Example 86 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class UpdateTestCaseProperties1 method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String initialTest = request.getParameter("informationInitialTest");
String initialTestCase = request.getParameter("informationInitialTestCase");
String test = request.getParameter("informationTest");
String testCase = request.getParameter("informationTestCase");
boolean duplicate = false;
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(test) || StringUtil.isNullOrEmpty(testCase)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Case").replace("%OPERATION%", "Update").replace("%REASON%", "mendatory fields are missing."));
ans.setResultMessage(msg);
} else {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testCaseService = appContext.getBean(ITestCaseService.class);
ITestCaseCountryPropertiesService tccpService = appContext.getBean(ITestCaseCountryPropertiesService.class);
AnswerItem resp = testCaseService.readByKey(test, testCase);
TestCase tc = (TestCase) resp.getItem();
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Update").replace("%REASON%", "TestCase does not exist."));
ans.setResultMessage(msg);
} else /**
* The service was able to perform the query and confirm the object
* exist, then we can update it.
*/
{
if (!testCaseService.hasPermissionsUpdate(tc, request)) {
// We cannot update the testcase if the user is not at least in Test role.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Update").replace("%REASON%", "Not enought privilege to update the testcase. You mut belong to Test Privilege or even TestAdmin in case the test is in WORKING status."));
ans.setResultMessage(msg);
} else {
// Test Case exist and we can update it so Global update start here //
/**
* TestcaseCountryProperties Update.
*/
List<TestCaseCountryProperties> tccpFromPage = getTestCaseCountryPropertiesFromParameter(request, appContext, test, testCase);
ans = tccpService.compareListAndUpdateInsertDeleteElements(initialTest, initialTestCase, tccpFromPage);
/**
* Adding Log entry.
*/
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Update was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/UpdateTestCaseWithDependencies1", "UPDATE", "Update testcase : ['" + tc.getTest() + "'|'" + tc.getTestCase() + "']", request);
}
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
TestCaseCountryProperties(org.cerberus.crud.entity.TestCaseCountryProperties)
IFactoryTestCaseCountryProperties(org.cerberus.crud.factory.IFactoryTestCaseCountryProperties)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
TestCase(org.cerberus.crud.entity.TestCase)
ITestCaseCountryPropertiesService(org.cerberus.crud.service.ITestCaseCountryPropertiesService)
ITestCaseService(org.cerberus.crud.service.ITestCaseService)
ILogEventService(org.cerberus.crud.service.ILogEventService)
Example 87 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class UpdateTestCaseWithDependencies1 method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
StringBuilder sb = new StringBuilder();
BufferedReader br = request.getReader();
String str;
while ((str = br.readLine()) != null) {
sb.append(str);
}
JSONObject jObj = new JSONObject(sb.toString());
String initialTest = jObj.getString("informationInitialTest");
String initialTestCase = jObj.getString("informationInitialTestCase");
String test = jObj.getString("informationTest");
String testCase = jObj.getString("informationTestCase");
JSONArray properties = jObj.getJSONArray("propArr");
JSONArray stepArray = jObj.getJSONArray("stepArray");
boolean duplicate = false;
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(test) || StringUtil.isNullOrEmpty(testCase)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Case").replace("%OPERATION%", "Update").replace("%REASON%", "mendatory fields are missing."));
ans.setResultMessage(msg);
} else {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testCaseService = appContext.getBean(ITestCaseService.class);
ITestCaseCountryPropertiesService tccpService = appContext.getBean(ITestCaseCountryPropertiesService.class);
ITestCaseStepService tcsService = appContext.getBean(ITestCaseStepService.class);
ITestCaseStepActionService tcsaService = appContext.getBean(ITestCaseStepActionService.class);
ITestCaseStepActionControlService tcsacService = appContext.getBean(ITestCaseStepActionControlService.class);
AnswerItem resp = testCaseService.readByKey(test, testCase);
TestCase tc = (TestCase) resp.getItem();
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Update").replace("%REASON%", "TestCase does not exist."));
ans.setResultMessage(msg);
} else /**
* The service was able to perform the query and confirm the object
* exist, then we can update it.
*/
if (!testCaseService.hasPermissionsUpdate(tc, request)) {
// We cannot update the testcase if the user is not at least in Test role.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Update").replace("%REASON%", "Not enought privilege to update the testcase. You mut belong to Test Privilege or even TestAdmin in case the test is in WORKING status."));
ans.setResultMessage(msg);
} else {
// Test Case exist and we can update it so Global update start here //
/**
* TestcaseCountryProperties Update.
*/
List<TestCaseCountryProperties> tccpFromPage = getTestCaseCountryPropertiesFromParameter(request, appContext, test, testCase, properties);
tccpService.compareListAndUpdateInsertDeleteElements(initialTest, initialTestCase, tccpFromPage);
/*
* Get steps, actions and controls from page by:
* - generating a new step, action or control number,
* - setting the correct related step and action for action or control
*/
List<TestCaseStep> tcsFromPage = getTestCaseStepFromParameter(request, appContext, test, testCase, duplicate, stepArray);
List<TestCaseStepAction> tcsaFromPage = new ArrayList();
List<TestCaseStepActionControl> tcsacFromPage = new ArrayList();
int nextStepNumber = getMaxStepNumber(tcsFromPage);
for (TestCaseStep tcs : tcsFromPage) {
if (tcs.getStep() == -1) {
tcs.setStep(++nextStepNumber);
}
if (tcs.getTestCaseStepAction() != null) {
int nextSequenceNumber = getMaxSequenceNumber(tcs.getTestCaseStepAction());
for (TestCaseStepAction tcsa : tcs.getTestCaseStepAction()) {
if (tcsa.getSequence() == -1) {
tcsa.setSequence(++nextSequenceNumber);
}
tcsa.setStep(tcs.getStep());
if (tcsa.getTestCaseStepActionControl() != null) {
int nextControlNumber = getMaxControlNumber(tcsa.getTestCaseStepActionControl());
for (TestCaseStepActionControl tscac : tcsa.getTestCaseStepActionControl()) {
if (tscac.getControlSequence() == -1) {
tscac.setControlSequence(++nextControlNumber);
}
tscac.setStep(tcs.getStep());
tscac.setSequence(tcsa.getSequence());
}
tcsacFromPage.addAll(tcsa.getTestCaseStepActionControl());
}
}
tcsaFromPage.addAll(tcs.getTestCaseStepAction());
}
}
/*
* Create, update or delete step, action and control according to the needs
*/
List<TestCaseStep> tcsFromDtb = new ArrayList(tcsService.getListOfSteps(initialTest, initialTestCase));
tcsService.compareListAndUpdateInsertDeleteElements(tcsFromPage, tcsFromDtb, duplicate);
List<TestCaseStepAction> tcsaFromDtb = new ArrayList(tcsaService.findTestCaseStepActionbyTestTestCase(initialTest, initialTestCase));
tcsaService.compareListAndUpdateInsertDeleteElements(tcsaFromPage, tcsaFromDtb, duplicate);
List<TestCaseStepActionControl> tcsacFromDtb = new ArrayList(tcsacService.findControlByTestTestCase(initialTest, initialTestCase));
tcsacService.compareListAndUpdateInsertDeleteElements(tcsacFromPage, tcsacFromDtb, duplicate);
tc.setTestCaseVersion(tc.getTestCaseVersion() + 1);
testCaseService.updateTestCase(tc);
/**
* Adding Log entry.
*/
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Update was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/UpdateTestCaseWithDependencies1", "UPDATE", "Update testcase : ['" + tc.getTest() + "'|'" + tc.getTestCase() + "'] version : " + tc.getTestCaseVersion(), request);
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
ITestCaseStepActionService(org.cerberus.crud.service.ITestCaseStepActionService)
IFactoryTestCaseStepAction(org.cerberus.crud.factory.IFactoryTestCaseStepAction)
TestCaseStepAction(org.cerberus.crud.entity.TestCaseStepAction)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ITestCaseStepService(org.cerberus.crud.service.ITestCaseStepService)
JSONArray(org.json.JSONArray)
ArrayList(java.util.ArrayList)
ILogEventService(org.cerberus.crud.service.ILogEventService)
LogEventService(org.cerberus.crud.service.impl.LogEventService)
ITestCaseStepActionControlService(org.cerberus.crud.service.ITestCaseStepActionControlService)
IFactoryTestCaseStep(org.cerberus.crud.factory.IFactoryTestCaseStep)
TestCaseStep(org.cerberus.crud.entity.TestCaseStep)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
TestCase(org.cerberus.crud.entity.TestCase)
ITestCaseCountryPropertiesService(org.cerberus.crud.service.ITestCaseCountryPropertiesService)
BufferedReader(java.io.BufferedReader)
ITestCaseService(org.cerberus.crud.service.ITestCaseService)
ILogEventService(org.cerberus.crud.service.ILogEventService)
ArrayList(java.util.ArrayList)
List(java.util.List)
TestCaseStepActionControl(org.cerberus.crud.entity.TestCaseStepActionControl)
IFactoryTestCaseStepActionControl(org.cerberus.crud.factory.IFactoryTestCaseStepActionControl)
Example 88 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class CreateTestDataLib method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IFactoryTestDataLibData tdldFactory = appContext.getBean(IFactoryTestDataLibData.class);
ITestDataLibDataService tdldService = appContext.getBean(ITestDataLibDataService.class);
IParameterService parameterService = appContext.getBean(IParameterService.class);
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
AnswerItem ansItem = new AnswerItem();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String charset = request.getCharacterEncoding();
response.setContentType("application/json");
Map<String, String> fileData = new HashMap<String, String>();
FileItem file = null;
FileItemFactory factory = new DiskFileItemFactory();
ServletFileUpload upload = new ServletFileUpload(factory);
try {
List<FileItem> fields = upload.parseRequest(request);
Iterator<FileItem> it = fields.iterator();
if (!it.hasNext()) {
return;
}
while (it.hasNext()) {
FileItem fileItem = it.next();
boolean isFormField = fileItem.isFormField();
if (isFormField) {
fileData.put(fileItem.getFieldName(), ParameterParserUtil.parseStringParamAndDecode(fileItem.getString("UTF-8"), "", charset));
} else {
file = fileItem;
}
}
} catch (FileUploadException e) {
e.printStackTrace();
}
try {
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
String type = policy.sanitize(fileData.get("type"));
String system = policy.sanitize(fileData.get("system"));
String environment = policy.sanitize(fileData.get("environment"));
String country = policy.sanitize(fileData.get("country"));
String database = policy.sanitize(fileData.get("database"));
String databaseUrl = policy.sanitize(fileData.get("databaseUrl"));
String databaseCsv = policy.sanitize(fileData.get("databaseCsv"));
// Parameter that needs to be secured --> We SECURE+DECODE them
// this is mandatory
String name = fileData.get("name");
String group = fileData.get("group");
String description = fileData.get("libdescription");
String service = fileData.get("service");
// Parameter that we cannot secure as we need the html --> We DECODE them
String script = fileData.get("script");
String servicePath = fileData.get("servicepath");
String method = fileData.get("method");
String envelope = fileData.get("envelope");
String csvUrl = fileData.get("csvUrl");
String separator = fileData.get("separator");
String test = fileData.get("subdataCheck");
/**
* Checking all constrains before calling the services.
*/
// Prepare the final answer.
MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
Answer finalAnswer = new Answer(msg1);
if (StringUtil.isNullOrEmpty(name)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Data Library").replace("%OPERATION%", "Create").replace("%REASON%", "Test data library name is missing! "));
finalAnswer.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ITestDataLibService libService = appContext.getBean(ITestDataLibService.class);
IFactoryTestDataLib factoryLibService = appContext.getBean(IFactoryTestDataLib.class);
TestDataLib lib = factoryLibService.create(0, name, system, environment, country, group, type, database, script, databaseUrl, service, servicePath, method, envelope, databaseCsv, csvUrl, separator, description, request.getRemoteUser(), null, "", null, null, null, null, null);
// Creates the entries and the subdata list
ansItem = libService.create(lib);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ansItem);
/**
* Object created. Adding Log entry.
*/
if (ansItem.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/CreateTestDataLib", "CREATE", "Create TestDataLib : " + request.getParameter("name"), request);
}
List<TestDataLibData> tdldList = new ArrayList();
TestDataLib dataLibWithUploadedFile = (TestDataLib) ansItem.getItem();
if (file != null) {
ans = libService.uploadFile(dataLibWithUploadedFile.getTestDataLibID(), file);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
dataLibWithUploadedFile.setCsvUrl(File.separator + dataLibWithUploadedFile.getTestDataLibID() + File.separator + file.getName());
libService.update(dataLibWithUploadedFile);
}
}
// Getting list of SubData from JSON Call
if (fileData.get("subDataList") != null) {
JSONArray objSubDataArray = new JSONArray(fileData.get("subDataList"));
tdldList = getSubDataFromParameter(request, appContext, dataLibWithUploadedFile.getTestDataLibID(), objSubDataArray);
}
if (file != null && test.equals("1")) {
String firstLine = "";
String secondLine = "";
try (BufferedReader reader = new BufferedReader(new FileReader(parameterService.getParameterStringByKey("cerberus_testdatalibCSV_path", "", null) + lib.getCsvUrl()))) {
firstLine = reader.readLine();
secondLine = reader.readLine();
String[] firstLineSubData = (!dataLibWithUploadedFile.getSeparator().isEmpty()) ? firstLine.split(dataLibWithUploadedFile.getSeparator()) : firstLine.split(",");
String[] secondLineSubData = (!dataLibWithUploadedFile.getSeparator().isEmpty()) ? secondLine.split(dataLibWithUploadedFile.getSeparator()) : secondLine.split(",");
int i = 0;
int y = 1;
TestDataLibData firstLineLibData = tdldList.get(0);
tdldList = new ArrayList();
if (StringUtil.isNullOrEmpty(firstLineLibData.getColumnPosition())) {
firstLineLibData.setColumnPosition("1");
}
if (StringUtil.isNullOrEmpty(firstLineLibData.getValue())) {
firstLineLibData.setValue(secondLineSubData[0]);
}
if (StringUtil.isNullOrEmpty(firstLineLibData.getColumn())) {
firstLineLibData.setColumn(firstLineSubData[0]);
}
tdldList.add(firstLineLibData);
for (String item : firstLineSubData) {
TestDataLibData tdld = tdldFactory.create(null, dataLibWithUploadedFile.getTestDataLibID(), item + "_" + y, secondLineSubData[i], item, null, Integer.toString(y), null);
tdldList.add(tdld);
i++;
y++;
}
// Update the Database with the new list.
} finally {
try {
file.getInputStream().close();
} catch (Throwable ignore) {
}
}
}
ans = tdldService.compareListAndUpdateInsertDeleteElements(dataLibWithUploadedFile.getTestDataLibID(), tdldList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
/**
* Formating and returning the json result.
*/
// sets the message returned by the operations
jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
} catch (JSONException ex) {
LOG.warn(ex);
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
response.getWriter().flush();
}
}
Also used :
PolicyFactory(org.owasp.html.PolicyFactory)
HashMap(java.util.HashMap)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData)
ArrayList(java.util.ArrayList)
IParameterService(org.cerberus.crud.service.IParameterService)
ITestDataLibDataService(org.cerberus.crud.service.ITestDataLibDataService)
ApplicationContext(org.springframework.context.ApplicationContext)
ServletFileUpload(org.apache.commons.fileupload.servlet.ServletFileUpload)
ILogEventService(org.cerberus.crud.service.ILogEventService)
FileReader(java.io.FileReader)
TestDataLib(org.cerberus.crud.entity.TestDataLib)
IFactoryTestDataLib(org.cerberus.crud.factory.IFactoryTestDataLib)
IFactoryTestDataLib(org.cerberus.crud.factory.IFactoryTestDataLib)
JSONArray(org.json.JSONArray)
JSONException(org.json.JSONException)
AnswerItem(org.cerberus.util.answer.AnswerItem)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
FileItemFactory(org.apache.commons.fileupload.FileItemFactory)
DiskFileItemFactory(org.apache.commons.fileupload.disk.DiskFileItemFactory)
Answer(org.cerberus.util.answer.Answer)
FileItem(org.apache.commons.fileupload.FileItem)
JSONObject(org.json.JSONObject)
BufferedReader(java.io.BufferedReader)
ITestDataLibService(org.cerberus.crud.service.ITestDataLibService)
FileUploadException(org.apache.commons.fileupload.FileUploadException)
IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData)
TestDataLibData(org.cerberus.crud.entity.TestDataLibData)
Example 89 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class CreateProject method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
* @throws org.json.JSONException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String idProject = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("idProject"), "");
String code = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("VCCode"), "");
String description = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("Description"), "");
String active = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("Active"), "");
/**
* Checking all constrains before calling the services.
*/
if (idProject.isEmpty() || code.isEmpty()) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Project").replace("%OPERATION%", "Create").replace("%REASON%", "Some mendatory fields are missing!"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IProjectService projectService = appContext.getBean(IProjectService.class);
IFactoryProject factoryProject = appContext.getBean(IFactoryProject.class);
Project projectData = factoryProject.create(idProject, code, description, active, "");
ans = projectService.create(projectData);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Object created. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
IFactoryLogEvent factoryLogEvent = appContext.getBean(FactoryLogEvent.class);
logEventService.createForPrivateCalls("/CreateProject", "CREATE", "Create Project : ['" + idProject + "']", request);
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
IFactoryProject(org.cerberus.crud.factory.IFactoryProject)
Answer(org.cerberus.util.answer.Answer)
Project(org.cerberus.crud.entity.Project)
IFactoryProject(org.cerberus.crud.factory.IFactoryProject)
ApplicationContext(org.springframework.context.ApplicationContext)
IProjectService(org.cerberus.crud.service.IProjectService)
IFactoryLogEvent(org.cerberus.crud.factory.IFactoryLogEvent)
JSONObject(org.json.JSONObject)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ILogEventService(org.cerberus.crud.service.ILogEventService)
Example 90 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class CreateTestCase method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String test = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("test"), "");
String testcase = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("testCase"), "");
String originalTest = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("originalTest"), "");
String originalTestCase = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("originalTestCase"), "");
// Prepare the final answer.
MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
Answer finalAnswer = new Answer(msg1);
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(test) && StringUtil.isNullOrEmpty(testcase)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Case").replace("%OPERATION%", "Create").replace("%REASON%", "mandatory fields (test or testcase) are missing."));
finalAnswer.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
testCaseService = appContext.getBean(ITestCaseService.class);
testCaseLabelService = appContext.getBean(ITestCaseLabelService.class);
testCaseLabelFactory = appContext.getBean(IFactoryTestCaseLabel.class);
testCaseCountryService = appContext.getBean(ITestCaseCountryService.class);
testCaseCountryFactory = appContext.getBean(IFactoryTestCaseCountry.class);
testCaseCountryPropertiesService = appContext.getBean(ITestCaseCountryPropertiesService.class);
testCaseStepService = appContext.getBean(ITestCaseStepService.class);
testCaseStepActionService = appContext.getBean(ITestCaseStepActionService.class);
testCaseStepActionControlService = appContext.getBean(ITestCaseStepActionControlService.class);
TestCase testCaseData = getTestCaseFromRequest(request);
ans = testCaseService.create(testCaseData);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Object created. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/CreateTestCase", "CREATE", "Create TestCase : ['" + testcase + "']", request);
// Update labels
if (request.getParameter("labelList") != null) {
JSONArray objLabelArray = new JSONArray(request.getParameter("labelList"));
List<TestCaseLabel> labelList = new ArrayList();
labelList = getLabelListFromRequest(request, appContext, test, testcase, objLabelArray);
// Update the Database with the new list.
ans = testCaseLabelService.compareListAndUpdateInsertDeleteElements(test, testcase, labelList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
// Update Countries
if (request.getParameter("countryList") != null) {
JSONArray objCountryArray = new JSONArray(request.getParameter("countryList"));
List<TestCaseCountry> tccList = new ArrayList();
tccList = getCountryListFromRequest(request, appContext, test, testcase, objCountryArray);
// Update the Database with the new list.
ans = testCaseCountryService.compareListAndUpdateInsertDeleteElements(test, testcase, tccList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
// Duplicate other objects.
List<TestCaseCountryProperties> tccpList = new ArrayList();
List<TestCaseCountryProperties> newTccpList = new ArrayList();
if (!tccList.isEmpty() && ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
tccpList = testCaseCountryPropertiesService.findListOfPropertyPerTestTestCase(originalTest, originalTestCase);
// Build a new list with the countries that exist for the testcase.
for (TestCaseCountryProperties curTccp : tccpList) {
if (testCaseCountryService.exist(test, testcase, curTccp.getCountry())) {
newTccpList.add(curTccp);
}
}
if (!newTccpList.isEmpty()) {
ans = testCaseCountryPropertiesService.duplicateList(newTccpList, test, testcase);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
}
List<TestCaseStep> tcsList = new ArrayList();
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
tcsList = testCaseStepService.getListOfSteps(originalTest, originalTestCase);
if (!tcsList.isEmpty()) {
ans = testCaseStepService.duplicateList(tcsList, test, testcase);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
List<TestCaseStepAction> tcsaList = new ArrayList();
if (!tcsList.isEmpty() && ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
tcsaList = testCaseStepActionService.findTestCaseStepActionbyTestTestCase(originalTest, originalTestCase);
if (!tcsaList.isEmpty()) {
ans = testCaseStepActionService.duplicateList(tcsaList, test, testcase);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
if (!tcsList.isEmpty() && !tcsaList.isEmpty() && ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
List<TestCaseStepActionControl> tcsacList = testCaseStepActionControlService.findControlByTestTestCase(originalTest, originalTestCase);
if (!tcsacList.isEmpty()) {
ans = testCaseStepActionControlService.duplicateList(tcsacList, test, testcase);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
ITestCaseStepActionService(org.cerberus.crud.service.ITestCaseStepActionService)
TestCaseStepAction(org.cerberus.crud.entity.TestCaseStepAction)
TestCaseCountryProperties(org.cerberus.crud.entity.TestCaseCountryProperties)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
ArrayList(java.util.ArrayList)
TestCaseStep(org.cerberus.crud.entity.TestCaseStep)
ITestCaseCountryService(org.cerberus.crud.service.ITestCaseCountryService)
ApplicationContext(org.springframework.context.ApplicationContext)
ITestCaseCountryPropertiesService(org.cerberus.crud.service.ITestCaseCountryPropertiesService)
ITestCaseService(org.cerberus.crud.service.ITestCaseService)
ILogEventService(org.cerberus.crud.service.ILogEventService)
TestCaseCountry(org.cerberus.crud.entity.TestCaseCountry)
IFactoryTestCaseCountry(org.cerberus.crud.factory.IFactoryTestCaseCountry)
TestCaseStepActionControl(org.cerberus.crud.entity.TestCaseStepActionControl)
ITestCaseLabelService(org.cerberus.crud.service.ITestCaseLabelService)
ITestCaseStepService(org.cerberus.crud.service.ITestCaseStepService)
TestCaseLabel(org.cerberus.crud.entity.TestCaseLabel)
IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel)
JSONArray(org.json.JSONArray)
IFactoryTestCaseCountry(org.cerberus.crud.factory.IFactoryTestCaseCountry)
ITestCaseStepActionControlService(org.cerberus.crud.service.ITestCaseStepActionControlService)
Answer(org.cerberus.util.answer.Answer)
JSONObject(org.json.JSONObject)
TestCase(org.cerberus.crud.entity.TestCase)
IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel)
Aggregations
PolicyFactory (org.owasp.html.PolicyFactory)123
ApplicationContext (org.springframework.context.ApplicationContext)116
JSONObject (org.json.JSONObject)115
MessageEvent (org.cerberus.engine.entity.MessageEvent)93
AnswerItem (org.cerberus.util.answer.AnswerItem)74
JSONException (org.json.JSONException)70
ILogEventService (org.cerberus.crud.service.ILogEventService)62
Answer (org.cerberus.util.answer.Answer)60
CerberusException (org.cerberus.exception.CerberusException)35
IOException (java.io.IOException)32
ServletException (javax.servlet.ServletException)31
JSONArray (org.json.JSONArray)24
ITestCaseService (org.cerberus.crud.service.ITestCaseService)19
TestCase (org.cerberus.crud.entity.TestCase)17
ArrayList (java.util.ArrayList)14
LogEventService (org.cerberus.crud.service.impl.LogEventService)11
TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10
IParameterService (org.cerberus.crud.service.IParameterService)9
TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7
ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7
