6.1.10

- [ENHANCEMENT] adding new ExecuteCustomReaderProcedureSetup ado function which returns an SLQ command object
- [BUG FIX] no longer serializing responses for static, restful and head requests
- [BUG FIX] memcache cas flush
- [ENHANCEMENT] updated firebaseadmin
- [ENHANCEMENT] updated Microsoft.Extensions.Logging.Log4Net.AspNetCore
- [ENHANCEMENT] added ConsoleConfiguration as a way to setup console apps easily
- [ENHANCEMENT] html sanitizer updated package as had vulnerability
- [ENHANCEMENT] html sanitizer keys removed from appsettings and added to apiconfig

Author: lanesCSO

db/configuration/data script/APPSettings.sql

@@ -229,9 +229,6 @@ FROM TS_API_SETTING
 where API_KEY = 'API_SESSION_COOKIE')
 INSERT INTO TS_API_SETTING VALUES(@APIID,'API_SESSION_COOKIE','session','API - Session Cookie (case sensitive)',0);
 
-
-
-
 IF NOT EXISTS
 (SELECT 1
 FROM TS_API_SETTING
@@ -243,10 +240,55 @@ IF NOT EXISTS
 (SELECT 1
 FROM TS_API_SETTING
 where API_KEY = 'API_AD_BLACKLIST_OUS')
-INSERT INTO TS_API_SETTING VALUES(@APIID,'API_AD_BLACKLIST_OUS','','List of OU\''s to exclude from AD queries',1);
+INSERT INTO TS_API_SETTING VALUES(@APIID,'API_AD_BLACKLIST_OUS','','List of OU\'s to exclude from AD queries',1);
 
 IF NOT EXISTS
 (SELECT 1
 FROM TS_API_SETTING
 where API_KEY = 'API_DATETIME_FORMAT')
 INSERT INTO TS_API_SETTING VALUES(@APIID,'API_DATETIME_FORMAT','','List of allowed datetime masks',0);
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_ALLOWED_TAGS')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_ALLOWED_TAGS','','List of allowed tags to remove',0);
+
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_ALLOWED_ATTRIBUTES')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_ALLOWED_ATTRIBUTES','','List of allowed attributes to remove',0);
+
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_ALLOWED_CSSCLASSESS')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_ALLOWED_CSSCLASSESS','','List of css classes to remove',0);
+
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_ALLOWED_CSSPROPERTIES')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_ALLOWED_CSSPROPERTIES','','List of css properties to remove',0);
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_ALLOWED_ATRULES')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_ALLOWED_ATRULES','','List of \'at rules\' to remove',0);
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_ALLOWED_SCHEMES')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_ALLOWED_SCHEMES','','List of schemes to remove',0);
+
+IF NOT EXISTS
+(SELECT 1
+FROM TS_API_SETTING
+where API_KEY = 'SANITIZER_REMOVE_URI_ATTRIBUTES')
+INSERT INTO TS_API_SETTING VALUES(@APIID,'SANITIZER_REMOVE_URI_ATTRIBUTES','','List of URI attributes to remove',0);

rls/API.Library.dll

@@ -1,14 +1,14 @@
 {
   "apiConfig": {
-    "CONFIG_VERSION": 1.0,
+    "CONFIG_VERSION": 2.0,
     "API_FIREBASE_ENABLED": false,
     "API_FIREBASE_APP_NAME": "domain.extension",
-    "API_PERFORMANCE_ENABLED": true,
+    "API_PERFORMANCE_ENABLED": false,
     "API_PERFORMANCE_DATABASE": "defaultConnection",
-    "API_MEMCACHED_SALSA": "apd_test1",
+    "API_MEMCACHED_SALSA": "",
     "API_MEMCACHED_MAX_VALIDITY": "2592000",
     "API_MEMCACHED_MAX_SIZE": "128",
-    "API_MEMCACHED_ENABLED": true,
+    "API_MEMCACHED_ENABLED": FALSE,
     "API_EMAIL_ENABLED": false,
     "API_EMAIL_MAIL_NOREPLY": "",
     "API_EMAIL_MAIL_SENDER": "",
@@ -22,18 +22,24 @@
     "API_RECAPTCHA_PRIVATE_KEY": false,
     "API_RECAPTCHA_URL": "https://www.google.com/recaptcha/api/siteverify?secret=0&response=1",
     "API_RECAPTCHA_ENABLED": false,
-    "API_AD_DOMAIN": "",
+    "API_AD_DOMAIN": "CSOCORK",
     "API_AD_PATH": "",
     "API_AD_USERNAME": "",
     "API_AD_PASSWORD": "",
-    "API_AD_CUSTOM_PROPERTIES": "Manager,Division,Title,Department,Directorate,HeadOfDivision,ExternalAccess",
-    "API_AD_BLACKLIST_OUS": "Azure Sync User Group,VDI Users Group,IGSS Users,Household Surveys",
-    "API_MASK_PARAMETERS": "FileContent,userPrincipal",
+    "API_AD_CUSTOM_PROPERTIES": "",
+    "API_AD_BLACKLIST_OUS": "",
+    "API_MASK_PARAMETERS": "",
     "API_AUTHENTICATION_TYPE": "WINDOWS",
     "API_STATELESS": true,
     "API_SUCCESS": "success",
     "API_SESSION_COOKIE": "session",
     "API_DATETIME_FORMAT": "yyyy-MM-ddTHH:mm,yyyy-MM-dd,yyyy-MM-ddTHH:mm:ss",
-    "API_PERFORMANCE_REQUEST_TIME_INTERVAL": "2"
+    "SANITIZER_REMOVE_ALLOWED_TAGS": "",
+    "SANITIZER_REMOVE_ALLOWED_ATTRIBUTES": "",
+    "SANITIZER_REMOVE_ALLOWED_CSSCLASSESS": "",
+    "SANITIZER_REMOVE_ALLOWED_CSSPROPERTIES": "",
+    "SANITIZER_REMOVE_ALLOWED_ATRULES": "",
+    "SANITIZER_REMOVE_ALLOWED_SCHEMES": "",
+    "SANITIZER_REMOVE_URI_ATTRIBUTES": ""
   }
 }

rls/API.Library.pdb

@@ -1,5 +1,5 @@
 {
   "appConfig": {
-    "CONFIG_VERSION": 1.0
+    "CONFIG_VERSION": 1.0,
   }
 }