Examples with PolicyFactory org.owasp.html.PolicyFactory used on opensource projects

Search in sources :

Example 6 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class TestCaseActionExecutionDetail method doPost.

@Override
protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    ITestCaseStepActionExecutionService testCaseExecutionDetailService = appContext.getBean(ITestCaseStepActionExecutionService.class);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String test = policy.sanitize(httpServletRequest.getParameter("test"));
    String testcase = policy.sanitize(httpServletRequest.getParameter("testcase"));
    String country = policy.sanitize(httpServletRequest.getParameter("country"));
    JSONArray data = testCaseExecutionDetailService.lastActionExecutionDuration(test, testcase, country);
    try {
        httpServletResponse.setContentType("application/json");
        httpServletResponse.getWriter().print(data.toString());
    } catch (Exception e) {
        httpServletResponse.setContentType("text/html");
        httpServletResponse.getWriter().print(e.getMessage());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONArray(org.json.JSONArray) ITestCaseStepActionExecutionService(org.cerberus.crud.service.ITestCaseStepActionExecutionService) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 7 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class SetTagToExecution method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    ITestCaseExecutionService executionService = appContext.getBean(ITestCaseExecutionService.class);
    try {
        String id = policy.sanitize(request.getParameter("executionId"));
        String tag = policy.sanitize(request.getParameter("newTag"));
        executionService.setTagToExecution(Long.valueOf(id), tag);
        // Create Tag when exist.
        if (!StringUtil.isNullOrEmpty(tag)) {
            // We create or update it.
            ITagService tagService = appContext.getBean(ITagService.class);
            tagService.createAuto(tag, "", request.getRemoteUser());
        }
        /* TODO output your page here. You may use following sample code. */
        out.println("<!DOCTYPE html>");
        out.println("<html>");
        out.println("<head>");
        out.println("<title>Servlet SetTagToExecution</title>");
        out.println("</head>");
        out.println("<body>");
        out.println("<h1>Servlet SetTagToExecution at " + request.getContextPath() + "</h1>");
        out.println("</body>");
        out.println("</html>");
    } catch (CerberusException ex) {
        LOG.warn(ex);
    } finally {
        out.close();
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) CerberusException(org.cerberus.exception.CerberusException) PolicyFactory(org.owasp.html.PolicyFactory) ITagService(org.cerberus.crud.service.ITagService) ITestCaseExecutionService(org.cerberus.crud.service.ITestCaseExecutionService) PrintWriter(java.io.PrintWriter)

Example 8 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class UpdateRobot method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
    JSONObject jsonResponse = new JSONObject();
    Answer ans = new Answer();
    Gson gson = new Gson();
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    ans.setResultMessage(msg);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    String charset = request.getCharacterEncoding();
    /**
     * Parsing and securing all required parameters.
     */
    // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
    // Parameter that needs to be secured --> We SECURE+DECODE them
    String robot = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("robot"), null, charset);
    String port = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("port"), null, charset);
    String platform = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("platform"), null, charset);
    String browser = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("browser"), null, charset);
    String version = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("version"), "", charset);
    String active = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("active"), "Y", charset);
    String description = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("description"), "", charset);
    String userAgent = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("useragent"), "", charset);
    String screenSize = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("screensize"), "", charset);
    String hostUser = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("hostUsername"), null, charset);
    String hostPassword = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("hostPassword"), null, charset);
    // Parameter that we cannot secure as we need the html --> We DECODE them
    String host = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("host"), null, charset);
    String robotDecli = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("robotDecli"), null, charset);
    List<RobotCapability> capabilities = (List<RobotCapability>) (request.getParameter("capabilities") == null ? Collections.emptyList() : gson.fromJson(request.getParameter("capabilities"), new TypeToken<List<RobotCapability>>() {
    }.getType()));
    // Securing capabilities by setting them the associated robot name
    // Check also if there is no duplicated capability
    Map<String, Object> capabilityMap = new HashMap<String, Object>();
    for (RobotCapability capability : capabilities) {
        capabilityMap.put(capability.getCapability(), null);
        capability.setRobot(robot);
    }
    Integer robotid = 0;
    boolean robotid_error = true;
    try {
        if (request.getParameter("robotid") != null && !request.getParameter("robotid").equals("")) {
            robotid = Integer.valueOf(policy.sanitize(request.getParameter("robotid")));
            robotid_error = false;
        }
    } catch (Exception ex) {
        robotid_error = true;
    }
    /**
     * Checking all constrains before calling the services.
     */
    if (StringUtil.isNullOrEmpty(robot)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot").replace("%OPERATION%", "Update").replace("%REASON%", "Robot name is missing."));
        ans.setResultMessage(msg);
    } else if (StringUtil.isNullOrEmpty(host)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot").replace("%OPERATION%", "Update").replace("%REASON%", "Robot host is missing."));
        ans.setResultMessage(msg);
    } else if (StringUtil.isNullOrEmpty(platform)) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot").replace("%OPERATION%", "Update").replace("%REASON%", "Robot platform is missing."));
        ans.setResultMessage(msg);
    } else if (robotid_error) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot").replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert robotid to an integer value or robotid is missing."));
        ans.setResultMessage(msg);
    } else if (capabilityMap.size() != capabilities.size()) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot").replace("%OPERATION%", "Create").replace("%REASON%", "There is at least one duplicated capability. Please edit or remove it to continue."));
        ans.setResultMessage(msg);
    } else {
        /**
         * All data seems cleans so we can call the services.
         */
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IRobotService robotService = appContext.getBean(IRobotService.class);
        AnswerItem resp = robotService.readByKeyTech(robotid);
        if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
            /**
             * Object could not be found. We stop here and report the error.
             */
            msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
            msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot").replace("%OPERATION%", "Update").replace("%REASON%", "Robot does not exist."));
            ans.setResultMessage(msg);
        } else {
            /**
             * The service was able to perform the query and confirm the
             * object exist, then we can update it.
             */
            Robot robotData = (Robot) resp.getItem();
            robotData.setRobot(robot);
            robotData.setHost(host);
            robotData.setPort(port);
            robotData.setPlatform(platform);
            robotData.setBrowser(browser);
            robotData.setVersion(version);
            robotData.setActive(active);
            robotData.setDescription(description);
            robotData.setUserAgent(userAgent);
            robotData.setCapabilities(capabilities);
            robotData.setScreenSize(screenSize);
            robotData.setHostUser(hostUser);
            robotData.setHostPassword(hostPassword);
            robotData.setRobotDecli(robotDecli);
            ans = robotService.update(robotData);
            if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
                /**
                 * Update was successful. Adding Log entry.
                 */
                ILogEventService logEventService = appContext.getBean(LogEventService.class);
                logEventService.createForPrivateCalls("/UpdateRobot", "UPDATE", "Updated Robot : ['" + robotid + "'|'" + robot + "']", request);
            }
        }
    }
    /**
     * Formating and returning the json result.
     */
    jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
    jsonResponse.put("message", ans.getResultMessage().getDescription());
    response.getWriter().print(jsonResponse);
    response.getWriter().flush();
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) HashMap(java.util.HashMap) MessageEvent(org.cerberus.engine.entity.MessageEvent) Gson(com.google.gson.Gson) AnswerItem(org.cerberus.util.answer.AnswerItem) ServletException(javax.servlet.ServletException) JSONException(org.json.JSONException) IOException(java.io.IOException) CerberusException(org.cerberus.exception.CerberusException) IRobotService(org.cerberus.crud.service.IRobotService) Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) ILogEventService(org.cerberus.crud.service.ILogEventService) List(java.util.List) JSONObject(org.json.JSONObject) RobotCapability(org.cerberus.crud.entity.RobotCapability) Robot(org.cerberus.crud.entity.Robot)

Example 9 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class CreateTestDataLib method getSubDataFromParameter.

private List<TestDataLibData> getSubDataFromParameter(HttpServletRequest request, ApplicationContext appContext, int testDataLibId, JSONArray json) throws JSONException {
    List<TestDataLibData> tdldList = new ArrayList();
    IFactoryTestDataLibData tdldFactory = appContext.getBean(IFactoryTestDataLibData.class);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    for (int i = 0; i < json.length(); i++) {
        JSONObject objectJson = json.getJSONObject(i);
        // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
        boolean delete = objectJson.getBoolean("toDelete");
        Integer testDataLibDataId = objectJson.getInt("testDataLibDataID");
        // Parameter that needs to be secured --> We SECURE+DECODE them
        // NONE
        // Parameter that we cannot secure as we need the html --> We DECODE them
        String subdata = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("subData"), "", charset);
        String value = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("value"), "", charset);
        String column = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("column"), "", charset);
        String parsingAnswer = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("parsingAnswer"), "", charset);
        String columnPosition = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("columnPosition"), "", charset);
        String description = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("description"), "", charset);
        if (!delete) {
            TestDataLibData tdld = tdldFactory.create(testDataLibDataId, testDataLibId, subdata, value, column, parsingAnswer, columnPosition, description);
            tdldList.add(tdld);
        }
    }
    return tdldList;
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) ArrayList(java.util.ArrayList) IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData) IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData) TestDataLibData(org.cerberus.crud.entity.TestDataLibData)

Example 10 with PolicyFactory

use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.

the class UpdateTestDataLib method getSubDataFromParameter.

private List<TestDataLibData> getSubDataFromParameter(HttpServletRequest request, ApplicationContext appContext, int testDataLibId, JSONArray json) throws JSONException {
    List<TestDataLibData> tdldList = new ArrayList();
    IFactoryTestDataLibData tdldFactory = appContext.getBean(IFactoryTestDataLibData.class);
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    String charset = request.getCharacterEncoding();
    for (int i = 0; i < json.length(); i++) {
        JSONObject objectJson = json.getJSONObject(i);
        // Parameter that are already controled by GUI (no need to decode) --> We SECURE them
        boolean delete = objectJson.getBoolean("toDelete");
        Integer testDataLibDataId = objectJson.getInt("testDataLibDataID");
        // Parameter that needs to be secured --> We SECURE+DECODE them
        // NONE
        // Parameter that we cannot secure as we need the html --> We DECODE them
        String subdata = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("subData"), "", charset);
        String value = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("value"), "", charset);
        String column = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("column"), "", charset);
        String parsingAnswer = ParameterParserUtil.parseStringParam(objectJson.getString("parsingAnswer"), "");
        String columnPosition = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("columnPosition"), "", charset);
        String description = ParameterParserUtil.parseStringParamAndDecode(objectJson.getString("description"), "", charset);
        if (!delete) {
            TestDataLibData tdld = tdldFactory.create(testDataLibDataId, testDataLibId, subdata, value, column, parsingAnswer, columnPosition, description);
            tdldList.add(tdld);
        }
    }
    return tdldList;
}
Also used : PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) ArrayList(java.util.ArrayList) IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData) IFactoryTestDataLibData(org.cerberus.crud.factory.IFactoryTestDataLibData) TestDataLibData(org.cerberus.crud.entity.TestDataLibData)

Aggregations

PolicyFactory (org.owasp.html.PolicyFactory)123 ApplicationContext (org.springframework.context.ApplicationContext)116 JSONObject (org.json.JSONObject)115 MessageEvent (org.cerberus.engine.entity.MessageEvent)93 AnswerItem (org.cerberus.util.answer.AnswerItem)74 JSONException (org.json.JSONException)70 ILogEventService (org.cerberus.crud.service.ILogEventService)62 Answer (org.cerberus.util.answer.Answer)60 CerberusException (org.cerberus.exception.CerberusException)35 IOException (java.io.IOException)32 ServletException (javax.servlet.ServletException)31 JSONArray (org.json.JSONArray)24 ITestCaseService (org.cerberus.crud.service.ITestCaseService)19 TestCase (org.cerberus.crud.entity.TestCase)17 ArrayList (java.util.ArrayList)14 LogEventService (org.cerberus.crud.service.impl.LogEventService)11 TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10 IParameterService (org.cerberus.crud.service.IParameterService)9 TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7 ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial