Example 76 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadAppService method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Get SoapLibrarys
String echo = request.getParameter("sEcho");
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
/**
* Parsing and securing all required soapLibrarys.
*/
// Nothing to do here as no soapLibrary to check.
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("TestAdmin");
// Init Answer with potencial error from Parsing soapLibrary.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
boolean testcase = ParameterParserUtil.parseBooleanParam(request.getParameter("testcase"), false);
try {
String system;
JSONObject jsonResponse = new JSONObject();
if (request.getParameter("service") == null && Strings.isNullOrEmpty(columnName)) {
answer = findAppServiceList(appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
} else if (!Strings.isNullOrEmpty(columnName)) {
answer = findDistinctValuesOfColumn(appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else if (request.getParameter("service") != null && request.getParameter("limit") != null) {
answer = findAppServiceByLikeName(request.getParameter("service"), appContext, Integer.parseInt(request.getParameter("limit")));
jsonResponse = (JSONObject) answer.getItem();
} else if (request.getParameter("service") != null && testcase) {
answer = getTestCasesUsingService(request.getParameter("service"), appContext);
jsonResponse = (JSONObject) answer.getItem();
} else {
answer = findAppServiceBySystemByKey(request.getParameter("service"), appContext, userHasPermissions);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
PolicyFactory(org.owasp.html.PolicyFactory)
JSONObject(org.json.JSONObject)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONException(org.json.JSONException)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Example 77 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class DeleteBatchInvariant method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String batch = policy.sanitize(request.getParameter("batch"));
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(batch)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Delete").replace("%REASON%", "Batch is missing!"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IBatchInvariantService batchInvariantService = appContext.getBean(IBatchInvariantService.class);
AnswerItem resp = batchInvariantService.readByKey(batch);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Delete").replace("%REASON%", "Batch does not exist."));
ans.setResultMessage(msg);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can delete it.
*/
BatchInvariant batchInvariantData = (BatchInvariant) resp.getItem();
ans = batchInvariantService.delete(batchInvariantData);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Delete was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/DeleteBatchInvariant", "DELETE", "Delete BatchInvariant : ['" + batch + "']", request);
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse.toString());
response.getWriter().flush();
}
Also used :
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
IBatchInvariantService(org.cerberus.crud.service.IBatchInvariantService)
ILogEventService(org.cerberus.crud.service.ILogEventService)
AnswerItem(org.cerberus.util.answer.AnswerItem)
BatchInvariant(org.cerberus.crud.entity.BatchInvariant)
Example 78 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadBuildRevisionBatch method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String environment = policy.sanitize(request.getParameter("environment"));
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("IntegratorRO");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(msg);
try {
JSONObject jsonResponse = new JSONObject();
if (!Strings.isNullOrEmpty(columnName)) {
answer = findDistinctValuesOfColumn(request.getParameter("system"), appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else {
answer = findBuildRevisionBatchList(request.getParameter("system"), request.getParameter("country"), request.getParameter("environment"), appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
PolicyFactory(org.owasp.html.PolicyFactory)
JSONObject(org.json.JSONObject)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONException(org.json.JSONException)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Example 79 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class DeleteBuildRevisionInvariant method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
Integer level = -1;
boolean level_error = false;
try {
if (request.getParameter("level") != null && !request.getParameter("level").equals("")) {
level = Integer.valueOf(policy.sanitize(request.getParameter("level")));
}
} catch (Exception ex) {
level_error = true;
}
Integer seq = -1;
boolean seq_error = false;
try {
if (request.getParameter("seq") != null && !request.getParameter("seq").equals("")) {
seq = Integer.valueOf(policy.sanitize(request.getParameter("seq")));
}
} catch (Exception ex) {
seq_error = true;
}
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(system)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "BuildRevisionInvariant").replace("%OPERATION%", "Delete").replace("%REASON%", "System is missing!"));
ans.setResultMessage(msg);
} else if (level_error) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "BuildRevisionInvariant").replace("%OPERATION%", "Delete").replace("%REASON%", "Could not manage to convert level to an integer value!"));
ans.setResultMessage(msg);
} else if (seq_error) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "BuildRevisionInvariant").replace("%OPERATION%", "Delete").replace("%REASON%", "Could not manage to convert sequence to an integer value!"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IBuildRevisionInvariantService buildRevisionInvariantService = appContext.getBean(IBuildRevisionInvariantService.class);
AnswerItem resp = buildRevisionInvariantService.readByKey(system, level, seq);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "BuildRevisionInvariant").replace("%OPERATION%", "Delete").replace("%REASON%", "BuildRevisionInvariant does not exist."));
ans.setResultMessage(msg);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can delete it.
*/
BuildRevisionInvariant buildRevisionInvariantData = (BuildRevisionInvariant) resp.getItem();
ans = buildRevisionInvariantService.delete(buildRevisionInvariantData);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Delete was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/DeleteBuildRevisionInvariant", "DELETE", "Delete BuildRevisionInvariant : ['" + system + "'|'" + level + "'|'" + seq + "']", request);
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse.toString());
response.getWriter().flush();
}
Also used :
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
AnswerItem(org.cerberus.util.answer.AnswerItem)
ServletException(javax.servlet.ServletException)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
CerberusException(org.cerberus.exception.CerberusException)
IBuildRevisionInvariantService(org.cerberus.crud.service.IBuildRevisionInvariantService)
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
BuildRevisionInvariant(org.cerberus.crud.entity.BuildRevisionInvariant)
ILogEventService(org.cerberus.crud.service.ILogEventService)
Example 80 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class CreateApplicationObject method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws CerberusException
* @throws JSONException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String charset = request.getCharacterEncoding();
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
Map<String, String> fileData = new HashMap<String, String>();
FileItem file = null;
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
try {
List<FileItem> fields = upload.parseRequest(request);
Iterator<FileItem> it = fields.iterator();
if (!it.hasNext()) {
return;
}
while (it.hasNext()) {
FileItem fileItem = it.next();
boolean isFormField = fileItem.isFormField();
if (isFormField) {
fileData.put(fileItem.getFieldName(), fileItem.getString("UTF-8"));
} else {
file = fileItem;
}
}
} catch (FileUploadException e) {
e.printStackTrace();
}
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
// Parameter that needs to be secured --> We SECURE+DECODE them
String application = ParameterParserUtil.parseStringParamAndDecode(fileData.get("application"), null, charset);
String object = ParameterParserUtil.parseStringParamAndDecode(fileData.get("object"), null, charset);
String value = ParameterParserUtil.parseStringParam(fileData.get("value"), null);
String usrcreated = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
String datecreated = new Timestamp(new java.util.Date().getTime()).toString();
String usrmodif = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getRemoteUser(), "", charset);
String datemodif = new Timestamp(new java.util.Date().getTime()).toString();
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(application)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Create").replace("%REASON%", "Application name is missing!"));
ans.setResultMessage(msg);
} else if (StringUtil.isNullOrEmpty(object)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "ApplicationObject").replace("%OPERATION%", "Create").replace("%REASON%", "Object name is missing!"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IApplicationObjectService applicationobjectService = appContext.getBean(IApplicationObjectService.class);
IFactoryApplicationObject factoryApplicationobject = appContext.getBean(IFactoryApplicationObject.class);
String fileName = "";
if (file != null) {
fileName = file.getName();
}
ApplicationObject applicationData = factoryApplicationobject.create(-1, application, object, value, fileName, usrcreated, datecreated, usrmodif, datemodif);
ans = applicationobjectService.create(applicationData);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Object created. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/CreateApplicationObject", "CREATE", "Create Application Object: ['" + application + "','" + object + "']", request);
if (file != null) {
AnswerItem an = applicationobjectService.readByKey(application, object);
if (an.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && an.getItem() != null) {
applicationData = (ApplicationObject) an.getItem();
ans = applicationobjectService.uploadFile(applicationData.getID(), file);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
}
}
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
IFactoryApplicationObject(org.cerberus.crud.factory.IFactoryApplicationObject)
PolicyFactory(org.owasp.html.PolicyFactory)
HashMap(java.util.HashMap)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ILogEventService(org.cerberus.crud.service.ILogEventService)
LogEventService(org.cerberus.crud.service.impl.LogEventService)
Timestamp(java.sql.Timestamp)
ApplicationContext(org.springframework.context.ApplicationContext)
ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload)
ILogEventService(org.cerberus.crud.service.ILogEventService)
IFactoryApplicationObject(org.cerberus.crud.factory.IFactoryApplicationObject)
ApplicationObject(org.cerberus.crud.entity.ApplicationObject)
IApplicationObjectService(org.cerberus.crud.service.IApplicationObjectService)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
AnswerItem(org.cerberus.util.answer.AnswerItem)
FileItemFactory(org.apache.commons.fileupload.FileItemFactory)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
Answer(org.cerberus.util.answer.Answer)
FileItem(org.apache.commons.fileupload.FileItem)
JSONObject(org.json.JSONObject)
FileUploadException(org.apache.commons.fileupload.FileUploadException)
Aggregations
PolicyFactory (org.owasp.html.PolicyFactory)123
ApplicationContext (org.springframework.context.ApplicationContext)116
JSONObject (org.json.JSONObject)115
MessageEvent (org.cerberus.engine.entity.MessageEvent)93
AnswerItem (org.cerberus.util.answer.AnswerItem)74
JSONException (org.json.JSONException)70
ILogEventService (org.cerberus.crud.service.ILogEventService)62
Answer (org.cerberus.util.answer.Answer)60
CerberusException (org.cerberus.exception.CerberusException)35
IOException (java.io.IOException)32
ServletException (javax.servlet.ServletException)31
JSONArray (org.json.JSONArray)24
ITestCaseService (org.cerberus.crud.service.ITestCaseService)19
TestCase (org.cerberus.crud.entity.TestCase)17
ArrayList (java.util.ArrayList)14
LogEventService (org.cerberus.crud.service.impl.LogEventService)11
TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10
IParameterService (org.cerberus.crud.service.IParameterService)9
TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7
ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7
