Example 16 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadRobot method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String robot = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("robot"), "");
Integer robotid = 0;
boolean robotid_error = false;
if (request.getParameter("robotid") != null) {
try {
if (request.getParameter("robotid") != null && !request.getParameter("robotid").equals("")) {
robotid = Integer.valueOf(policy.sanitize(request.getParameter("robotid")));
robotid_error = false;
}
} catch (Exception ex) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Robot"));
msg.setDescription(msg.getDescription().replace("%OPERATION%", "Read"));
msg.setDescription(msg.getDescription().replace("%REASON%", "robotid must be an integer value."));
robotid_error = true;
}
}
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("Integrator");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(msg);
try {
JSONObject jsonResponse = new JSONObject();
if (!robotid_error) {
if (!(request.getParameter("robotid") == null)) {
answer = findRobotByKeyTech(robotid, appContext, userHasPermissions);
jsonResponse = (JSONObject) answer.getItem();
} else if (!(request.getParameter("robot") == null)) {
answer = findRobotByKey(robot, appContext, request);
jsonResponse = (JSONObject) answer.getItem();
} else if (!Strings.isNullOrEmpty(columnName)) {
// If columnName is present, then return the distinct value of this column.
answer = findDistinctValuesOfColumn(appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else {
answer = findRobotList(appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
PolicyFactory(org.owasp.html.PolicyFactory)
JSONObject(org.json.JSONObject)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONException(org.json.JSONException)
AnswerItem(org.cerberus.util.answer.AnswerItem)
ServletException(javax.servlet.ServletException)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
CerberusException(org.cerberus.exception.CerberusException)
Example 17 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadTag method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String tag = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("tag"), "");
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("RunTest");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(msg);
try {
JSONObject jsonResponse = new JSONObject();
if (!(request.getParameter("id") == null)) {
answer = findTagByKeyTech(0, appContext, userHasPermissions);
jsonResponse = (JSONObject) answer.getItem();
} else if (!(request.getParameter("tag") == null)) {
answer = findTagByKey(tag, appContext, request);
jsonResponse = (JSONObject) answer.getItem();
} else if (!Strings.isNullOrEmpty(columnName)) {
// If columnName is present, then return the distinct value of this column.
answer = findDistinctValuesOfColumn(appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else {
answer = findTagList(appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
PolicyFactory(org.owasp.html.PolicyFactory)
JSONObject(org.json.JSONObject)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONException(org.json.JSONException)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Example 18 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ResultCI method processRequest.
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
/**
* Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(ILogEventService.class);
logEventService.createForPublicCalls("/ResultCI", "CALL", "ResultCI called : " + request.getRequestURL(), request);
String tag = policy.sanitize(request.getParameter("tag"));
String helpMessage = "\nThis servlet is used to profide a global OK or KO based on the number and status of the execution done on a specific tag.\n" + "The number of executions are ponderated by parameters by priority from cerberus_ci_okcoefprio1 to cerberus_ci_okcoefprio4.\n" + "Formula used is the following :\n" + "Nb Exe Prio 1 testcases * cerberus_ci_okcoefprio1 + Nb Exe Prio 2 testcases * cerberus_ci_okcoefprio2 +\n" + " Nb Exe Prio 3 testcases * cerberus_ci_okcoefprio3 + Nb Exe Prio 4 testcases * cerberus_ci_okcoefprio4\n\n" + "If not executions are found, the result is KO.\n" + "With at least 1 execution, if result is < 1 then global servlet result is OK. If not, it is KO.\n" + "All execution needs to have a status equal to KO, FA, NA or PE.\n\n" + "Parameter list :\n" + "- tag [mandatory] : Execution Tag to filter the test cases execution. [" + tag + "]\n";
DatabaseSpring database = appContext.getBean(DatabaseSpring.class);
Connection connection = database.connect();
try {
boolean error = false;
// Checking the parameter validity. Tag is a mandatory parameter
if (StringUtils.isBlank(tag)) {
out.println("Error - Parameter tag is mandatory.");
error = true;
}
if (!error) {
PreparedStatement prepStmt = connection.prepareStatement("SELECT count(*) AS NBKOP1 " + "FROM testcaseexecution t " + "JOIN " + "(SELECT Test,TestCase, Priority FROM testcase)b " + "ON b.test= t.test AND b.testcase=t.testcase " + "WHERE controlStatus not in ('OK') AND priority = '1' " + "AND tag = ?");
int nbkop1 = 0;
try {
prepStmt.setString(1, tag);
ResultSet rs_resultp1 = prepStmt.executeQuery();
try {
if (rs_resultp1.first()) {
nbkop1 = Integer.valueOf(rs_resultp1.getString("NBKOP1"));
}
} finally {
rs_resultp1.close();
}
} finally {
prepStmt.close();
}
PreparedStatement prepStmt2 = connection.prepareStatement("SELECT count(*) AS NBKOP2 " + "FROM testcaseexecution t " + "JOIN " + "(SELECT Test,TestCase, Priority FROM testcase)b " + "ON b.test= t.test AND b.testcase=t.testcase " + "WHERE controlStatus not in ('OK') AND priority = '2' " + "AND tag = ?");
int nbkop2 = 0;
try {
prepStmt2.setString(1, tag);
ResultSet rs_resultp2 = prepStmt2.executeQuery();
try {
if (rs_resultp2.first()) {
nbkop2 = Integer.valueOf(rs_resultp2.getString("NBKOP2"));
}
} finally {
rs_resultp2.close();
}
} finally {
prepStmt2.close();
}
PreparedStatement prepStmt3 = connection.prepareStatement("SELECT count(*) AS NBKOP3 " + "FROM testcaseexecution t " + "JOIN " + "(SELECT Test,TestCase, Priority FROM testcase)b " + "ON b.test= t.test AND b.testcase=t.testcase " + "WHERE controlStatus not in ('OK') AND priority = '3' " + "AND tag = ?");
int nbkop3 = 0;
try {
prepStmt3.setString(1, tag);
ResultSet rs_resultp3 = prepStmt3.executeQuery();
try {
if (rs_resultp3.first()) {
nbkop3 = Integer.valueOf(rs_resultp3.getString("NBKOP3"));
}
} finally {
rs_resultp3.close();
}
} finally {
prepStmt3.close();
}
PreparedStatement prepStmt4 = connection.prepareStatement("SELECT count(*) AS NBKOP4 " + "FROM testcaseexecution t " + "JOIN " + "(SELECT Test,TestCase, Priority FROM testcase)b " + "ON b.test= t.test AND b.testcase=t.testcase " + "WHERE controlStatus not in ('OK') AND priority = '4' " + "AND tag = ?");
int nbkop4 = 0;
try {
prepStmt4.setString(1, tag);
ResultSet rs_resultp4 = prepStmt4.executeQuery();
try {
if (rs_resultp4.first()) {
nbkop4 = Integer.valueOf(rs_resultp4.getString("NBKOP4"));
}
} finally {
rs_resultp4.close();
}
} finally {
prepStmt4.close();
}
IParameterService parameterService = appContext.getBean(IParameterService.class);
float pond1 = Float.valueOf(parameterService.findParameterByKey("cerberus_ci_okcoefprio1", "").getValue());
float pond2 = Float.valueOf(parameterService.findParameterByKey("cerberus_ci_okcoefprio2", "").getValue());
float pond3 = Float.valueOf(parameterService.findParameterByKey("cerberus_ci_okcoefprio3", "").getValue());
float pond4 = Float.valueOf(parameterService.findParameterByKey("cerberus_ci_okcoefprio4", "").getValue());
String result;
float resultCal = (nbkop1 * pond1) + (nbkop2 * pond2) + (nbkop3 * pond3) + (nbkop4 * pond4);
if (resultCal < 1) {
result = "OK";
} else {
result = "KO";
}
out.print(result);
// Log the result with calculation detail.
logEventService.createForPublicCalls("/ResultCI", "CALLRESULT", "ResultCI calculated with result [" + result + "] : " + nbkop1 + "*" + pond1 + " + " + nbkop2 + "*" + pond2 + " + " + nbkop3 + "*" + pond3 + " + " + nbkop4 + "*" + pond4 + " = " + resultCal, request);
} else {
// In case of errors, we display the help message.
out.println(helpMessage);
}
} catch (Exception e) {
out.println(e.getMessage());
} finally {
out.close();
try {
if (connection != null) {
connection.close();
}
} catch (SQLException e) {
LOG.warn(e.toString());
}
}
}
Also used :
PolicyFactory(org.owasp.html.PolicyFactory)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
IParameterService(org.cerberus.crud.service.IParameterService)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
SQLException(java.sql.SQLException)
ApplicationContext(org.springframework.context.ApplicationContext)
DatabaseSpring(org.cerberus.database.DatabaseSpring)
ResultSet(java.sql.ResultSet)
ILogEventService(org.cerberus.crud.service.ILogEventService)
PrintWriter(java.io.PrintWriter)
Example 19 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class FindTestImplementationStatusPerApplication method processRequest.
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String echo = policy.sanitize(request.getParameter("sEcho"));
String mySystem = policy.sanitize(request.getParameter("MySystem"));
String application = policy.sanitize(request.getParameter("Application"));
Connection connection = null;
JSONObject jsonResponse = new JSONObject();
try {
List<String> sArray = new ArrayList<String>();
if (!mySystem.equals("")) {
String smySystem = " `system` like '%" + mySystem + "%'";
sArray.add(smySystem);
}
JSONArray data = new JSONArray();
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IInvariantService invariantService = appContext.getBean(InvariantService.class);
DatabaseSpring database = appContext.getBean(DatabaseSpring.class);
connection = database.connect();
AnswerList answer = invariantService.readByIdnameGp1("TCSTATUS", "Y");
List<Invariant> myInvariants = answer.getDataList();
StringBuilder SQL = new StringBuilder();
StringBuilder SQLa = new StringBuilder();
StringBuilder SQLb = new StringBuilder();
SQLa.append("SELECT t.test, count(*) as TOTAL ");
SQLb.append(" FROM testcase t ");
for (Invariant i : myInvariants) {
i.getSort();
SQLa.append(", Col");
SQLa.append(String.valueOf(i.getSort()));
SQLb.append(" LEFT JOIN (SELECT g.test, count(*) as Col");
SQLb.append(String.valueOf(i.getSort()));
SQLb.append(" FROM testcase g WHERE Status = '");
SQLb.append(i.getValue());
SQLb.append("' and application ='");
SQLb.append(application);
SQLb.append("' GROUP BY g.test) Tab");
SQLb.append(String.valueOf(i.getSort()));
SQLb.append(" ON Tab");
SQLb.append(String.valueOf(i.getSort()));
SQLb.append(".test=t.test ");
}
SQLb.append(" where t.application ='");
SQLb.append(application);
SQLb.append("'");
SQLb.append(" group by t.test");
SQL.append(SQLa);
SQL.append(SQLb);
LOG.debug(" SQL1 : " + SQL.toString());
PreparedStatement stmt_teststatus = connection.prepareStatement(SQL.toString());
try (ResultSet rs_teststatus = stmt_teststatus.executeQuery()) {
// Integer tot = 0;
List<Integer> totLine;
totLine = new ArrayList<Integer>();
for (Invariant i : myInvariants) {
totLine.add(0);
}
try {
while (rs_teststatus.next()) {
JSONArray row = new JSONArray();
StringBuilder testLink = new StringBuilder();
testLink.append("<a href=\"TestCaseList.jsp?test=");
testLink.append(rs_teststatus.getString("t.test"));
testLink.append("\">");
testLink.append(rs_teststatus.getString("t.test"));
testLink.append("</a>");
row.put(testLink.toString());
row.put(rs_teststatus.getString("TOTAL"));
for (Invariant i : myInvariants) {
i.getSort();
row.put(rs_teststatus.getString("Col" + String.valueOf(i.getSort())));
}
data.put(row);
}
// data that will be shown in the table
jsonResponse.put("aaData", data);
jsonResponse.put("sEcho", echo);
jsonResponse.put("iTotalRecords", data.length());
jsonResponse.put("iTotalDisplayRecords", data.length());
response.setContentType("application/json");
response.getWriter().print(jsonResponse.toString());
} catch (JSONException ex) {
LOG.warn(ex.toString());
} finally {
out.close();
}
} catch (SQLException ex) {
LOG.warn(" Exception trying to query '" + SQL.toString() + "' : " + ex);
} finally {
stmt_teststatus.close();
}
} catch (Exception ex) {
LOG.warn(" Exception catched : " + ex);
} finally {
try {
if (connection != null) {
connection.close();
}
} catch (SQLException e) {
LOG.warn(e.toString());
}
}
}
Also used :
Invariant(org.cerberus.crud.entity.Invariant)
AnswerList(org.cerberus.util.answer.AnswerList)
PolicyFactory(org.owasp.html.PolicyFactory)
SQLException(java.sql.SQLException)
IInvariantService(org.cerberus.crud.service.IInvariantService)
Connection(java.sql.Connection)
ArrayList(java.util.ArrayList)
JSONArray(org.json.JSONArray)
JSONException(org.json.JSONException)
PreparedStatement(java.sql.PreparedStatement)
ServletException(javax.servlet.ServletException)
SQLException(java.sql.SQLException)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
DatabaseSpring(org.cerberus.database.DatabaseSpring)
ResultSet(java.sql.ResultSet)
PrintWriter(java.io.PrintWriter)
Example 20 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetEnvironmentsPerBuildRevision method doPost.
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = true;
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse = new JSONObject();
if (request.getParameter("system") != null) {
answer = findBuildRevList(system, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
PolicyFactory(org.owasp.html.PolicyFactory)
JSONObject(org.json.JSONObject)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONException(org.json.JSONException)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Aggregations
PolicyFactory (org.owasp.html.PolicyFactory)123
ApplicationContext (org.springframework.context.ApplicationContext)116
JSONObject (org.json.JSONObject)115
MessageEvent (org.cerberus.engine.entity.MessageEvent)93
AnswerItem (org.cerberus.util.answer.AnswerItem)74
JSONException (org.json.JSONException)70
ILogEventService (org.cerberus.crud.service.ILogEventService)62
Answer (org.cerberus.util.answer.Answer)60
CerberusException (org.cerberus.exception.CerberusException)35
IOException (java.io.IOException)32
ServletException (javax.servlet.ServletException)31
JSONArray (org.json.JSONArray)24
ITestCaseService (org.cerberus.crud.service.ITestCaseService)19
TestCase (org.cerberus.crud.entity.TestCase)17
ArrayList (java.util.ArrayList)14
LogEventService (org.cerberus.crud.service.impl.LogEventService)11
TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10
IParameterService (org.cerberus.crud.service.IParameterService)9
TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7
ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7
