Fine tuned data validation

Author: kavejo

AzureFunctions/AnalyzeRequestIP.cs

@@ -1,6 +1,6 @@
 using Microsoft.Extensions.Logging;
 using System.Net;
-using System.Runtime.CompilerServices;
+using System.Net.Sockets;
 
 namespace AzureFunctions
 {
@@ -26,21 +26,38 @@ public static bool IsIpAllowed(IPAddress? ipAddress, ILogger logger)
                 logger.LogInformation("Request not allowed as there are no ALLOWED_HOSTS configured");
                 return false;
             }
+
+            if ((String.Equals(_allowedHostsString, "ALL", StringComparison.OrdinalIgnoreCase) == true) || 
+                (String.Equals(_allowedHostsString, "ANY", StringComparison.OrdinalIgnoreCase) == true) ||
+                (String.Equals(_allowedHostsString, "*", StringComparison.OrdinalIgnoreCase) == true))
+            {
+                logger.LogInformation("Request allowed as ALLOWED_HOSTS is set to any of ALL/ANY/* which permits requests from any client");
+                return true;
+            }
+
             _allowedHosts = _allowedHostsString.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList();
 
             foreach (string host in _allowedHosts)
             {
                 logger.LogInformation(String.Format("  Resolving hosts: {0}", host));
-                IPAddress[] resolvedIPs = Dns.GetHostAddresses(host);
-                foreach (var resolvedIP in resolvedIPs)
+                try
                 {
-                    logger.LogInformation(String.Format("    Analysing IP: {0}", resolvedIP.ToString()));
-                    if (!_allowedIPs.Contains(resolvedIP.ToString()))
+                    IPAddress[] resolvedIPs = Dns.GetHostAddresses(host);
+                    foreach (var resolvedIP in resolvedIPs)
                     {
-                        logger.LogInformation(String.Format("    Adding IP {0} to the allowed hosts", resolvedIP.ToString()));
-                        _allowedIPs.Add(resolvedIP.ToString());
+                        logger.LogInformation(String.Format("    Analysing IP: {0}", resolvedIP.ToString()));
+                        if (!_allowedIPs.Contains(resolvedIP.ToString()))
+                        {
+                            logger.LogInformation(String.Format("    Adding IP {0} to the allowed hosts", resolvedIP.ToString()));
+                            _allowedIPs.Add(resolvedIP.ToString());
+                        }
                     }
                 }
+                catch (SocketException ex)
+                {
+                    logger.LogError(ex, String.Format("Failed to resolve host {0} with exception: {1}. This host will not be added to the list of allowed IPs.", host, ex.Message));
+                    continue;
+                }
             }
 
             if (!_allowedIPs.Contains(ipAddress.ToString()))
@@ -49,7 +66,7 @@ public static bool IsIpAllowed(IPAddress? ipAddress, ILogger logger)
                 return false;
             }
 
-            logger.LogInformation("Request IP is is allowed to make requests");
+            logger.LogInformation("Request IP is allowed to make requests");
             return true;
         }
 

AzureFunctions/AssertConfiguration.cs

@@ -1,5 +1,4 @@
-using Microsoft.Extensions.Hosting;
-using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging;
 
 namespace AzureFunctions
 {
@@ -20,13 +19,17 @@ internal class AssertConfiguration
             "EXCHANGE_SMTP_USERNAME",
             "EXCHANGE_SMTP_PASSWORD"
         };
-        
-        public static bool ValidateConfigurationEntries(ILogger logger, List<string> variablesToValidate = null)
+        private static List<string> _numericConfiguration = new List<string> {
+            "ACS_SMTP_PORT",
+            "EXCHANGE_SMTP_PORT"
+        };
+
+        public static bool VerifyConfiguratiopnEntriesExistence(ILogger logger, List<string>? variablesToValidate = null)
         {
-            logger.LogInformation("Entering AzureFunctions:ValidateConfigurationEntries"); 
+            logger.LogInformation("Entering AzureFunctions:VerifyConfiguratiopnEntriesExistence"); 
             if (variablesToValidate != null)
             {
-                logger.LogInformation("Checking all variables as no subset of them is provided");
+                logger.LogInformation("Checking provided variables instead of all config entries");
                 _mandatoryConfiguration = variablesToValidate;
             }
 
@@ -43,5 +46,42 @@ public static bool ValidateConfigurationEntries(ILogger logger, List<string> var
             logger.LogInformation("Configuration validation completed successfully");
             return true;
         }
+
+        public static bool VerifyNumericConfigurationEntries(ILogger logger, List<string>? variablesToValidate = null)
+        {
+            logger.LogInformation("Entering AzureFunctions:VerifyNumericConfigurationEntries");
+            if (variablesToValidate != null)
+            {
+                logger.LogInformation("Checking provided variables instead of all numeric config entries");
+                _numericConfiguration = variablesToValidate;
+            }
+
+            foreach (string configValue in _numericConfiguration)
+            {
+                string? configValueFromEnv = Environment.GetEnvironmentVariable(configValue);
+                logger.LogInformation(String.Format("  Verifying environment variable {0} with value {1}", configValue, configValueFromEnv));
+                if (string.IsNullOrEmpty(configValueFromEnv))
+                {
+                    logger.LogInformation(String.Format("    Environment variable {0} is not configured", configValue));
+                    return false;
+                }
+
+                int numericValue = 0;
+                bool conversionSuccessed = int.TryParse(configValueFromEnv, out numericValue);
+                if (!conversionSuccessed)
+                {
+                    logger.LogInformation(String.Format("    Unable to convert variable {0} to Integer", configValue));
+                    return false;
+                }
+                if (numericValue <= 0)
+                {
+                    logger.LogInformation(String.Format("    Environment variable {0} is not a positive Integer", configValue));
+                    return false;
+                }
+            }
+
+            logger.LogInformation("Interger configuration validation completed successfully");
+            return true;
+        }
     }
 }

AzureFunctions/SendMailViaEXCH.cs

@@ -15,6 +15,7 @@ public class SendMailViaEXCH
     private readonly ILogger<SendMailViaEXCH> _logger;
     private EmailMessageRequest? _emailMessageRequest = null!;
     private readonly List<string> _mandatoryConfigurationEntries = new List<string> { "ALLOWED_HOSTS", "EXCHANGE_SMTP_ENDPOINT", "EXCHANGE_SMTP_PORT", "EXCHANGE_SMTP_USERNAME", "EXCHANGE_SMTP_PASSWORD" };
+    private readonly List<string> _mandatoryNumericConfigurationEntries = new List<string> { "EXCHANGE_SMTP_PORT" };
     private readonly string? _smtpEndpoint = Environment.GetEnvironmentVariable("EXCHANGE_SMTP_ENDPOINT");
     private readonly string? _smtpPort = Environment.GetEnvironmentVariable("EXCHANGE_SMTP_PORT");
     private readonly string? _smtpUsername = Environment.GetEnvironmentVariable("EXCHANGE_SMTP_USERNAME");
@@ -33,13 +34,21 @@ public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous,
         _logger.LogInformation(String.Format("Host: {0}.", req.Host));
         _logger.LogInformation(String.Format("Method: {0}..", req.Method));
 
-        if (!AssertConfiguration.ValidateConfigurationEntries(_logger, _mandatoryConfigurationEntries))
+        if (!AssertConfiguration.VerifyConfiguratiopnEntriesExistence(_logger, _mandatoryConfigurationEntries))
         {
-            return new ObjectResult(String.Format("One or more of the following environment variables are missing: {0}.", _mandatoryConfigurationEntries))
+            return new ObjectResult(String.Format("One or more of the following environment variables are missing: {0}.", String.Join(",", _mandatoryConfigurationEntries)))
             {
                 StatusCode = 500,
             };
         }
+        if (!AssertConfiguration.VerifyNumericConfigurationEntries(_logger, _mandatoryNumericConfigurationEntries))
+        {
+            return new ObjectResult(String.Format("One or more of the following environment variables is not an Integer: {0}.", String.Join(",", _mandatoryConfigurationEntries)))
+            {
+                StatusCode = 500,
+            };
+        }
+
         if (!AnalyzeRequestIP.IsIpAllowed(req.HttpContext.Connection.RemoteIpAddress, _logger))
         {
             return new UnauthorizedObjectResult(String.Format("Requests coming from IP {0} are not allowed.", req.HttpContext.Connection.RemoteIpAddress));
@@ -49,12 +58,17 @@ public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous,
             return new BadRequestObjectResult(String.Format("Requests method {0} is not allowed.", req.Method));
         }
 
-        int.TryParse(_smtpPort, out _numericSmtpPort);
+        bool conversionSuccessed = int.TryParse(_smtpPort, out _numericSmtpPort);
+        if (!conversionSuccessed)
+        {
+            return new UnprocessableEntityObjectResult(String.Format("Unable to convert SMTP port number: {0}.", _smtpPort));
+        }
         if (_numericSmtpPort <= 0)
         {
             return new UnprocessableEntityObjectResult(String.Format("Invalid SMTP port number: {0}.", _smtpPort));
         }
 
+
         if (String.Equals(req.Method, "POST", StringComparison.OrdinalIgnoreCase))
         {
             if (req.ContentType != "application/json")

AzureFunctions/SendMailViaREST.cs

@@ -28,9 +28,9 @@ public async Task<IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous,
         _logger.LogInformation(String.Format("Host: {0}.", req.Host));
         _logger.LogInformation(String.Format("Method: {0}.", req.Method));
 
-        if (!AssertConfiguration.ValidateConfigurationEntries(_logger, _mandatoryConfigurationEntries))
+        if (!AssertConfiguration.VerifyConfiguratiopnEntriesExistence(_logger, _mandatoryConfigurationEntries))
         {
-            return new ObjectResult(String.Format("One or more of the following environment variables are missing: {0}.", _mandatoryConfigurationEntries))
+            return new ObjectResult(String.Format("One or more of the following environment variables are missing: {0}.", String.Join(",", _mandatoryConfigurationEntries)))
             {
                 StatusCode = 500,
             };

AzureFunctions/SendMailViaSMTP.cs

@@ -15,6 +15,7 @@ public class SendMailViaSMTP
     private readonly ILogger<SendMailViaSMTP> _logger;
     private EmailMessageRequest? _emailMessageRequest = null!;
     private readonly List<string> _mandatoryConfigurationEntries = new List<string> { "ALLOWED_HOSTS", "ACS_SMTP_ENDPOINT", "ACS_SMTP_PORT", "ACS_SMTP_USERNAME", "ACS_SMTP_PASSWORD" };
+    private readonly List<string> _mandatoryNumericConfigurationEntries = new List<string> { "ACS_SMTP_PORT" };
     private readonly string? _smtpEndpoint = Environment.GetEnvironmentVariable("ACS_SMTP_ENDPOINT");
     private readonly string? _smtpPort = Environment.GetEnvironmentVariable("ACS_SMTP_PORT");
     private readonly string? _smtpUsername = Environment.GetEnvironmentVariable("ACS_SMTP_USERNAME");
@@ -33,13 +34,21 @@ public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous,
         _logger.LogInformation(String.Format("Host: {0}.", req.Host));
         _logger.LogInformation(String.Format("Method: {0}.", req.Method));
 
-        if (!AssertConfiguration.ValidateConfigurationEntries(_logger, _mandatoryConfigurationEntries))
+        if (!AssertConfiguration.VerifyConfiguratiopnEntriesExistence(_logger, _mandatoryConfigurationEntries))
         {
-            return new ObjectResult(String.Format("One or more of the following environment variables are missing: {0}.", _mandatoryConfigurationEntries))
+            return new ObjectResult(String.Format("One or more of the following environment variables are missing: {0}.", String.Join(",", _mandatoryConfigurationEntries)))
             {
                 StatusCode = 500,
             };
         }
+        if (!AssertConfiguration.VerifyNumericConfigurationEntries(_logger, _mandatoryNumericConfigurationEntries))
+        {
+            return new ObjectResult(String.Format("One or more of the following environment variables is not an Integer: {0}.", String.Join(",", _mandatoryConfigurationEntries)))
+            {
+                StatusCode = 500,
+            };
+        }
+
         if (!AnalyzeRequestIP.IsIpAllowed(req.HttpContext.Connection.RemoteIpAddress, _logger))
         {
             return new UnauthorizedObjectResult(String.Format("Requests coming from IP {0} are not allowed.", req.HttpContext.Connection.RemoteIpAddress));
@@ -49,7 +58,11 @@ public async Task<IActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous,
             return new BadRequestObjectResult(String.Format("Requests method {0} is not allowed.", req.Method));
         }
 
-        int.TryParse(_smtpPort, out _numericSmtpPort);
+        bool conversionSuccessed = int.TryParse(_smtpPort, out _numericSmtpPort);
+        if (!conversionSuccessed)
+        {
+            return new UnprocessableEntityObjectResult(String.Format("Unable to convert SMTP port number: {0}.", _smtpPort));
+        }
         if (_numericSmtpPort <= 0)
         {
             return new UnprocessableEntityObjectResult(String.Format("Invalid SMTP port number: {0}.", _smtpPort));