I have a web-site that was written with XSLT.
The idea was, that data will be stored in XML file, and web site will transform this XML to HTML using xsl templates. The developer that decided to use such technology already left our company and no one knows why and how this were done.
The problem is that one day this site began to use 100% CPU and server was hanged up.
Getting dump file shows one of threads do this:
Thread 26
Current frame: (MethodDesc 0x7a4b7f68 +0x4f System.Text.RegularExpressions.RegexInterpreter.Go())
ChildEBP RetAddr Caller,Callee
11f3ecb4 7a5c20b1 (MethodDesc 0x7a45eab4 +0x91 System.Text.RegularExpressions.RegexRunner.Scan(System.Text.RegularExpressions.Regex, System.String, Int32, Int32, Int32, Int32, Boolean))
11f3eccc 7a5c1e97 (MethodDesc 0x7a45e99c +0x87 System.Text.RegularExpressions.Regex.Run(Boolean, Int32, System.String, Int32, Int32, Int32)), calling (MethodDesc 0x7a45eab4 +0 System.Text.RegularExpressions.RegexRunner.Scan(System.Text.RegularExpressions.Regex, System.String, Int32, Int32, Int32, Int32, Boolean))
11f3ed04 7a5c1dfd (MethodDesc 0x7a45e858 +0x2d System.Text.RegularExpressions.Regex.Match(System.String)), calling (MethodDesc 0x7a45e99c +0 System.Text.RegularExpressions.Regex.Run(Boolean, Int32, System.String, Int32, Int32, Int32))
11f3ed24 7a5c510c (MethodDesc 0x7a45e840 +0x2c System.Text.RegularExpressions.Regex.Match(System.String, System.String)), calling (MethodDesc 0x7a45e858 +0 System.Text.RegularExpressions.Regex.Match(System.String))
11f3ed38 667c1868 (MethodDesc 0x65fac47c +0x70 System.Web.UI.WebControls.RegularExpressionValidator.EvaluateIsValid()), calling (MethodDesc 0x7a45e840 +0 System.Text.RegularExpressions.Regex.Match(System.String, System.String))
11f3ed60 667acd0d (MethodDesc 0x65f60d84 +0x49 System.Web.UI.WebControls.BaseValidator.Validate())
11f3ed70 6669798e (MethodDesc 0x65f5b434 +0x8e System.Web.UI.Page.Validate()), calling 0289948e
11f3ed88 66903dbf (MethodDesc 0x65f5aeb4 System.Web.UI.Page.RaisePostBackEvent(System.Collections.Specialized.NameValueCollection))
11f3ed9c 660abb2e (MethodDesc 0x65f5b2c8 +0x61e System.Web.UI.Page.ProcessRequestMain(Boolean, Boolean)), calling (MethodDesc 0x65f5aeb4 +0 System.Web.UI.Page.RaisePostBackEvent(System.Collections.Specialized.NameValueCollection))
11f3eef0 660ab3b4 (MethodDesc 0x65f5b26c +0x84 System.Web.UI.Page.ProcessRequest(Boolean, Boolean)), calling (MethodDesc 0x65f5b2c8 +0 System.Web.UI.Page.ProcessRequestMain(Boolean, Boolean))
11f3ef14 0f32271d (MethodDesc 0xf136b58 +0x3d System.Threading.Thread.get_CurrentUICulture()), calling mscorwks!CorExitProcess+0x1bb1c
11f3ef28 660ab2e1 (MethodDesc 0x65f5b260 +0x51 System.Web.UI.Page.ProcessRequest()), calling (MethodDesc 0x65f5b26c +0 System.Web.UI.Page.ProcessRequest(Boolean, Boolean))
11f3ef64 660ab276 (MethodDesc 0x65f5b23c +0x16 System.Web.UI.Page.ProcessRequestWithNoAssert(System.Web.HttpContext)), calling (MethodDesc 0x65f5b260 +0 System.Web.UI.Page.ProcessRequest())
11f3ef70 660ab252 (MethodDesc 0x65f5b228 +0x32 System.Web.UI.Page.ProcessRequest(System.Web.HttpContext)), calling (MethodDesc 0x65f5b23c +0 System.Web.UI.Page.ProcessRequestWithNoAssert(System.Web.HttpContext))
11f3ef84 0fc19105 (MethodDesc 0x120a1888 +0x5 ASP.website_default_aspx.ProcessRequest(System.Web.HttpContext)), calling (MethodDesc 0x65f5b228 +0 System.Web.UI.Page.ProcessRequest(System.Web.HttpContext))
11f3ef88 030d4904 (MethodDesc 0x11f82ce0 +0x34 Xplode.Web.ApplicationRuntime.XplodePageHandler.ProcessRequest(System.Web.HttpContext)), calling 0289efda
11f3ef98 660b1726 (MethodDesc 0x65f6c088 +0xb6 System.Web.HttpApplication+CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()), calling 0289efda
11f3ef9c 0fc19016 (MethodDesc 0x2cd9658 +0x56 FiftyOne.Foundation.Mobile.Detection.DetectorModule.SetPagePreIntClientTargets(System.Object, System.EventArgs)), calling mscorwks+0x9362
11f3efcc 6608445c (MethodDesc 0x65f67c8c +0x4c System.Web.HttpApplication.ExecuteStep(IExecutionStep, Boolean ByRef)), calling 0289d86a
11f3f008 6608fcd3 (MethodDesc 0x65fcb1ac +0x133 System.Web.HttpApplication+ApplicationStepManager.ResumeSteps(System.Exception)), calling (MethodDesc 0x65f67c8c +0 System.Web.HttpApplication.ExecuteStep(IExecutionStep, Boolean ByRef))
11f3f05c 660839dc (MethodDesc 0x65f67bac +0x7c System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(System.Web.HttpContext, System.AsyncCallback, System.Object))
11f3f070 66086f4c (MethodDesc 0x65f6373c +0x17c System.Web.HttpRuntime.ProcessRequestInternal(System.Web.HttpWorkerRequest)), calling 0289d7ca
11f3f09c 026e2c2c 026e2c2c, calling 0285a248
11f3f0ac 66086bf3 (MethodDesc 0x65fbb8a0 +0x63 System.Web.HttpRuntime.ProcessRequestNoDemand(System.Web.HttpWorkerRequest)), calling (MethodDesc 0x65f6373c +0 System.Web.HttpRuntime.ProcessRequestInternal(System.Web.HttpWorkerRequest))
11f3f0bc 66085d8c (MethodDesc 0x65f643bc +0x11c System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr, Int32)), calling (MethodDesc 0x65fbb8a0 +0 System.Web.HttpRuntime.ProcessRequestNoDemand(System.Web.HttpWorkerRequest))
11f3f0d4 66085d01 (MethodDesc 0x65f643bc +0x91 System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr, Int32)), calling webengine!GetEcb
11f3f11c 79f23fcb mscorwks!InstallCustomModule+0x15733, calling mscorwks+0xcd0d
...
As you can see there is page /website/default.aspx - this is the page that accept argument url and redirects to this url. So I need to know which page made this.
However on this site there only few forms with regular expression for email.
\w+(([-+.'’])*(\w+))*@\w+(([-.])*(\w+))*\.\w+([-.]\w+)*
One of these forms are in footer "register for newsletter", but when I removed this form nothing changed. Then I used logging to see what is send to validator, I saw many spam from robots.
Here is some code to show how page is rendered: <dandaraui:HomesForSale SaveParametersInSession="false" StyleSheet="~/assets/xslt/developments/development-homes-for-sale.xslt" runat="server" ID="homesForSaleControl"></dandaraui:HomesForSale>
HomesForSale.Render:
protected override void Render(HtmlTextWriter writer)
{
if (PersistedDevelopment.Current == null)
return;
XPathDocument xpathDocument = PersistedDevelopment.Current.XPathDocument;
XslCachedTransform xslCachedTransform = new XslCachedTransform(this.m_sStylesheet);
HttpRequest request = HttpContext.Current.Request;
for (int index = 0; index < request.QueryString.Keys.Count; ++index)
this.m_pXsltArgumentList.AddParam(request.QueryString.Keys[index], string.Empty, (object) request.QueryString[index]);
string str = xslCachedTransform.Transform(xpathDocument, this.m_pXsltArgumentList).Replace("&#163;", "£");
writer.Write(str);
}
No comments:
Post a Comment