use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetEnvironmentsLastChangePerCountry method doPost.
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String envGp = policy.sanitize(request.getParameter("envgp"));
Integer nbDays = 10;
boolean nbdays_error = false;
try {
if (request.getParameter("nbdays") != null && !request.getParameter("nbdays").equals("")) {
nbDays = Integer.valueOf(policy.sanitize(request.getParameter("nbdays")));
}
} catch (Exception ex) {
nbdays_error = true;
}
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = true;
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse = new JSONObject();
if (StringUtil.isNullOrEmpty(system)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment Last Change per Country").replace("%OPERATION%", "Read").replace("%REASON%", "System is missing."));
answer.setResultMessage(msg);
} else if (nbdays_error) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment Last Change per Country").replace("%OPERATION%", "Read").replace("%REASON%", "Could not manage to convert nbdays to an integer value."));
answer.setResultMessage(msg);
} else if (request.getParameter("system") != null) {
answer = findBuildRevList(system, envGp, nbDays, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetStepUsedAsLibraryInOtherTestCasePerApplication method processRequest.
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String echo = policy.sanitize(request.getParameter("sEcho"));
String system = policy.sanitize(request.getParameter("System"));
JSONObject jsonResponse = new JSONObject();
try {
JSONArray data = new JSONArray();
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseStepService stepService = appContext.getBean(ITestCaseStepService.class);
for (TestCaseStep tcs : stepService.getStepLibraryBySystem(system)) {
JSONArray row = new JSONArray();
StringBuilder testLink = new StringBuilder();
testLink.append("<a href=\"TestCaseList.jsp?test=");
testLink.append(tcs.getTest());
testLink.append("\">");
testLink.append(tcs.getTest());
testLink.append("</a>");
row.put(testLink.toString());
StringBuilder testcaseLink = new StringBuilder();
testcaseLink.append("<a href=\"TestCaseScript.jsp?test=");
testcaseLink.append(tcs.getTest());
testcaseLink.append("&testcase=");
testcaseLink.append(tcs.getTestCase());
testcaseLink.append("\">");
testcaseLink.append(tcs.getTestCase());
testcaseLink.append("</a>");
row.put(testcaseLink.toString());
row.put(tcs.getStep());
row.put(tcs.getDescription());
data.put(row);
}
// data that will be shown in the table
jsonResponse.put("aaData", data);
jsonResponse.put("sEcho", echo);
jsonResponse.put("iTotalRecords", data.length());
jsonResponse.put("iTotalDisplayRecords", data.length());
response.setContentType("application/json");
response.getWriter().print(jsonResponse.toString());
} catch (JSONException ex) {
LOG.warn(ex.toString());
} catch (CerberusException ex) {
LOG.warn(ex);
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class DisableEnvironment method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, JSONException {
JSONObject jsonResponse = new JSONObject();
AnswerItem answerItem = new AnswerItem();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
answerItem.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String env = policy.sanitize(request.getParameter("environment"));
// Init Answer with potencial error from Parsing parameter.
// AnswerItem answer = new AnswerItem(msg);
String eMailContent = "";
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IEmailService emailService = appContext.getBean(IEmailService.class);
ICountryEnvParamService countryEnvParamService = appContext.getBean(ICountryEnvParamService.class);
ICountryEnvParam_logService countryEnvParam_logService = appContext.getBean(ICountryEnvParam_logService.class);
ILogEventService logEventService = appContext.getBean(LogEventService.class);
if (request.getParameter("system") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "System name is missing!"));
answerItem.setResultMessage(msg);
} else if (request.getParameter("country") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "Country is missing!"));
answerItem.setResultMessage(msg);
} else if (request.getParameter("environment") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "Environment is missing!"));
answerItem.setResultMessage(msg);
} else {
// All parameters are OK we can start performing the operation.
// Getting the contryEnvParam based on the parameters.
answerItem = countryEnvParamService.readByKey(system, country, env);
if (!(answerItem.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && answerItem.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", OPERATION).replace("%REASON%", OBJECT_NAME + " ['" + system + "','" + country + "','" + env + "'] does not exist. Cannot disable it!"));
answerItem.setResultMessage(msg);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can update it.
*/
CountryEnvParam cepData = (CountryEnvParam) answerItem.getItem();
cepData.setActive(false);
Answer answer = countryEnvParamService.update(cepData);
if (!(answer.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()))) {
/**
* Object could not be updated. We stop here and report the
* error.
*/
answerItem.setResultMessage(answer.getResultMessage());
} else {
/**
* Update was successful.
*/
// Adding Log entry.
logEventService.createForPrivateCalls("/DisableEnvironment", "UPDATE", "Updated CountryEnvParam : ['" + system + "','" + country + "','" + env + "']", request);
// Adding CountryEnvParam Log entry.
countryEnvParam_logService.createLogEntry(system, country, env, "", "", "Disabled.", request.getUserPrincipal().getName());
/**
* Email notification.
*/
String OutputMessage = "";
MessageEvent me = emailService.generateAndSendDisableEnvEmail(system, country, env);
if (!"OK".equals(me.getMessage().getCodeString())) {
LOG.warn(Infos.getInstance().getProjectNameAndVersion() + " - Exception catched." + me.getMessage().getDescription());
logEventService.createForPrivateCalls("/DisableEnvironment", "DISABLE", "Warning on Disable environment : ['" + system + "','" + country + "','" + env + "'] " + me.getMessage().getDescription(), request);
OutputMessage = me.getMessage().getDescription();
}
if (OutputMessage.equals("")) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment").replace("%OPERATION%", OPERATION));
answerItem.setResultMessage(msg);
} else {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment").replace("%OPERATION%", OPERATION).concat(" Just one warning : ").concat(OutputMessage));
answerItem.setResultMessage(msg);
}
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", answerItem.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answerItem.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetNotification method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer answer = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
answer.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String env = policy.sanitize(request.getParameter("environment"));
String build = policy.sanitize(request.getParameter("build"));
String revision = policy.sanitize(request.getParameter("revision"));
String chain = policy.sanitize(request.getParameter("chain"));
// Init Answer with potencial error from Parsing parameter.
// AnswerItem answer = new AnswerItem(msg);
String eMailContent = "";
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IEmailGenerationService emailService = appContext.getBean(IEmailGenerationService.class);
if (request.getParameter("system") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get").replace("%REASON%", "System name is missing!"));
answer.setResultMessage(msg);
} else if (request.getParameter("event") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get").replace("%REASON%", "event is missing!"));
answer.setResultMessage(msg);
} else if (request.getParameter("event").equals("newbuildrevision")) {
try {
// ID parameter is specified so we return the unique record of object.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get"));
answer.setResultMessage(msg);
Email email = emailService.generateRevisionChangeEmail(system, country, env, build, revision);
jsonResponse.put("notificationTo", email.getTo());
jsonResponse.put("notificationCC", email.getCc());
jsonResponse.put("notificationSubject", email.getSubject());
jsonResponse.put("notificationBody", email.getBody());
} catch (Exception ex) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get").replace("%REASON%", ex.toString()));
answer.setResultMessage(msg);
}
} else if (request.getParameter("event").equals("disableenvironment")) {
try {
// ID parameter is specified so we return the unique record of object.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get"));
answer.setResultMessage(msg);
Email email = emailService.generateDisableEnvEmail(system, country, env);
jsonResponse.put("notificationTo", email.getTo());
jsonResponse.put("notificationCC", email.getCc());
jsonResponse.put("notificationSubject", email.getSubject());
jsonResponse.put("notificationBody", email.getBody());
} catch (Exception ex) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get").replace("%REASON%", ex.toString()));
answer.setResultMessage(msg);
}
} else if (request.getParameter("event").equals("newchain")) {
try {
// ID parameter is specified so we return the unique record of object.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get"));
answer.setResultMessage(msg);
Email email = emailService.generateNewChainEmail(system, country, env, chain);
jsonResponse.put("notificationTo", email.getTo());
jsonResponse.put("notificationCC", email.getCc());
jsonResponse.put("notificationSubject", email.getSubject());
jsonResponse.put("notificationBody", email.getBody());
} catch (Exception ex) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get").replace("%REASON%", ex.toString()));
answer.setResultMessage(msg);
}
} else {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "GetNotification").replace("%OPERATION%", "Get").replace("%REASON%", "Unknown invalidityReason!"));
answer.setResultMessage(msg);
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class NewBuildRev method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, JSONException {
JSONObject jsonResponse = new JSONObject();
AnswerItem answerItem = new AnswerItem();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
answerItem.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String env = policy.sanitize(request.getParameter("environment"));
String build = policy.sanitize(request.getParameter("build"));
String revision = policy.sanitize(request.getParameter("revision"));
// Init Answer with potencial error from Parsing parameter.
// AnswerItem answer = new AnswerItem(msg);
String eMailContent;
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IEmailService emailService = appContext.getBean(IEmailService.class);
IEmailGenerationService emailGenerationService = appContext.getBean(IEmailGenerationService.class);
IParameterService parameterService = appContext.getBean(IParameterService.class);
ICountryEnvParamService countryEnvParamService = appContext.getBean(ICountryEnvParamService.class);
ICountryEnvParam_logService countryEnvParam_logService = appContext.getBean(ICountryEnvParam_logService.class);
ILogEventService logEventService = appContext.getBean(LogEventService.class);
if (request.getParameter("system") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "System name is missing!"));
answerItem.setResultMessage(msg);
} else if (request.getParameter("country") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "Country is missing!"));
answerItem.setResultMessage(msg);
} else if (request.getParameter("environment") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "Environment is missing!"));
answerItem.setResultMessage(msg);
} else if (request.getParameter("build") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "Build is missing!"));
answerItem.setResultMessage(msg);
} else if (request.getParameter("revision") == null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", ITEM).replace("%OPERATION%", OPERATION).replace("%REASON%", "Revision is missing!"));
answerItem.setResultMessage(msg);
} else {
// All parameters are OK we can start performing the operation.
// Getting the contryEnvParam based on the parameters.
answerItem = countryEnvParamService.readByKey(system, country, env);
if (!(answerItem.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && answerItem.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", OPERATION).replace("%REASON%", OBJECT_NAME + " ['" + system + "','" + country + "','" + env + "'] does not exist. Cannot activate it!"));
answerItem.setResultMessage(msg);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can update it.
*/
// Email Calculation. Email must be calcuated before we update the Build and revision in order to have the old build revision still available in the mail.
String OutputMessage = "";
Email email = null;
try {
email = emailGenerationService.generateRevisionChangeEmail(system, country, env, build, revision);
} catch (Exception ex) {
LOG.warn(Infos.getInstance().getProjectNameAndVersion() + " - Exception catched.", ex);
logEventService.createForPrivateCalls("/NewBuildRev", "NEWBUILDREV", "Warning on New Build/Revision environment : ['" + system + "','" + country + "','" + env + "'] " + ex.getMessage(), request);
OutputMessage = ex.getMessage();
}
// We update the object.
CountryEnvParam cepData = (CountryEnvParam) answerItem.getItem();
cepData.setBuild(build);
cepData.setRevision(revision);
cepData.setActive(true);
Answer answer = countryEnvParamService.update(cepData);
if (!(answer.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()))) {
/**
* Object could not be updated. We stop here and report the
* error.
*/
answerItem.setResultMessage(answer.getResultMessage());
} else {
/**
* Update was successful.
*/
// Adding Log entry.
logEventService.createForPrivateCalls("/NewBuildRev", "UPDATE", "Updated CountryEnvParam : ['" + system + "','" + country + "','" + env + "']", request);
// Adding CountryEnvParam Log entry.
countryEnvParam_logService.createLogEntry(system, country, env, build, revision, "New Build Revision.", request.getUserPrincipal().getName());
/**
* Email notification.
*/
try {
emailService.sendHtmlMail(email);
} catch (Exception e) {
LOG.warn(Infos.getInstance().getProjectNameAndVersion() + " - Exception catched.", e);
logEventService.createForPrivateCalls("/NewBuildRev", "NEWBUILDREV", "Warning on New Build/Revision environment : ['" + system + "','" + country + "','" + env + "'] " + e.getMessage(), request);
OutputMessage = e.getMessage();
}
if (OutputMessage.equals("")) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment").replace("%OPERATION%", OPERATION));
answerItem.setResultMessage(msg);
} else {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment").replace("%OPERATION%", OPERATION).concat(" Just one warning : ").concat(OutputMessage));
answerItem.setResultMessage(msg);
}
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", answerItem.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answerItem.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Aggregations