use of org.owasp.html.PolicyFactory in project intellij-plugins by JetBrains.
the class MarkdownSanitizingTest method doTest.
private void doTest() {
final String testDir = MarkdownTestingUtil.TEST_DATA_PATH + "/sanitizing/";
final String input;
final String expected;
try {
input = FileUtil.loadFile(new File(testDir + getTestName(true) + ".html"));
final File expectedFile = new File(testDir + getTestName(true) + ".after.html");
if (expectedFile.exists()) {
expected = FileUtil.loadFile(expectedFile);
} else {
expected = input;
}
} catch (IOException e) {
throw new RuntimeException("Could not load file", e);
}
PolicyFactory sanitizer = MarkdownPreviewFileEditor.SANITIZER_VALUE.getValue();
assertEquals(expected, sanitizer.sanitize(input));
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetEnvironmentAvailable method doGet.
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testName = policy.sanitize(httpServletRequest.getParameter("test"));
String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
String country = policy.sanitize(httpServletRequest.getParameter("country"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ICountryEnvironmentService countryEnvironmentService = appContext.getBean(CountryEnvironmentService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
try {
for (String[] strings : countryEnvironmentService.getEnvironmentAvailable(testName, testCaseName, country)) {
JSONObject env = new JSONObject();
env.put("environment", strings[0]);
env.put("description", strings[0].concat(" With Build: ").concat(strings[1]).concat(" And Revision: ").concat(strings[2]));
array.put(env);
}
jsonObject.put("envList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadCountryEnvDeployType method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String environment = policy.sanitize(request.getParameter("environment"));
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("IntegratorRO");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(msg);
try {
JSONObject jsonResponse = new JSONObject();
if (1 == 1) {
answer = findCountryEnvironmentDeployTypeList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadApplication method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
// Get Parameters
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
/**
* Parsing and securing all required parameters.
*/
// Nothing to do here as no parameter to check.
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("Integrator");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse = new JSONObject();
if ((request.getParameter("application") == null) && (request.getParameter("system") == null)) {
answer = findApplicationList(null, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
} else {
if (request.getParameter("application") != null) {
String application = policy.sanitize(request.getParameter("application"));
answer = findApplicationByKey(application, appContext, userHasPermissions);
jsonResponse = (JSONObject) answer.getItem();
} else if (!Strings.isNullOrEmpty(columnName) && request.getParameter("system") != null) {
String system = policy.sanitize(request.getParameter("system"));
answer = findDistinctValuesOfColumn(system, appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else if (request.getParameter("system") != null) {
String system = policy.sanitize(request.getParameter("system"));
answer = findApplicationList(system, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadCountryEnvLink method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String environment = policy.sanitize(request.getParameter("environment"));
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("IntegratorRO");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(msg);
try {
JSONObject jsonResponse = new JSONObject();
if (1 == 1) {
answer = findCountryEnvironmentParametersList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Aggregations