Merge pull request #219 from AikidoSec/fix-process-start-patching

Fix process start patching

Author: teta2k

Aikido.Zen.Benchmarks/HttpHelperBenchmarks.cs

@@ -16,6 +16,7 @@ namespace Aikido.Zen.Benchmarks
     [HideColumns(Column.StdErr, Column.StdDev, Column.Error, Column.Min, Column.Max, Column.RatioSD)]
     public class HttpHelperBenchmarks
     {
+        private IDictionary<string, string> _routeParams;
         private IDictionary<string, string> _queryParams;
         private IDictionary<string, string> _headers;
         private IDictionary<string, string> _cookies;
@@ -99,6 +100,12 @@ public void Setup()
                 { "param2", "value2" }
             };
 
+            _routeParams = new Dictionary<string, string>
+            {
+                { "routeParam1", "value1" },
+                { "routeParam2", "value2" }
+            };
+
             _headers = new Dictionary<string, string>
             {
                 { "header1", "value1" },
@@ -126,6 +133,7 @@ public void Setup()
         public async Task ProcessJsonRequest()
         {
             var result = await HttpHelper.ReadAndFlattenHttpDataAsync(
+                _routeParams,
                 _queryParams,
                 _headers,
                 _cookies,
@@ -140,6 +148,7 @@ public async Task ProcessJsonRequest()
         public async Task ProcessXmlRequest()
         {
             var result = await HttpHelper.ReadAndFlattenHttpDataAsync(
+                _routeParams,
                 _queryParams,
                 _headers,
                 _cookies,
@@ -154,6 +163,7 @@ public async Task ProcessXmlRequest()
         public async Task ProcessFormRequest()
         {
             var result = await HttpHelper.ReadAndFlattenHttpDataAsync(
+                _routeParams,
                 _queryParams,
                 _headers,
                 _cookies,
@@ -168,6 +178,7 @@ public async Task ProcessFormRequest()
         public async Task ProcessMultipartFormDataRequest()
         {
             var result = await HttpHelper.ReadAndFlattenHttpDataAsync(
+                _routeParams,
                 _queryParams,
                 _headers,
                 _cookies,

Aikido.Zen.Core/Helpers/HttpHelper.cs

@@ -39,6 +39,7 @@ public class HttpDataResult
         /// <summary>
         /// Reads and flattens HTTP request data into a dictionary with dot-notation keys.
         /// </summary>
+        /// <param name="routeParams">The route parameters dictionary.</param>
         /// <param name="queryParams">The query parameters dictionary.</param>
         /// <param name="headers">The headers dictionary.</param>
         /// <param name="cookies">The cookies dictionary.</param>
@@ -47,6 +48,7 @@ public class HttpDataResult
         /// <param name="contentLength">The content length of the request body.</param>
         /// <returns>A HttpDataResult containing both flattened data and parsed body.</returns>
         public static async Task<HttpDataResult> ReadAndFlattenHttpDataAsync(
+            IDictionary<string, string> routeParams,
             IDictionary<string, string> queryParams,
             IDictionary<string, string> headers,
             IDictionary<string, string> cookies,
@@ -57,6 +59,9 @@ public static async Task<HttpDataResult> ReadAndFlattenHttpDataAsync(
             var result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
             object parsedBody = null;
 
+            // Process Route Parameters
+            UserInputHelper.ProcessRouteParameters(routeParams, result);
+
             // Process Query Parameters
             UserInputHelper.ProcessQueryParameters(queryParams, result);
 

Aikido.Zen.Core/Helpers/ReflectionHelper.cs

@@ -43,7 +43,7 @@ public static MethodInfo GetMethodFromAssembly(string assemblyName, string typeN
                 return null;
             }
 
-            // Attempt to load the assembly
+            // Attempt to resolve the assembly
             if (!_assemblies.TryGetValue(assemblyName, out var assembly))
             {
                 // Check if already loaded
@@ -54,7 +54,7 @@ public static MethodInfo GetMethodFromAssembly(string assemblyName, string typeN
                     try
                     {
                         // Load from the shared framework if it's not already loaded
-                        // Useful for System.Diagnostics.Process which might not be loaded yet
+                        // Useful for late assemblies that might not be loaded yet (eg. `System.Diagnostics` in ProcessPatches)
                         assembly = Assembly.Load(new AssemblyName(assemblyName));
                     }
                     catch

Aikido.Zen.Core/Helpers/UserInputHelper.cs

@@ -51,6 +51,19 @@ public static void ProcessQueryParameters(IDictionary<string, string> queryParam
             }
         }
 
+        /// <summary>
+        /// Processes route parameters and adds them to the result dictionary.
+        /// </summary>
+        /// <param name="routeParams">The route parameters dictionary.</param>
+        /// <param name="result">The dictionary to store processed data.</param>
+        public static void ProcessRouteParameters(IDictionary<string, string> routeParams, IDictionary<string, string> result)
+        {
+            foreach (var routeParam in routeParams)
+            {
+                result[$"route.{routeParam.Key}"] = routeParam.Value;
+            }
+        }
+
         /// <summary>
         /// Processes headers and adds them to the result dictionary.
         /// </summary>

Aikido.Zen.DotNetCore/Middleware/ContextMiddleware.cs

@@ -1,4 +1,5 @@
 using System.Collections.Concurrent;
+using System.Globalization;
 using System.Runtime.CompilerServices;
 using Aikido.Zen.Core;
 using Aikido.Zen.Core.Helpers;
@@ -67,6 +68,7 @@ public async Task InvokeAsync(HttpContext httpContext, RequestDelegate next)
                 }
 
                 var httpData = await HttpHelper.ReadAndFlattenHttpDataAsync(
+                    routeParams: context.RouteParams,
                     queryParams: context.Query,
                     headers: headersDictionary.ToDictionary(h => h.Key, h => string.Join(',', h.Value)),
                     cookies: context.Cookies,
@@ -132,6 +134,7 @@ private bool TryPrepareContext(HttpContext httpContext, out ConcurrentDictionary
                     UserAgent = httpContext.Request.Headers.TryGetValue("User-Agent", out var userAgent) ? userAgent.FirstOrDefault() ?? string.Empty : string.Empty,
                     Source = Environment.Version.Major >= 5 ? "DotNetCore" : "DotNetFramework",
                     Route = GetParametrizedRoute(httpContext),
+                    RouteParams = FlattenRouteParameters(httpContext.GetRouteData()?.Values),
                     User = httpContext.Items["Aikido.Zen.CurrentUser"] as User
                 };
                 return true;
@@ -147,6 +150,29 @@ private bool TryPrepareContext(HttpContext httpContext, out ConcurrentDictionary
 
         }
 
+        private static IDictionary<string, string> FlattenRouteParameters(RouteValueDictionary routeValues)
+        {
+            var result = new Dictionary<string, string>();
+
+            foreach (var kvp in routeValues)
+            {
+                if (kvp.Value == null)
+                {
+                    continue;
+                }
+
+                var value = Convert.ToString(kvp.Value, CultureInfo.InvariantCulture);
+                if (value == null)
+                {
+                    continue;
+                }
+
+                result[kvp.Key] = value;
+            }
+
+            return result;
+        }
+
         /// <summary>
         /// Flattens query parameters into individual dictionary entries with indexing for multiple values.
         /// </summary>

Aikido.Zen.DotNetFramework/HttpModules/ContextModule.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Globalization;
 using System.Linq;
 using System.Runtime.CompilerServices;
 using System.Threading.Tasks;
@@ -83,13 +84,15 @@ private async Task Context_BeginRequest(object sender, EventArgs e)
                     UserAgent = httpContext.Request.UserAgent,
                     Source = "DotNetFramework",
                     Route = GetParametrizedRoute(httpContext),
+                    RouteParams = FlattenRouteParameters(httpContext.Request?.RequestContext?.RouteData?.Values),
                 };
 
                 Agent.Instance.SetContextMiddlewareInstalled(true);
 
                 var request = httpContext.Request;
 
                 var httpData = await HttpHelper.ReadAndFlattenHttpDataAsync(
+                    routeParams: context.RouteParams,
                     queryParams: context.Query,
                     headers: request.Headers.AllKeys.ToDictionary(k => k, k => request.Headers.Get(k)),
                     cookies: request.Cookies.AllKeys.ToDictionary(k => k, k => request.Cookies[k].Value),
@@ -219,6 +222,34 @@ private static IDictionary<string, string> FlattenHeaders(System.Collections.Spe
             return result;
         }
 
+        private static IDictionary<string, string> FlattenRouteParameters(RouteValueDictionary routeValues)
+        {
+            var result = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
+
+            if (routeValues == null)
+            {
+                return result;
+            }
+
+            foreach (var kvp in routeValues)
+            {
+                if (kvp.Value == null)
+                {
+                    continue;
+                }
+
+                var value = Convert.ToString(kvp.Value, CultureInfo.InvariantCulture);
+                if (value == null)
+                {
+                    continue;
+                }
+
+                result[kvp.Key] = value;
+            }
+
+            return result;
+        }
+
         /// <summary>
         /// Gets a parameterized route from the HTTP context, matching against the route collection
         /// and applying route parameter detection when needed.

Aikido.Zen.Test/ApiInfoHelperTests.cs

@@ -15,7 +15,8 @@ public class ApiInfoHelperTests
         private Context CreateTestContext(
             Dictionary<string, string>? headers = null,
             object? body = null,
-            Dictionary<string, string>? query = null)
+            Dictionary<string, string>? query = null,
+            Dictionary<string, string>? route = null)
         {
             string? contentType = headers?.GetValueOrDefault("content-type") ?? "application/json";
             Stream? bodyStream = null;
@@ -70,7 +71,9 @@ private Context CreateTestContext(
 
             var queryParams = query ?? new Dictionary<string, string>();
             var headerDict = headers ?? new Dictionary<string, string>();
-            var parsed = HttpHelper.ReadAndFlattenHttpDataAsync(queryParams, headerDict, new Dictionary<string, string>(), bodyStream, contentType, bodyStream?.Length ?? 0).Result;
+            var routeParams = route ?? new Dictionary<string, string>();
+
+            var parsed = HttpHelper.ReadAndFlattenHttpDataAsync(routeParams, queryParams, headerDict, new Dictionary<string, string>(), bodyStream, contentType, bodyStream?.Length ?? 0).Result;
 
             return new Context
             {
@@ -81,7 +84,7 @@ private Context CreateTestContext(
                 Query = query ?? new Dictionary<string, string>(),
                 RemoteAddress = "127.0.0.1",
                 Url = "http://localhost/test",
-                RouteParams = new Dictionary<string, string>(),
+                RouteParams = routeParams,
                 Cookies = new Dictionary<string, string>(),
                 Source = "test",
                 ParsedBody = parsed.ParsedBody,

Aikido.Zen.Test/HttpHelperTests.cs

@@ -10,6 +10,7 @@ public class HttpHelperTests
     {
         [TestCaseSource(nameof(GetTestData))]
         public async Task ReadAndFlattenHttpDataAsync_ShouldProcessData(
+            IDictionary<string, string> routeParams,
             IDictionary<string, string> queryParams,
             IDictionary<string, string> headers,
             IDictionary<string, string> cookies,
@@ -22,7 +23,7 @@ public async Task ReadAndFlattenHttpDataAsync_ShouldProcessData(
             using var bodyStream = new MemoryStream(Encoding.UTF8.GetBytes(body));
 
             // Act
-            var result = await HttpHelper.ReadAndFlattenHttpDataAsync(queryParams, headers, cookies, bodyStream, contentType, bodyStream.Length);
+            var result = await HttpHelper.ReadAndFlattenHttpDataAsync(routeParams, queryParams, headers, cookies, bodyStream, contentType, bodyStream.Length);
 
             // Assert
             Assert.That(result.FlattenedData, Is.Not.Null);
@@ -79,6 +80,7 @@ public static IEnumerable<TestCaseData> GetTestData()
             foreach (var testCase in testCases)
             {
                 yield return new TestCaseData(
+                    testCase.RouteParams,
                     testCase.QueryParams,
                     testCase.Headers,
                     testCase.Cookies,
@@ -92,6 +94,7 @@ public static IEnumerable<TestCaseData> GetTestData()
 
         private class TestCase
         {
+            public IDictionary<string, string> RouteParams { get; set; }
             public IDictionary<string, string> QueryParams { get; set; }
             public IDictionary<string, string> Headers { get; set; }
             public IDictionary<string, string> Cookies { get; set; }