net451" />
-  <package id="Google.Apis.Core" version="1.9.3" targetFramework="net451" />
-  <package id="Google.Apis.YouTube.v3" version="1.9.2.1540" targetFramework="net451" />
+  <package id="Google.Apis" version="1.51.0" targetFramework="net451" />
+  <package id="Google.Apis.Auth" version="1.51.0" targetFramework="net451" />
+  <package id="Google.Apis.Core" version="1.51.0" targetFramework="net451" />
+  <package id="Google.Apis.YouTube.v3" version="1.51.0.2294" targetFramework="net451" />
   <package id="log4net" version="2.0.4" targetFramework="net451" />
   <package id="Magick.NET-Q16-HDRI-AnyCPU" version="7.0.1.101" targetFramework="net461" />
   <package id="Microsoft.Bcl" version="1.1.10" targetFramework="net451" />
   <package id="Microsoft.Bcl.Async" version="1.0.168" targetFramework="net451" />
   <package id="Microsoft.Bcl.Build" version="1.0.21" targetFramework="net451" />
   <package id="Microsoft.Net.Http" version="2.2.29" targetFramework="net451" />
-  <package id="Newtonsoft.Json" version="7.0.1" targetFramework="net451" />
+  <package id="Newtonsoft.Json" version="12.0.3" targetFramework="net451" />
   <package id="Ninject" version="3.2.2.0" targetFramework="net45" />
   <package id="ninject.extensions.conventions" version="3.2.0.0" targetFramework="net45" />
   <package id="RavenDB.Client" version="3.5.1" targetFramework="net451" />

diff --git a/src/CollectionsOnline.RedirectWebSite/Web.config b/src/CollectionsOnline.RedirectWebSite/Web.config