Search in sources :

Example 91 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class CreateTestCase method getTestCaseFromRequest.

// </editor-fold>
private TestCase getTestCaseFromRequest(HttpServletRequest request) throws CerberusException, JSONException {
    TestCase tc = new TestCase();
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    // Parameter that needs to be secured --> We SECURE+DECODE them
    tc.setImplementer(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("implementer"), "", charset));
    tc.setUsrCreated(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getUserPrincipal().getName(), "", charset));
    tc.setUsrModif(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getUserPrincipal().getName(), "", charset));
    if (StringUtils.isEmpty(request.getParameter("project"))) {
        tc.setProject(null);
    } else {
        tc.setProject(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("project"), "", charset));
    }
    tc.setApplication(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("application"), "", charset));
    tc.setActiveQA(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("activeQA"), "", charset));
    tc.setActiveUAT(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("activeUAT"), "", charset));
    tc.setActivePROD(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("activeProd"), "", charset));
    tc.setFromBuild(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("fromSprint"), "", charset));
    tc.setFromRev(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("fromRev"), "", charset));
    tc.setToBuild(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("toSprint"), "", charset));
    tc.setToRev(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("toRev"), "", charset));
    tc.setTcActive(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("active"), "", charset));
    tc.setTargetBuild(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("targetSprint"), "", charset));
    tc.setTargetRev(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("targetRev"), "", charset));
    tc.setPriority(ParameterParserUtil.parseIntegerParamAndDecode(request.getParameter("priority"), 0, charset));
    tc.setTest(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("test"), "", charset));
    tc.setTestCase(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("testCase"), "", charset));
    tc.setTicket(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("ticket"), "", charset));
    tc.setOrigine(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("origin"), "", charset));
    tc.setRefOrigine(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("refOrigin"), "", charset));
    tc.setGroup(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("group"), "", charset));
    tc.setStatus(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("status"), "", charset));
    tc.setDescription(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("shortDesc"), "", charset));
    tc.setBugID(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("bugId"), "", charset));
    tc.setComment(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("comment"), "", charset));
    tc.setFunction(ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("function"), "", charset));
    tc.setTestCaseVersion(0);
    // Parameter that we cannot secure as we need the html --> We DECODE them
    tc.setHowTo(ParameterParserUtil.parseStringParamAndDecode(request.getParameter("howTo"), "", charset));
    tc.setBehaviorOrValueExpected(ParameterParserUtil.parseStringParamAndDecode(request.getParameter("behaviorOrValueExpected"), "", charset));
    return tc;
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) TestCase(org.cerberus.crud.entity.TestCase)

Example 92 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class CreateTestCaseLabel method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    ILogEventService logEventService = appContext.getBean(LogEventService.class);
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    // Parameter that needs to be secured --> We SECURE+DECODE them
    // Parameter that we cannot secure as we need the html --> We DECODE them
    Integer myIdInt = 0;
    String[] myLabelIdList = request.getParameterValues("labelid");
    String[] myTestList = request.getParameterValues("test");
    String[] myTestCaseList = request.getParameterValues("testcase");
    if ((myTestList.length == 0) || (myTestCaseList.length == 0) || (myLabelIdList.length == 0)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Create").replace("%REASON%", "Missing Parameter (either test, testcase or labelid)."));
        ans.setResultMessage(msg);
    } else if (myTestList.length != myTestCaseList.length) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Create").replace("%REASON%", "Number of Test does not match number of testcase."));
        ans.setResultMessage(msg);
    }
    StringBuilder output_message = new StringBuilder();
    int massErrorCounter = 0;
    for (int i = 0; i < myLabelIdList.length; i++) {
        String myLabelId = myLabelIdList[i];
        myIdInt = 0;
        boolean label_error = true;
        try {
            if (myLabelId != null && !myLabelId.equals("")) {
                myIdInt = Integer.valueOf(policy.sanitize(myLabelId));
                label_error = false;
            }
        } catch (Exception ex) {
            label_error = true;
        }
        /**
         * Checking all constrains before calling the services.
         */
        if (label_error) {
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert labelid to an integer value or labelid is missing."));
            ans.setResultMessage(msg);
            massErrorCounter++;
            output_message.append("<br>id : ").append(myLabelId).append(" - ").append(msg.getDescription());
        } else {
            /**
             * All data seems cleans so we can call the services.
             */
            ILabelService labelService = appContext.getBean(ILabelService.class);
            IFactoryTestCaseLabel factoryTestCaseLabel = appContext.getBean(IFactoryTestCaseLabel.class);
            ITestCaseLabelService testCaseLabelService = appContext.getBean(ITestCaseLabelService.class);
            ITestCaseService testCaseService = appContext.getBean(ITestCaseService.class);
            IApplicationService applicationService = appContext.getBean(IApplicationService.class);
            AnswerItem resp = labelService.readByKey(myIdInt);
            if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
                /**
                 * Object could not be found. We stop here and report the
                 * error.
                 */
                msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
                msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Create").replace("%REASON%", "Label does not exist."));
                ans.setResultMessage(msg);
                massErrorCounter++;
                output_message.append("<br>labelid : ").append(myLabelId).append(" - ").append(msg.getDescription());
            } else {
                Label myLab = (Label) resp.getItem();
                for (int j = 0; j < myTestList.length; j++) {
                    String myTest = myTestList[j];
                    String myTestCase = myTestCaseList[j];
                    resp = testCaseService.readByKey(myTest, myTestCase);
                    if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
                        /**
                         * Object could not be found. We stop here and
                         * report the error.
                         */
                        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
                        msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Create").replace("%REASON%", "Test Case does not exist."));
                        ans.setResultMessage(msg);
                        massErrorCounter++;
                        output_message.append("<br>testcase : ").append(myLabelId).append(" - ").append(msg.getDescription());
                    } else {
                        TestCase myTestCaseObj = (TestCase) resp.getItem();
                        resp = applicationService.readByKey(myTestCaseObj.getApplication());
                        if ((resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
                            Application myApplication = (Application) resp.getItem();
                            if ((StringUtil.isNullOrEmpty(myLab.getSystem())) || (myApplication.getSystem().equals(myLab.getSystem()))) {
                                TestCaseLabel tcLabel = factoryTestCaseLabel.create(0, myTest, myTestCase, myIdInt, request.getRemoteUser(), null, "", null, null);
                                ans = testCaseLabelService.create(tcLabel);
                                if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                                    /**
                                     * Update was successful. Adding Log
                                     * entry.
                                     */
                                    logEventService.createForPrivateCalls("/CreateTestCaseLabel", "CREATE", "Created TestCaseLabel : ['" + myIdInt + "'|'" + myTest + "'|'" + myTestCase + "']", request);
                                } else {
                                    massErrorCounter++;
                                    output_message.append("<br>Label : ").append(myLabelId).append(" Test : '").append(myTest).append("' TestCase : '").append(myTestCase).append("' - ").append(ans.getResultMessage().getDescription());
                                }
                            } else {
                                massErrorCounter++;
                                output_message.append("<br>Label : ").append(myLabelId).append(" Test : '").append(myTest).append("' TestCase : '").append(myTestCase).append("' - ").append("Label does not belong to the same system as TestCase system.");
                            }
                        }
                    }
                }
            }
        }
    }
    if (myTestList.length > 1) {
        if (massErrorCounter == myTestList.length) {
            // All updates are in ERROR.
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Mass Update").replace("%REASON%", massErrorCounter + " label links(s) out of " + (myTestList.length * myLabelIdList.length) + " failed to be created due to an issue.<br>") + output_message.toString());
            ans.setResultMessage(msg);
        } else if (massErrorCounter > 0) {
            // At least 1 update in error
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_WARNING);
            msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Mass Update").replace("%REASON%", massErrorCounter + " label links(s) out of " + (myTestList.length * myLabelIdList.length) + " failed to be created due to an issue.<br>") + output_message.toString());
            ans.setResultMessage(msg);
        } else {
            // No error detected.
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
            msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Mass Update") + "\n\nAll " + (myTestList.length * myLabelIdList.length) + " label links(s) created successfuly.");
            ans.setResultMessage(msg);
        }
        logEventService.createForPrivateCalls("/CreateTestCaseLabel", "MASSUPDATE", msg.getDescription(), request);
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) TestCaseLabel(org.cerberus.crud.entity.TestCaseLabel) IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel) TestCaseLabel(org.cerberus.crud.entity.TestCaseLabel) Label(org.cerberus.crud.entity.Label) IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel) AnswerItem(org.cerberus.util.answer.AnswerItem) ServletException(javax.servlet.ServletException) JSONException(org.json.JSONException) IOException(java.io.IOException) CerberusException(org.cerberus.exception.CerberusException) ILabelService(org.cerberus.crud.service.ILabelService) Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) TestCase(org.cerberus.crud.entity.TestCase) ITestCaseService(org.cerberus.crud.service.ITestCaseService) ILogEventService(org.cerberus.crud.service.ILogEventService) Application(org.cerberus.crud.entity.Application) IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel) ITestCaseLabelService(org.cerberus.crud.service.ITestCaseLabelService) IApplicationService(org.cerberus.crud.service.IApplicationService)

Example 93 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class DeleteTest method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request  servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException      if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Parsing and securing all required parameters.
    String key = policy.sanitize(request.getParameter("test"));
    // Checking all constrains before calling the services.
    if (StringUtil.isNull(key)) {
        ans.setResultMessage(new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED).resolveDescription("ITEM", "Test").resolveDescription("OPERATION", "Delete").resolveDescription("REASON", "Test name is missing."));
    } else {
        // All data seems cleans so we can call the services.
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        ITestService testService = appContext.getBean(ITestService.class);
        AnswerItem resp = testService.readByKey(key);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            // Object could not be found. We stop here and report the error.
            ans.setResultMessage(new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED).resolveDescription("ITEM", "Test").resolveDescription("OPERATION", "Delete").resolveDescription("REASON", "Test does not exist"));
        } else {
            // The service was able to perform the query and confirm the object exist
            Test testData = (Test) resp.getItem();
            // Check if there is no associated Test Cases defining Step which is used OUTSIDE of the deleting Test
            try {
                final Collection<TestCaseStep> externallyUsedTestCaseSteps = externallyUsedTestCaseSteps(testData);
                if (!externallyUsedTestCaseSteps.isEmpty()) {
                    final String cerberusUrl = appContext.getBean(IParameterService.class).findParameterByKey("cerberus_url", "").getValue();
                    ans.setResultMessage(new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED).resolveDescription("ITEM", "Test").resolveDescription("OPERATION", "Delete").resolveDescription("REASON", "You are trying to remove a Test which contains Test Case Steps which are currently used by other Test Case Steps outside of the removing Test. Please remove this link before to proceed: " + Collections2.transform(externallyUsedTestCaseSteps, new Function<TestCaseStep, String>() {

                        @Override
                        @Nullable
                        public String apply(@Nullable final TestCaseStep input) {
                            return String.format("<a href='%s/TestCaseScript.jsp?test=%s&testcase=%s&step=%s'>%s/%s#%s</a>", cerberusUrl, input.getTest(), input.getTestCase(), input.getStep(), input.getTest(), input.getTestCase(), input.getStep());
                        }
                    })));
                } else {
                    // Test seems clean, process to delete
                    ans = testService.delete(testData);
                    if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                        // Delete was successful. Adding Log entry.
                        ILogEventService logEventService = appContext.getBean(LogEventService.class);
                        logEventService.createForPrivateCalls("/DeleteTest", "DELETE", "Delete Test : ['" + key + "']", request);
                    }
                }
            } catch (final CerberusException e) {
                LOGGER.error(e.getMessage(), e);
                ans.setResultMessage(new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED).resolveDescription("DESCRIPTION", "Unexpected error: " + e.getMessage()));
            }
        }
    }
    // Formating and returning the json result.
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse.toString());
    response.getWriter().flush();
}
Also used : CerberusException(org.cerberus.exception.CerberusException) PolicyFactory(org.owasp.html.PolicyFactory) MessageEvent(org.cerberus.engine.entity.MessageEvent) TestCaseStep(org.cerberus.crud.entity.TestCaseStep) AnswerItem(org.cerberus.util.answer.AnswerItem) Answer(org.cerberus.util.answer.Answer) Function(com.google.common.base.Function) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) ITestService(org.cerberus.crud.service.ITestService) Test(org.cerberus.crud.entity.Test) ILogEventService(org.cerberus.crud.service.ILogEventService) Nullable(javax.annotation.Nullable)

Example 94 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class DeleteTestCaseCountry method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    response.setContentType("application/json");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    /**
     * Parsing and securing all required parameters.
     */
    String test = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("test"), "", charset);
    String testcase = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("testCase"), null, charset);
    String country = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("country"), "", charset);
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    /**
     * Checking all constrains before calling the services.
     */
    if (testcase == null || (StringUtil.isNullOrEmpty(test)) || (StringUtil.isNullOrEmpty(country))) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseCountry").replace("%OPERATION%", "Delete").replace("%REASON%", "test or testCase or country is missing!"));
        ans.setResultMessage(msg);
    } else {
        // Checking the autorities here.
        ITestCaseService testCaseService = appContext.getBean(ITestCaseService.class);
        AnswerItem resp = testCaseService.readByKey(test, testcase);
        TestCase tc = (TestCase) resp.getItem();
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseCountry").replace("%OPERATION%", "Create").replace("%REASON%", "TestCase does not exist."));
            ans.setResultMessage(msg);
        } else if (!request.isUserInRole("Test")) {
            // We cannot update the testcase if the user is not at least in Test role.
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseCountry").replace("%OPERATION%", "Create").replace("%REASON%", "Not enought privilege to create the testCaseCountry. You must belong to Test Privilege."));
            ans.setResultMessage(msg);
        } else if ((tc.getStatus().equalsIgnoreCase("WORKING")) && !(request.isUserInRole("TestAdmin"))) {
            // If Test Case is WORKING we need TestAdmin priviliges.
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseCountry").replace("%OPERATION%", "Create").replace("%REASON%", "Not enought privilege to create the testCaseCountry. The test case is in WORKING status and needs TestAdmin privilege to be updated"));
            ans.setResultMessage(msg);
        } else {
            /**
             * All data seems cleans so we can call the services.
             */
            ITestCaseCountryService testCaseCountryService = appContext.getBean(ITestCaseCountryService.class);
            resp = testCaseCountryService.readByKey(test, testcase, country);
            if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
                /**
                 * Object could not be found. We stop here and report the
                 * error.
                 */
                msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
                msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseCountry").replace("%OPERATION%", "Delete").replace("%REASON%", "TestCaseCountry does not exist."));
                ans.setResultMessage(msg);
            } else {
                /**
                 * The service was able to perform the query and confirm the
                 * object exist, then we can delete it.
                 */
                TestCaseCountry testCaseCountryData = (TestCaseCountry) resp.getItem();
                ans = testCaseCountryService.delete(testCaseCountryData);
                if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                    /**
                     * Delete was successful. Adding Log entry.
                     */
                    ILogEventService logEventService = appContext.getBean(LogEventService.class);
                    logEventService.createForPrivateCalls("/DeleteTestCaseCountry", "DELETE", "Delete TestCaseCountry : ['" + test + "'|'" + testcase + "'|'" + country + "']", request);
                }
            }
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse.toString());
    response.getWriter().flush();
}
Also used : Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) PolicyFactory(org.owasp.html.PolicyFactory) TestCase(org.cerberus.crud.entity.TestCase) MessageEvent(org.cerberus.engine.entity.MessageEvent) ITestCaseService(org.cerberus.crud.service.ITestCaseService) TestCaseCountry(org.cerberus.crud.entity.TestCaseCountry) ILogEventService(org.cerberus.crud.service.ILogEventService) AnswerItem(org.cerberus.util.answer.AnswerItem) ITestCaseCountryService(org.cerberus.crud.service.ITestCaseCountryService)

Example 95 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class ReadTestDataLib method process.

protected void process(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    AnswerItem answer = new AnswerItem(msg);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    /**
     * Parsing and securing all required parameters.
     */
    String name = policy.sanitize(request.getParameter("name"));
    String country = policy.sanitize(request.getParameter("country"));
    boolean like = ParameterParserUtil.parseBooleanParam(request.getParameter("like"), false);
    String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
    Integer testDataLibId = 0;
    Integer limit = -1;
    boolean hasError = true;
    try {
        if (request.getParameter("testdatalibid") != null && !request.getParameter("testdatalibid").isEmpty()) {
            testDataLibId = Integer.parseInt(request.getParameter("testdatalibid"));
            hasError = false;
        }
    } catch (NumberFormatException ex) {
        LOG.warn(ex);
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Data Library"));
        msg.setDescription(msg.getDescription().replace("%OPERATION%", "Read"));
        msg.setDescription(msg.getDescription().replace("%REASON%", "Test data library id must be an integer value."));
        answer.setResultMessage(msg);
        hasError = true;
    }
    try {
        // if the limit fails to be converted there is no problem because in the database we use the default value
        if (request.getParameter("limit") != null && !request.getParameter("limit").isEmpty()) {
            limit = Integer.parseInt(request.getParameter("limit"));
        }
    } catch (NumberFormatException ex) {
        LOG.warn(ex);
    }
    // Global boolean on the servlet that define if the user has permition to edit and delete object.
    boolean userHasPermissions = request.isUserInRole("TestDataManager");
    try {
        JSONObject jsonResponse;
        if (request.getParameter("testdatalibid") != null && !hasError) {
            if (request.getParameter("name") != null && request.getParameter("country") != null) {
                // gets all test cases that use a library
                answer = getTestCasesUsingTestDataLib(testDataLibId, name, country, appContext, userHasPermissions);
            } else {
                // gets a lib by id
                answer = findTestDataLibByID(testDataLibId, appContext, userHasPermissions);
            }
        } else if (request.getParameter("name") != null && request.getParameter("limit") != null && request.getParameter("like") != null) {
            answer = findTestDataLibNameList(name, limit, like, appContext);
        } else if (request.getParameter("groups") != null) {
            // gets the list of distinct groups
            answer = findDistinctGroups(appContext);
        } else if (!Strings.isNullOrEmpty(columnName)) {
            answer = findDistinctValuesOfColumn(appContext, request, columnName);
            jsonResponse = (JSONObject) answer.getItem();
        } else {
            // no parameters, then retrieves the full list
            answer = findTestDataLibList(appContext, request);
        }
        jsonResponse = (JSONObject) answer.getItem();
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem)

Aggregations

PolicyFactory (org.owasp.html.PolicyFactory)123 ApplicationContext (org.springframework.context.ApplicationContext)116 JSONObject (org.json.JSONObject)115 MessageEvent (org.cerberus.engine.entity.MessageEvent)93 AnswerItem (org.cerberus.util.answer.AnswerItem)74 JSONException (org.json.JSONException)70 ILogEventService (org.cerberus.crud.service.ILogEventService)62 Answer (org.cerberus.util.answer.Answer)60 CerberusException (org.cerberus.exception.CerberusException)35 IOException (java.io.IOException)32 ServletException (javax.servlet.ServletException)31 JSONArray (org.json.JSONArray)24 ITestCaseService (org.cerberus.crud.service.ITestCaseService)19 TestCase (org.cerberus.crud.entity.TestCase)17 ArrayList (java.util.ArrayList)14 LogEventService (org.cerberus.crud.service.impl.LogEventService)11 TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10 IParameterService (org.cerberus.crud.service.IParameterService)9 TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7 ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7