Search in sources :

Example 66 with PolicyFactory

use of org.owasp.html.PolicyFactory in project intellij-plugins by JetBrains.

the class MarkdownSanitizingTest method doTest.

private void doTest() {
    final String testDir = MarkdownTestingUtil.TEST_DATA_PATH + "/sanitizing/";
    final String input;
    final String expected;
    try {
        input = FileUtil.loadFile(new File(testDir + getTestName(true) + ".html"));
        final File expectedFile = new File(testDir + getTestName(true) + ".after.html");
        if (expectedFile.exists()) {
            expected = FileUtil.loadFile(expectedFile);
        } else {
            expected = input;
        }
    } catch (IOException e) {
        throw new RuntimeException("Could not load file", e);
    }
    PolicyFactory sanitizer = MarkdownPreviewFileEditor.SANITIZER_VALUE.getValue();
    assertEquals(expected, sanitizer.sanitize(input));
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) IOException(java.io.IOException) File(java.io.File)

Example 67 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class GetEnvironmentAvailable method doGet.

@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String testName = policy.sanitize(httpServletRequest.getParameter("test"));
    String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
    String country = policy.sanitize(httpServletRequest.getParameter("country"));
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    ICountryEnvironmentService countryEnvironmentService = appContext.getBean(CountryEnvironmentService.class);
    JSONArray array = new JSONArray();
    JSONObject jsonObject = new JSONObject();
    try {
        for (String[] strings : countryEnvironmentService.getEnvironmentAvailable(testName, testCaseName, country)) {
            JSONObject env = new JSONObject();
            env.put("environment", strings[0]);
            env.put("description", strings[0].concat(" With Build: ").concat(strings[1]).concat(" And Revision: ").concat(strings[2]));
            array.put(env);
        }
        jsonObject.put("envList", array);
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().print(jsonObject.toString());
    } catch (JSONException exception) {
        LOG.warn(exception.toString());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) ICountryEnvironmentService(org.cerberus.crud.service.ICountryEnvironmentService) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) JSONArray(org.json.JSONArray) JSONException(org.json.JSONException)

Example 68 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadCountryEnvDeployType method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws org.cerberus.exception.CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    /**
     * Parsing and securing all required parameters.
     */
    String system = policy.sanitize(request.getParameter("system"));
    String country = policy.sanitize(request.getParameter("country"));
    String environment = policy.sanitize(request.getParameter("environment"));
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("IntegratorRO");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(msg);
    try {
        JSONObject jsonResponse = new JSONObject();
        if (1 == 1) {
            answer = findCountryEnvironmentDeployTypeList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
            jsonResponse = (JSONObject) answer.getItem();
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 69 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadApplication method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws org.cerberus.exception.CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    // Get Parameters
    String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
    /**
     * Parsing and securing all required parameters.
     */
    // Nothing to do here as no parameter to check.
    // 
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("Integrator");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
    try {
        JSONObject jsonResponse = new JSONObject();
        if ((request.getParameter("application") == null) && (request.getParameter("system") == null)) {
            answer = findApplicationList(null, appContext, userHasPermissions, request);
            jsonResponse = (JSONObject) answer.getItem();
        } else {
            if (request.getParameter("application") != null) {
                String application = policy.sanitize(request.getParameter("application"));
                answer = findApplicationByKey(application, appContext, userHasPermissions);
                jsonResponse = (JSONObject) answer.getItem();
            } else if (!Strings.isNullOrEmpty(columnName) && request.getParameter("system") != null) {
                String system = policy.sanitize(request.getParameter("system"));
                answer = findDistinctValuesOfColumn(system, appContext, request, columnName);
                jsonResponse = (JSONObject) answer.getItem();
            } else if (request.getParameter("system") != null) {
                String system = policy.sanitize(request.getParameter("system"));
                answer = findApplicationList(system, appContext, userHasPermissions, request);
                jsonResponse = (JSONObject) answer.getItem();
            }
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 70 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadCountryEnvLink method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 * @throws org.cerberus.exception.CerberusException
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    /**
     * Parsing and securing all required parameters.
     */
    String system = policy.sanitize(request.getParameter("system"));
    String country = policy.sanitize(request.getParameter("country"));
    String environment = policy.sanitize(request.getParameter("environment"));
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("IntegratorRO");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(msg);
    try {
        JSONObject jsonResponse = new JSONObject();
        if (1 == 1) {
            answer = findCountryEnvironmentParametersList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
            jsonResponse = (JSONObject) answer.getItem();
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Aggregations

PolicyFactory (org.owasp.html.PolicyFactory)123 ApplicationContext (org.springframework.context.ApplicationContext)116 JSONObject (org.json.JSONObject)115 MessageEvent (org.cerberus.engine.entity.MessageEvent)93 AnswerItem (org.cerberus.util.answer.AnswerItem)74 JSONException (org.json.JSONException)70 ILogEventService (org.cerberus.crud.service.ILogEventService)62 Answer (org.cerberus.util.answer.Answer)60 CerberusException (org.cerberus.exception.CerberusException)35 IOException (java.io.IOException)32 ServletException (javax.servlet.ServletException)31 JSONArray (org.json.JSONArray)24 ITestCaseService (org.cerberus.crud.service.ITestCaseService)19 TestCase (org.cerberus.crud.entity.TestCase)17 ArrayList (java.util.ArrayList)14 LogEventService (org.cerberus.crud.service.impl.LogEventService)11 TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10 IParameterService (org.cerberus.crud.service.IParameterService)9 TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7 ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7