Example 36 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class ReadInvariant method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
invariantService = appContext.getBean(InvariantService.class);
String charset = request.getCharacterEncoding();
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// type=public or private? //TODO?
try {
AnswerItem answer;
JSONObject jsonResponse = new JSONObject();
String access = request.getParameter("access");
if (request.getParameter("idName") == null && access != null) {
if (!Strings.isNullOrEmpty(request.getParameter("columnName"))) {
answer = findDistinctValuesOfColumn(appContext, request, request.getParameter("columnName"), access);
jsonResponse = (JSONObject) answer.getItem();
} else {
answer = findInvariantList(appContext, access, request, response);
jsonResponse = (JSONObject) answer.getItem();
}
} else if (request.getParameter("value") == null) {
// loads the list of invariants
String idName = policy.sanitize(request.getParameter("idName"));
answer = findInvariantListByIdName(appContext, access, idName);
jsonResponse = (JSONObject) answer.getItem();
} else {
String idName = request.getParameter("idName");
String value = request.getParameter("value");
try {
answer = findInvariantListBykey(appContext, idName, value);
JSONObject inv = new JSONObject();
inv = convertInvariantToJSONObject((Invariant) answer.getItem());
inv.put("hasPermissionsUpdate", invariantService.hasPermissionsUpdate((Invariant) answer.getItem(), request));
jsonResponse.put("contentTable", inv);
} catch (CerberusException e) {
answer = new AnswerItem();
MessageEvent msg = new MessageEvent(MessageEventEnum.ACTION_FAILED);
answer.setResultMessage(msg);
}
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
// TODO:FN check if this makes sense
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
// returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
CerberusException(org.cerberus.exception.CerberusException)
PolicyFactory(org.owasp.html.PolicyFactory)
JSONObject(org.json.JSONObject)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONException(org.json.JSONException)
InvariantService(org.cerberus.crud.service.impl.InvariantService)
IInvariantService(org.cerberus.crud.service.IInvariantService)
AnswerItem(org.cerberus.util.answer.AnswerItem)
Example 37 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class SaveTestCaseLabel method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
String charset = request.getCharacterEncoding();
String usr = request.getUserPrincipal().getName();
testCaseLabelService = appContext.getBean(ITestCaseLabelService.class);
testCaseLabelFactory = appContext.getBean(IFactoryTestCaseLabel.class);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
String test = policy.sanitize(request.getParameter("test"));
String testcase = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("testcase"), "", charset);
String[] labelIdList = request.getParameterValues("labelid");
/**
* Checking all constrains before calling the services.
*/
if (test.isEmpty() || testcase.isEmpty()) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseLabel").replace("%OPERATION%", "Save").replace("%REASON%", "Mandatory parameter is missing. [test|testcase]"));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
List<TestCaseLabel> toSave = new ArrayList();
if (null != labelIdList && labelIdList.length != 0) {
Timestamp creationDate = new Timestamp(new Date().getTime());
for (String lableId : labelIdList) {
toSave.add(testCaseLabelFactory.create(0, test, testcase, Integer.valueOf(lableId), usr, creationDate, usr, creationDate, null));
}
}
List<TestCaseLabel> existingList = testCaseLabelService.readByTestTestCase(test, testcase).getDataList();
testCaseLabelService.compareListAndUpdateInsertDeleteElements(test, testcase, toSave);
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCaseLabel").replace("%OPERATION%", "Save"));
ans.setResultMessage(msg);
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
TestCaseLabel(org.cerberus.crud.entity.TestCaseLabel)
IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel)
ArrayList(java.util.ArrayList)
Timestamp(java.sql.Timestamp)
Date(java.util.Date)
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
ITestCaseLabelService(org.cerberus.crud.service.ITestCaseLabelService)
IFactoryTestCaseLabel(org.cerberus.crud.factory.IFactoryTestCaseLabel)
Example 38 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class UpdateApplication method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String charset = request.getCharacterEncoding();
ICountryEnvironmentParametersService ceaService = appContext.getBean(ICountryEnvironmentParametersService.class);
IFactoryCountryEnvironmentParameters cedFactory = appContext.getBean(IFactoryCountryEnvironmentParameters.class);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
String system = policy.sanitize(request.getParameter("system"));
String type = policy.sanitize(request.getParameter("type"));
String deployType = policy.sanitize(request.getParameter("deploytype"));
// Parameter that needs to be secured --> We SECURE+DECODE them
String application = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("application"), null, charset);
String originalApplication = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("originalApplication"), null, charset);
String subSystem = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("subsystem"), "", charset);
String mavenGpID = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("mavengroupid"), "", charset);
String description = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("description"), "", charset);
// Parameter that we cannot secure as we need the html --> We DECODE them
String svnURL = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("svnurl"), "", charset);
String bugTrackerURL = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("bugtrackerurl"), "", charset);
String newBugURL = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("bugtrackernewurl"), "", charset);
Integer sort = 10;
boolean sort_error = false;
try {
if (request.getParameter("sort") != null && !request.getParameter("sort").equals("")) {
sort = Integer.valueOf(policy.sanitize(request.getParameter("sort")));
}
} catch (Exception ex) {
sort_error = true;
}
// Getting list of application from JSON Call
JSONArray objApplicationArray = new JSONArray(request.getParameter("environmentList"));
List<CountryEnvironmentParameters> ceaList = new ArrayList();
ceaList = getCountryEnvironmentApplicationFromParameter(request, appContext, system, application, objApplicationArray);
// Prepare the final answer.
MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
Answer finalAnswer = new Answer(msg1);
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(application)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Application").replace("%OPERATION%", "Update").replace("%REASON%", "Application ID (application) is missing."));
ans.setResultMessage(msg);
} else if (StringUtil.isNullOrEmpty(system)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Application").replace("%OPERATION%", "Update").replace("%REASON%", "System is missing!"));
ans.setResultMessage(msg);
} else if (sort_error) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Application").replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert sort to an integer value."));
ans.setResultMessage(msg);
} else {
/**
* All data seems cleans so we can call the services.
*/
IApplicationService applicationService = appContext.getBean(IApplicationService.class);
AnswerItem resp = applicationService.readByKey(originalApplication);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can update it.
*/
Application applicationData = (Application) resp.getItem();
applicationData.setApplication(application);
applicationData.setSystem(system);
applicationData.setSubsystem(subSystem);
applicationData.setType(type);
applicationData.setMavengroupid(mavenGpID);
applicationData.setDeploytype(deployType);
applicationData.setSvnurl(svnURL);
applicationData.setBugTrackerUrl(bugTrackerURL);
applicationData.setBugTrackerNewUrl(newBugURL);
applicationData.setDescription(description);
applicationData.setSort(sort);
applicationData.setUsrModif(request.getRemoteUser());
ans = applicationService.update(originalApplication, applicationData);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Update was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/UpdateApplication", "UPDATE", "Updated Application : ['" + originalApplication + "']", request);
// Update the Database with the new list.
ans = ceaService.compareListAndUpdateInsertDeleteElements(system, application, ceaList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONArray(org.json.JSONArray)
ArrayList(java.util.ArrayList)
AnswerItem(org.cerberus.util.answer.AnswerItem)
ServletException(javax.servlet.ServletException)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
CerberusException(org.cerberus.exception.CerberusException)
ICountryEnvironmentParametersService(org.cerberus.crud.service.ICountryEnvironmentParametersService)
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
IFactoryCountryEnvironmentParameters(org.cerberus.crud.factory.IFactoryCountryEnvironmentParameters)
CountryEnvironmentParameters(org.cerberus.crud.entity.CountryEnvironmentParameters)
ILogEventService(org.cerberus.crud.service.ILogEventService)
IFactoryCountryEnvironmentParameters(org.cerberus.crud.factory.IFactoryCountryEnvironmentParameters)
Application(org.cerberus.crud.entity.Application)
IApplicationService(org.cerberus.crud.service.IApplicationService)
Example 39 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class UpdateCountryEnvParam method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String charset = request.getCharacterEncoding();
ICountryEnvironmentDatabaseService cebService = appContext.getBean(ICountryEnvironmentDatabaseService.class);
ICountryEnvironmentParametersService ceaService = appContext.getBean(ICountryEnvironmentParametersService.class);
ICountryEnvDeployTypeService cedService = appContext.getBean(ICountryEnvDeployTypeService.class);
ICountryEnvLinkService celService = appContext.getBean(ICountryEnvLinkService.class);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
String system = policy.sanitize(request.getParameter("system"));
String country = policy.sanitize(request.getParameter("country"));
String environment = policy.sanitize(request.getParameter("environment"));
String type = policy.sanitize(request.getParameter("type"));
String chain = policy.sanitize(request.getParameter("chain"));
boolean maintenanceAct = ParameterParserUtil.parseBooleanParam(request.getParameter("maintenanceAct"), true);
// Parameter that needs to be secured --> We SECURE+DECODE them
String description = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("description"), "", charset);
String maintenanceStr = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("maintenanceStr"), "01:00:00", charset);
String maintenanceEnd = ParameterParserUtil.parseStringParamAndDecodeAndSanitize(request.getParameter("maintenanceEnd"), "01:00:00", charset);
// Parameter that we cannot secure as we need the html --> We DECODE them
String distribList = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("distribList"), "", charset);
String eMailBodyRevision = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("eMailBodyRevision"), "", charset);
String eMailBodyChain = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("eMailBodyChain"), "", charset);
String eMailBodyDisableEnvironment = ParameterParserUtil.parseStringParamAndDecode(request.getParameter("eMailBodyDisableEnvironment"), "", charset);
// Getting list of database from JSON Call
JSONArray objDatabaseArray = new JSONArray(request.getParameter("database"));
List<CountryEnvironmentDatabase> cebList;
cebList = getCountryEnvironmentDatabaseFromParameter(request, appContext, system, country, environment, objDatabaseArray);
// Getting list of application from JSON Call
JSONArray objApplicationArray = new JSONArray(request.getParameter("application"));
List<CountryEnvironmentParameters> ceaList;
ceaList = getCountryEnvironmentApplicationFromParameter(request, appContext, system, country, environment, objApplicationArray);
// Getting list of database from JSON Call
JSONArray objDeployTypeArray = new JSONArray(request.getParameter("deployType"));
List<CountryEnvDeployType> cedList;
cedList = getCountryEnvironmentDeployTypeFromParameter(request, appContext, system, country, environment, objDeployTypeArray);
// Getting list of database from JSON Call
JSONArray objDepArray = new JSONArray(request.getParameter("dependencies"));
List<CountryEnvLink> celList;
celList = getCountryEnvironmentLinkFromParameter(request, appContext, system, country, environment, objDepArray);
// Prepare the final answer.
MessageEvent msg1 = new MessageEvent(MessageEventEnum.GENERIC_OK);
Answer finalAnswer = new Answer(msg1);
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(system)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Update").replace("%REASON%", "System is missing"));
ans.setResultMessage(msg);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
} else if (StringUtil.isNullOrEmpty(country)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Update").replace("%REASON%", "Country is missing"));
ans.setResultMessage(msg);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
} else if (StringUtil.isNullOrEmpty(environment)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Update").replace("%REASON%", "Environment is missing"));
ans.setResultMessage(msg);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
} else {
/**
* All data seems cleans so we can call the services.
*/
ICountryEnvParamService cepService = appContext.getBean(ICountryEnvParamService.class);
AnswerItem resp = cepService.readByKey(system, country, environment);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) resp);
} else {
/**
* The service was able to perform the query and confirm the
* object exist, then we can update it.
*/
CountryEnvParam cepData = (CountryEnvParam) resp.getItem();
cepData.setDescription(description);
cepData.setDistribList(distribList);
cepData.seteMailBodyRevision(eMailBodyRevision);
cepData.setType(type);
cepData.seteMailBodyChain(eMailBodyChain);
cepData.seteMailBodyDisableEnvironment(eMailBodyDisableEnvironment);
if (request.getParameter("maintenanceAct") != null) {
cepData.setMaintenanceAct(maintenanceAct);
}
cepData.setMaintenanceStr(maintenanceStr);
cepData.setMaintenanceEnd(maintenanceEnd);
cepData.setChain(chain);
ans = cepService.update(cepData);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Update was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/UpdateCountryEnvParam", "UPDATE", "Updated CountryEnvParam : ['" + system + "','" + country + "','" + environment + "']", request);
}
// Update the Database with the new list.
ans = cebService.compareListAndUpdateInsertDeleteElements(system, country, environment, cebList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
// Update the Database with the new list.
ans = ceaService.compareListAndUpdateInsertDeleteElements(system, country, environment, ceaList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
// Update the Database with the new list.
ans = cedService.compareListAndUpdateInsertDeleteElements(system, country, environment, cedList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
// Update the Database with the new list.
ans = celService.compareListAndUpdateInsertDeleteElements(system, country, environment, celList);
finalAnswer = AnswerUtil.agregateAnswer(finalAnswer, (Answer) ans);
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", finalAnswer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", finalAnswer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Also used :
CountryEnvDeployType(org.cerberus.crud.entity.CountryEnvDeployType)
IFactoryCountryEnvDeployType(org.cerberus.crud.factory.IFactoryCountryEnvDeployType)
PolicyFactory(org.owasp.html.PolicyFactory)
MessageEvent(org.cerberus.engine.entity.MessageEvent)
JSONArray(org.json.JSONArray)
ICountryEnvDeployTypeService(org.cerberus.crud.service.ICountryEnvDeployTypeService)
AnswerItem(org.cerberus.util.answer.AnswerItem)
ICountryEnvironmentParametersService(org.cerberus.crud.service.ICountryEnvironmentParametersService)
Answer(org.cerberus.util.answer.Answer)
ApplicationContext(org.springframework.context.ApplicationContext)
JSONObject(org.json.JSONObject)
CountryEnvLink(org.cerberus.crud.entity.CountryEnvLink)
IFactoryCountryEnvLink(org.cerberus.crud.factory.IFactoryCountryEnvLink)
ICountryEnvLinkService(org.cerberus.crud.service.ICountryEnvLinkService)
IFactoryCountryEnvironmentParameters(org.cerberus.crud.factory.IFactoryCountryEnvironmentParameters)
CountryEnvironmentParameters(org.cerberus.crud.entity.CountryEnvironmentParameters)
ILogEventService(org.cerberus.crud.service.ILogEventService)
ICountryEnvironmentDatabaseService(org.cerberus.crud.service.ICountryEnvironmentDatabaseService)
ICountryEnvParamService(org.cerberus.crud.service.ICountryEnvParamService)
CountryEnvParam(org.cerberus.crud.entity.CountryEnvParam)
CountryEnvironmentDatabase(org.cerberus.crud.entity.CountryEnvironmentDatabase)
IFactoryCountryEnvironmentDatabase(org.cerberus.crud.factory.IFactoryCountryEnvironmentDatabase)
Example 40 with PolicyFactory
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class CalculatePropertyForTestCase method doGet.
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS);
String type = policy.sanitize(httpServletRequest.getParameter("type"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
String result = null;
String description = null;
String system = "";
String property = httpServletRequest.getParameter("property");
String testName = policy.sanitize(httpServletRequest.getParameter("test"));
String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
String country = policy.sanitize(httpServletRequest.getParameter("country"));
String environment = policy.sanitize(httpServletRequest.getParameter("environment"));
try {
if (type.equals("executeSoapFromLib")) {
IAppServiceService appServiceService = appContext.getBean(AppServiceService.class);
ISoapService soapService = appContext.getBean(ISoapService.class);
IXmlUnitService xmlUnitService = appContext.getBean(IXmlUnitService.class);
AppService appService = appServiceService.findAppServiceByKey(property);
if (appService != null) {
ExecutionUUID executionUUIDObject = appContext.getBean(ExecutionUUID.class);
UUID executionUUID = UUID.randomUUID();
executionUUIDObject.setExecutionUUID(executionUUID.toString(), null);
soapService.callSOAP(appService.getServiceRequest(), appService.getServicePath(), appService.getOperation(), appService.getAttachementURL(), null, null, 60000, system);
result = xmlUnitService.getFromXml(executionUUID.toString(), appService.getAttachementURL());
description = appService.getDescription();
executionUUIDObject.removeExecutionUUID(executionUUID.toString());
LOG.debug("Clean ExecutionUUID");
}
} else {
try {
ITestCaseService testCaseService = appContext.getBean(TestCaseService.class);
IApplicationService applicationService = appContext.getBean(ApplicationService.class);
TestCase testCase = testCaseService.findTestCaseByKey(testName, testCaseName);
if (testCase != null) {
system = applicationService.convert(applicationService.readByKey(testCase.getApplication())).getSystem();
} else {
throw new CerberusException(new MessageGeneral(MessageGeneralEnum.NO_DATA_FOUND));
}
} catch (CerberusException ex) {
LOG.warn(ex);
}
if (system != null) {
String database = policy.sanitize(httpServletRequest.getParameter("database"));
ICountryEnvironmentDatabaseService countryEnvironmentDatabaseService = appContext.getBean(CountryEnvironmentDatabaseService.class);
CountryEnvironmentDatabase countryEnvironmentDatabase;
countryEnvironmentDatabase = countryEnvironmentDatabaseService.convert(countryEnvironmentDatabaseService.readByKey(system, country, environment, database));
String connectionName = countryEnvironmentDatabase.getConnectionPoolName();
if (type.equals("executeSqlFromLib")) {
ISqlLibraryService sqlLibraryService = appContext.getBean(SqlLibraryService.class);
SqlLibrary sl = sqlLibraryService.findSqlLibraryByKey(policy.sanitize(property));
property = sl.getScript();
if (!(StringUtil.isNullOrEmpty(connectionName)) && !(StringUtil.isNullOrEmpty(policy.sanitize(property)))) {
ISQLService sqlService = appContext.getBean(ISQLService.class);
IParameterService parameterService = appContext.getBean(IParameterService.class);
Integer sqlTimeout = parameterService.getParameterIntegerByKey("cerberus_propertyexternalsql_timeout", system, 60);
result = sqlService.queryDatabase(connectionName, policy.sanitize(property), 1, sqlTimeout).get(0);
description = sl.getDescription();
}
}
}
}
} catch (CerberusException ex) {
LOG.warn(ex);
result = ex.getMessageError().getDescription();
description = ex.getMessageError().getDescription();
} catch (CerberusEventException ex) {
LOG.warn(ex);
result = ex.getMessageError().getDescription();
description = ex.getMessageError().getDescription();
}
if (result != null) {
try {
JSONObject jsonObject = new JSONObject();
jsonObject.put("resultList", result);
jsonObject.put("description", description);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
}
Also used :
AppService(org.cerberus.crud.entity.AppService)
CerberusException(org.cerberus.exception.CerberusException)
PolicyFactory(org.owasp.html.PolicyFactory)
ExecutionUUID(org.cerberus.engine.entity.ExecutionUUID)
SqlLibrary(org.cerberus.crud.entity.SqlLibrary)
JSONException(org.json.JSONException)
IAppServiceService(org.cerberus.crud.service.IAppServiceService)
IParameterService(org.cerberus.crud.service.IParameterService)
CerberusEventException(org.cerberus.exception.CerberusEventException)
ApplicationContext(org.springframework.context.ApplicationContext)
ISQLService(org.cerberus.service.sql.ISQLService)
MessageGeneral(org.cerberus.engine.entity.MessageGeneral)
JSONObject(org.json.JSONObject)
ISoapService(org.cerberus.service.soap.ISoapService)
TestCase(org.cerberus.crud.entity.TestCase)
ITestCaseService(org.cerberus.crud.service.ITestCaseService)
ISqlLibraryService(org.cerberus.crud.service.ISqlLibraryService)
ICountryEnvironmentDatabaseService(org.cerberus.crud.service.ICountryEnvironmentDatabaseService)
UUID(java.util.UUID)
ExecutionUUID(org.cerberus.engine.entity.ExecutionUUID)
IXmlUnitService(org.cerberus.service.xmlunit.IXmlUnitService)
IApplicationService(org.cerberus.crud.service.IApplicationService)
CountryEnvironmentDatabase(org.cerberus.crud.entity.CountryEnvironmentDatabase)
Aggregations
PolicyFactory (org.owasp.html.PolicyFactory)123
ApplicationContext (org.springframework.context.ApplicationContext)116
JSONObject (org.json.JSONObject)115
MessageEvent (org.cerberus.engine.entity.MessageEvent)93
AnswerItem (org.cerberus.util.answer.AnswerItem)74
JSONException (org.json.JSONException)70
ILogEventService (org.cerberus.crud.service.ILogEventService)62
Answer (org.cerberus.util.answer.Answer)60
CerberusException (org.cerberus.exception.CerberusException)35
IOException (java.io.IOException)32
ServletException (javax.servlet.ServletException)31
JSONArray (org.json.JSONArray)24
ITestCaseService (org.cerberus.crud.service.ITestCaseService)19
TestCase (org.cerberus.crud.entity.TestCase)17
ArrayList (java.util.ArrayList)14
LogEventService (org.cerberus.crud.service.impl.LogEventService)11
TestCaseStep (org.cerberus.crud.entity.TestCaseStep)10
IParameterService (org.cerberus.crud.service.IParameterService)9
TestCaseCountry (org.cerberus.crud.entity.TestCaseCountry)7
ICountryEnvParamService (org.cerberus.crud.service.ICountryEnvParamService)7
