use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetTestCase method doGet.
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
try {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
// TODO pass DAO to Service
ITestCaseCountryPropertiesDAO testCaseDAO = appContext.getBean(TestCaseCountryPropertiesDAO.class);
ILoadTestCaseService loadTestCaseService = appContext.getBean(ILoadTestCaseService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
String testcase = policy.sanitize(httpServletRequest.getParameter("testcase"));
TestCase tcInfo = testService.findTestCaseByKeyWithDependency(test, testcase);
JSONObject jsonObject = new JSONObject();
try {
jsonObject.put("origin", tcInfo.getOrigine());
jsonObject.put("refOrigin", tcInfo.getRefOrigine());
jsonObject.put("creator", tcInfo.getUsrCreated());
jsonObject.put("implementer", tcInfo.getImplementer());
jsonObject.put("lastModifier", tcInfo.getUsrModif());
jsonObject.put("project", tcInfo.getProject());
jsonObject.put("ticket", tcInfo.getTicket());
jsonObject.put("application", tcInfo.getApplication());
jsonObject.put("runQA", tcInfo.getActiveQA());
jsonObject.put("runUAT", tcInfo.getActiveUAT());
jsonObject.put("runPROD", tcInfo.getActivePROD());
jsonObject.put("priority", tcInfo.getPriority());
jsonObject.put("group", tcInfo.getGroup());
jsonObject.put("status", tcInfo.getStatus());
JSONArray countryList = new JSONArray();
for (TestCaseCountry tcc : tcInfo.getTestCaseCountry()) {
countryList.put(tcc.getCountry());
}
jsonObject.put("countriesList", countryList);
jsonObject.put("shortDescription", tcInfo.getDescription());
jsonObject.put("description", tcInfo.getBehaviorOrValueExpected());
jsonObject.put("howTo", tcInfo.getHowTo());
jsonObject.put("active", tcInfo.getTcActive());
jsonObject.put("fromSprint", tcInfo.getFromBuild());
jsonObject.put("fromRevision", tcInfo.getFromRev());
jsonObject.put("toSprint", tcInfo.getToBuild());
jsonObject.put("toRevision", tcInfo.getToRev());
jsonObject.put("lastExecutionStatus", tcInfo.getLastExecutionStatus());
jsonObject.put("bugID", tcInfo.getBugID());
jsonObject.put("targetSprint", tcInfo.getTargetBuild());
jsonObject.put("targetRevision", tcInfo.getTargetRev());
jsonObject.put("comment", tcInfo.getComment());
jsonObject.put("test", tcInfo.getTest());
jsonObject.put("testcase", tcInfo.getTestCase());
JSONArray propertyList = new JSONArray();
List<TestCaseCountryProperties> properties = testCaseDAO.findDistinctPropertiesOfTestCase(test, testcase);
for (TestCaseCountryProperties prop : properties) {
JSONObject property = new JSONObject();
property.put("property", prop.getProperty());
property.put("description", prop.getDescription());
property.put("type", prop.getType());
property.put("database", prop.getDatabase());
property.put("value1", prop.getValue1());
property.put("value2", prop.getValue2());
property.put("length", prop.getLength());
property.put("rowLimit", prop.getRowLimit());
property.put("nature", prop.getNature());
List<String> countriesSelected = testCaseDAO.findCountryByProperty(prop);
for (TestCaseCountry tcc : tcInfo.getTestCaseCountry()) {
if (!(countriesSelected == null) && (countriesSelected.contains(tcc.getCountry()))) {
property.put(tcc.getCountry(), true);
} else {
property.put(tcc.getCountry(), false);
}
}
propertyList.put(property);
}
jsonObject.put("properties", propertyList);
List<TestCaseStep> tcs = loadTestCaseService.loadTestCaseStep(tcInfo);
JSONArray list = new JSONArray();
for (TestCaseStep step : tcs) {
JSONObject stepObject = new JSONObject();
stepObject.put("number", step.getStep());
stepObject.put("name", step.getDescription());
int i = 1;
JSONArray actionList = new JSONArray();
JSONArray controlList = new JSONArray();
JSONArray sequenceList = new JSONArray();
for (TestCaseStepAction action : step.getTestCaseStepAction()) {
JSONObject actionObject = new JSONObject();
actionObject.put("sequence", i);
actionObject.put("action", action.getAction());
actionObject.put("object", action.getValue1());
actionObject.put("property", action.getValue2());
actionObject.put("fatal", "");
actionList.put(actionObject);
sequenceList.put(actionObject);
for (TestCaseStepActionControl control : action.getTestCaseStepActionControl()) {
JSONObject controlObject = new JSONObject();
controlObject.put("step", control.getStep());
controlObject.put("sequence", control.getSequence());
controlObject.put("order", control.getControlSequence());
controlObject.put("action", control.getControl());
controlObject.put("object", control.getValue2());
controlObject.put("property", control.getValue1());
controlObject.put("fatal", control.getFatal());
controlList.put(controlObject);
// test
controlObject = new JSONObject();
controlObject.put("sequence", i);
controlObject.put("action", control.getControl());
controlObject.put("object", control.getValue2());
controlObject.put("property", control.getValue1());
controlObject.put("fatal", control.getFatal());
sequenceList.put(controlObject);
}
i++;
}
stepObject.put("actions", actionList);
stepObject.put("controls", controlList);
stepObject.put("sequences", sequenceList);
list.put(stepObject);
}
// jsonObject.put("actions", actionList);
// jsonObject.put("controls", controlList);
jsonObject.put("list", list);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
} catch (CerberusException ex) {
LOG.warn(ex);
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class GetTestCaseList method doGet.
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
for (TestCase testcase : testService.findTestCaseByTest(test)) {
array.put(testcase.getTestCase());
}
try {
jsonObject.put("testcasesList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class DeleteTestCaseFromTestPage method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String[] tcToDelete = request.getParameterValues("test_testcase_delete");
String testToDelete = policy.sanitize(request.getParameter("test_of_page"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService tcService = appContext.getBean(ITestCaseService.class);
ITestCaseStepService tcsService = appContext.getBean(ITestCaseStepService.class);
try {
for (String ttd : tcToDelete) {
TestCase testCase = tcService.findTestCaseByKey(testToDelete, ttd);
if (testCase != null) {
List<TestCaseStep> tcsList = tcsService.getTestCaseStepUsingTestCaseInParamter(testCase.getTest(), testCase.getTestCase());
if (tcsList != null && !tcsList.isEmpty()) {
response.sendError(403, MessageGeneralEnum.GUI_TESTCASE_DELETE_USED_STEP.getDescription());
return;
}
tcService.deleteTestCase(testCase);
} else {
throw new CerberusException(new MessageGeneral(MessageGeneralEnum.NO_DATA_FOUND));
}
}
} catch (CerberusException ex) {
LOG.warn(ex);
}
response.sendRedirect("Test.jsp?stestbox=" + testToDelete);
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class DeleteTestCaseLabel method processRequest.
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException, JSONException {
JSONObject jsonResponse = new JSONObject();
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ILogEventService logEventService = appContext.getBean(LogEventService.class);
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String charset = request.getCharacterEncoding();
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
// Parameter that are already controled by GUI (no need to decode) --> We SECURE them
// Parameter that needs to be secured --> We SECURE+DECODE them
// Parameter that we cannot secure as we need the html --> We DECODE them
Integer myIdInt = 0;
String[] myLabelIdList = request.getParameterValues("labelid");
String[] myTestList = request.getParameterValues("test");
String[] myTestCaseList = request.getParameterValues("testcase");
if ((myTestList.length == 0) || (myTestCaseList.length == 0) || (myLabelIdList.length == 0)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Create").replace("%REASON%", "Missing Parameter (either test, testcase or labelid)."));
ans.setResultMessage(msg);
} else if (myTestList.length != myTestCaseList.length) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Create").replace("%REASON%", "Number of Test does not match number of testcase."));
ans.setResultMessage(msg);
}
StringBuilder output_message = new StringBuilder();
int massErrorCounter = 0;
for (int i = 0; i < myLabelIdList.length; i++) {
String myLabelId = myLabelIdList[i];
myIdInt = 0;
boolean label_error = true;
try {
if (myLabelId != null && !myLabelId.equals("")) {
myIdInt = Integer.valueOf(policy.sanitize(myLabelId));
label_error = false;
}
} catch (Exception ex) {
label_error = true;
}
/**
* Checking all constrains before calling the services.
*/
if (label_error) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Update").replace("%REASON%", "Could not manage to convert labelid to an integer value or labelid is missing."));
ans.setResultMessage(msg);
massErrorCounter++;
output_message.append("<br>id : ").append(myLabelId).append(" - ").append(msg.getDescription());
} else {
/**
* All data seems cleans so we can call the services.
*/
ILabelService labelService = appContext.getBean(ILabelService.class);
IFactoryTestCaseLabel factoryTestCaseLabel = appContext.getBean(IFactoryTestCaseLabel.class);
ITestCaseLabelService testCaseLabelService = appContext.getBean(ITestCaseLabelService.class);
AnswerItem resp = labelService.readByKey(myIdInt);
if (!(resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
/**
* Object could not be found. We stop here and report the
* error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Delete").replace("%REASON%", "Label does not exist."));
ans.setResultMessage(msg);
massErrorCounter++;
output_message.append("<br>labelid : ").append(myLabelId).append(" - ").append(msg.getDescription());
} else {
for (int j = 0; j < myTestList.length; j++) {
/**
* The service was able to perform the query and confirm
* the object exist, then we can create it.
*/
resp = testCaseLabelService.readByKey(myTestList[j], myTestCaseList[j], myIdInt);
if ((resp.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && resp.getItem() != null)) {
TestCaseLabel tcLabel = (TestCaseLabel) resp.getItem();
ans = testCaseLabelService.delete(tcLabel);
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
/**
* Update was successful. Adding Log entry.
*/
logEventService.createForPrivateCalls("/DeleteTestCaseLabel", "DELETE", "Deleted TestCaseLabel : ['" + myIdInt + "'|'" + myTestList[j] + "'|'" + myTestCaseList[j] + "']", request);
} else {
massErrorCounter++;
output_message.append("<br>Label : ").append(myLabelId).append(" Test : '").append(myTestList[j]).append("' TestCase : '").append(myTestCaseList[j]).append("' - ").append(ans.getResultMessage().getDescription());
}
}
}
}
}
}
if (myTestList.length > 1) {
if (massErrorCounter == myTestList.length) {
// All updates are in ERROR.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Mass Update").replace("%REASON%", massErrorCounter + " label links(s) out of " + (myTestList.length * myLabelIdList.length) + " failed to be deleted due to an issue.<br>") + output_message.toString());
ans.setResultMessage(msg);
} else if (massErrorCounter > 0) {
// At least 1 update in error
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_WARNING);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Mass Update").replace("%REASON%", massErrorCounter + " label links(s) out of " + (myTestList.length * myLabelIdList.length) + " failed to be deleted due to an issue.<br>") + output_message.toString());
ans.setResultMessage(msg);
} else {
// No error detected.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME).replace("%OPERATION%", "Mass Update") + "\n\nAll " + (myTestList.length * myLabelIdList.length) + " label links(s) deleted successfuly.");
ans.setResultMessage(msg);
}
logEventService.createForPrivateCalls("/DeleteTestCaseLabel", "MASSUPDATE", msg.getDescription(), request);
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
use of org.owasp.html.PolicyFactory in project cerberus-source by cerberustesting.
the class DuplicateTestCase method processRequest.
// </editor-fold>
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, JSONException, CerberusException {
JSONObject jsonResponse = new JSONObject();
Answer ans = new Answer();
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
ans.setResultMessage(msg);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
String test = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("test"), "");
String testCase = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("testCase"), "");
String originalTest = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("originalTest"), "");
String originalTestCase = ParameterParserUtil.parseStringParamAndSanitize(request.getParameter("originalTestCase"), null);
/**
* Checking all constrains before calling the services.
*/
if (StringUtil.isNullOrEmpty(test) || StringUtil.isNullOrEmpty(testCase) || StringUtil.isNullOrEmpty(originalTest) || originalTestCase != null) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Case").replace("%OPERATION%", "Duplicate").replace("%REASON%", "mandatory fields are missing."));
ans.setResultMessage(msg);
} else {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testCaseService = appContext.getBean(ITestCaseService.class);
ITestCaseCountryService testCaseCountryService = appContext.getBean(ITestCaseCountryService.class);
ITestCaseCountryPropertiesService testCaseCountryPropertiesService = appContext.getBean(ITestCaseCountryPropertiesService.class);
ITestCaseStepService testCaseStepService = appContext.getBean(ITestCaseStepService.class);
ITestCaseStepActionService testCaseStepActionService = appContext.getBean(ITestCaseStepActionService.class);
ITestCaseStepActionControlService testCaseStepActionControlService = appContext.getBean(ITestCaseStepActionControlService.class);
ITestCaseLabelService testCaseLabelService = appContext.getBean(ITestCaseLabelService.class);
AnswerItem originalTestAI = testCaseService.readByKey(originalTest, originalTestCase);
AnswerItem targetTestAI = testCaseService.readByKey(test, testCase);
TestCase originalTC = (TestCase) originalTestAI.getItem();
TestCase targetTC = (TestCase) targetTestAI.getItem();
if (!(originalTestAI.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && originalTestAI.getItem() != null)) {
/**
* Object could not be found. We stop here and report the error.
*/
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Duplicate").replace("%REASON%", "TestCase does not exist."));
ans.setResultMessage(msg);
} else /**
* The service was able to perform the query and confirm the object
* exist, then we can update it.
*/
if (!request.isUserInRole("Test")) {
// We cannot update the testcase if the user is not at least in Test role.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Duplicate").replace("%REASON%", "Not enought privilege to duplicate the testcase. You must belong to Test Privilege."));
ans.setResultMessage(msg);
} else if (targetTC != null) {
// If target Test Case already exists.
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Duplicate").replace("%REASON%", "The test case you try to create already exists. Please define a test/testcase that is not already existing."));
ans.setResultMessage(msg);
} else {
getInfo(request, originalTC);
// Update object with new testcase id and insert it in db
originalTC.setTest(test);
originalTC.setTestCase(testCase);
ans = testCaseService.create(originalTC);
List<TestCaseCountry> countryList = new ArrayList();
countryList = testCaseCountryService.findTestCaseCountryByTestTestCase(originalTest, originalTestCase);
boolean success = true;
if (!countryList.isEmpty()) {
ans = testCaseCountryService.duplicateList(countryList, test, testCase);
}
// List<TestCaseCountry> countryList = getCountryList(test, testCase, request);
// boolean success = false;
// if (countryList.isEmpty()) {
// success = true;
// } else {
// success = testCaseCountryService.insertListTestCaseCountry(countryList);
// }
List<TestCaseCountryProperties> tccpList = new ArrayList();
if (!countryList.isEmpty() && ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && success) {
tccpList = testCaseCountryPropertiesService.findListOfPropertyPerTestTestCase(originalTest, originalTestCase);
if (!tccpList.isEmpty()) {
ans = testCaseCountryPropertiesService.duplicateList(tccpList, test, testCase);
}
}
List<TestCaseStep> tcsList = new ArrayList();
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && success) {
tcsList = testCaseStepService.getListOfSteps(originalTest, originalTestCase);
if (!tcsList.isEmpty()) {
ans = testCaseStepService.duplicateList(tcsList, test, testCase);
}
}
List<TestCaseStepAction> tcsaList = new ArrayList();
if (!tcsList.isEmpty() && ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && success) {
tcsaList = testCaseStepActionService.findTestCaseStepActionbyTestTestCase(originalTest, originalTestCase);
if (!tcsaList.isEmpty()) {
ans = testCaseStepActionService.duplicateList(tcsaList, test, testCase);
}
}
if (!tcsList.isEmpty() && !tcsaList.isEmpty() && ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && success) {
List<TestCaseStepActionControl> tcsacList = testCaseStepActionControlService.findControlByTestTestCase(originalTest, originalTestCase);
if (!tcsacList.isEmpty()) {
ans = testCaseStepActionControlService.duplicateList(tcsacList, test, testCase);
}
}
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && success) {
List<TestCaseLabel> tclList = testCaseLabelService.readByTestTestCase(originalTest, originalTestCase).getDataList();
if (!tclList.isEmpty()) {
ans = testCaseLabelService.duplicateList(tclList, test, testCase);
}
}
if (ans.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode()) && success) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_OK);
msg.setDescription(msg.getDescription().replace("%ITEM%", "TestCase").replace("%OPERATION%", "Duplicate"));
ans.setResultMessage(msg);
/**
* Update was successful. Adding Log entry.
*/
ILogEventService logEventService = appContext.getBean(LogEventService.class);
logEventService.createForPrivateCalls("/DuplicateTestCase", "CREATE", "Create testcase : ['" + test + "'|'" + testCase + "']", request);
}
}
}
/**
* Formating and returning the json result.
*/
jsonResponse.put("messageType", ans.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", ans.getResultMessage().getDescription());
response.getWriter().print(jsonResponse);
response.getWriter().flush();
}
Aggregations