Examples with PolicyFactory org.owasp.html.PolicyFactory used on opensource projects

Search in sources :

Example 66 with PolicyFactory

use of org.owasp.html.PolicyFactory in project intellij-plugins by JetBrains.

the class MarkdownSanitizingTest method doTest.

private void doTest() {
    final String testDir = MarkdownTestingUtil.TEST_DATA_PATH + "/sanitizing/";
    final String input;
    final String expected;
    try {
        input = FileUtil.loadFile(new File(testDir + getTestName(true) + ".html"));
        final File expectedFile = new File(testDir + getTestName(true) + ".after.html");
        if (expectedFile.exists()) {
            expected = FileUtil.loadFile(expectedFile);
        } else {
            expected = input;
        }
    } catch (IOException e) {
        throw new RuntimeException("Could not load file", e);
    }
    PolicyFactory sanitizer = MarkdownPreviewFileEditor.SANITIZER_VALUE.getValue();
    assertEquals(expected, sanitizer.sanitize(input));
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) IOException(java.io.IOException) File(java.io.File)

Example 67 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class GetEnvironmentAvailable method doGet.

@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String testName = policy.sanitize(httpServletRequest.getParameter("test"));
    String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
    String country = policy.sanitize(httpServletRequest.getParameter("country"));
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    ICountryEnvironmentService countryEnvironmentService = appContext.getBean(CountryEnvironmentService.class);
    JSONArray array = new JSONArray();
    JSONObject jsonObject = new JSONObject();
    try {
        for (String[] strings : countryEnvironmentService.getEnvironmentAvailable(testName, testCaseName, country)) {
            JSONObject env = new JSONObject();
            env.put("environment", strings[0]);
            env.put("description", strings[0].concat(" With Build: ").concat(strings[1]).concat(" And Revision: ").concat(strings[2]));
            array.put(env);
        }
        jsonObject.put("envList", array);
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().print(jsonObject.toString());
    } catch (JSONException exception) {
        LOG.warn(exception.toString());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) ICountryEnvironmentService(org.cerberus.crud.service.ICountryEnvironmentService) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException)

Example 68 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadCountryEnvDeployType method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws org.cerberus.exception.CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    /**
     * Parsing and securing all required parameters.
     */
    String system = policy.sanitize(request.getParameter("system"));
    String country = policy.sanitize(request.getParameter("country"));
    String environment = policy.sanitize(request.getParameter("environment"));
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("IntegratorRO");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(msg);
    try {
        JSONObject jsonResponse = new JSONObject();
        if (1 == 1) {
            answer = findCountryEnvironmentDeployTypeList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
            jsonResponse = (JSONObject) answer.getItem();
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 69 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadApplication method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws org.cerberus.exception.CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    // Get Parameters
    String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
    /**
     * Parsing and securing all required parameters.
     */
    // Nothing to do here as no parameter to check.
    // 
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("Integrator");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
    try {
        JSONObject jsonResponse = new JSONObject();
        if ((request.getParameter("application") == null) && (request.getParameter("system") == null)) {
            answer = findApplicationList(null, appContext, userHasPermissions, request);
            jsonResponse = (JSONObject) answer.getItem();
        } else {
            if (request.getParameter("application") != null) {
                String application = policy.sanitize(request.getParameter("application"));
                answer = findApplicationByKey(application, appContext, userHasPermissions);
                jsonResponse = (JSONObject) answer.getItem();
            } else if (!Strings.isNullOrEmpty(columnName) && request.getParameter("system") != null) {
                String system = policy.sanitize(request.getParameter("system"));
                answer = findDistinctValuesOfColumn(system, appContext, request, columnName);
                jsonResponse = (JSONObject) answer.getItem();
            } else if (request.getParameter("system") != null) {
                String system = policy.sanitize(request.getParameter("system"));
                answer = findApplicationList(system, appContext, userHasPermissions, request);
                jsonResponse = (JSONObject) answer.getItem();
            }
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 70 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadCountryEnvLink method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws org.cerberus.exception.CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    /**
     * Parsing and securing all required parameters.
     */
    String system = policy.sanitize(request.getParameter("system"));
    String country = policy.sanitize(request.getParameter("country"));
    String environment = policy.sanitize(request.getParameter("environment"));
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("IntegratorRO");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(msg);
    try {
        JSONObject jsonResponse = new JSONObject();
        if (1 == 1) {
            answer = findCountryEnvironmentParametersList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
            jsonResponse = (JSONObject) answer.getItem();
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Aggregations

PolicyFactory (org.owasp.html.PolicyFactory)123 ApplicationContext (org.springframework.context.ApplicationContext)116 JSONObject (org.json.JSONObject)115 MessageEvent (org.cerberus.engine.entity.MessageEvent)93 AnswerItem (org.cerberus.util.answer.AnswerItem)74 JSONException (org.json.JSONException)70 ILogEventService (org.cerberus.crud.service.ILogEventService)62 Answer (org.cerberus.util.answer.Answer)60 CerberusException (org.cerberus.exception.CerberusException)35 IOException (java.io.IOException)32 ServletException (javax.servlet.ServletException)31 JSONArray (org.json.JSONArray)24 ITestCaseService (org.cerberus.crud.service.ITestCaseService)19 TestCase (org.cerberus.crud.entity.TestCase)17 ArrayList (java.util.ArrayList)14 LogEventService (org.cerberus.crud.service.impl.LogEventService)11 TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10 IParameterService (org.cerberus.crud.service.IParameterService)9 TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7 ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial