本文整理汇总了Java中org.owasp.html.PolicyFactory.sanitize方法的典型用法代码示例。如果您正苦于以下问题:Java PolicyFactory.sanitize方法的具体用法?Java PolicyFactory.sanitize怎么用?Java PolicyFactory.sanitize使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.owasp.html.PolicyFactory的用法示例。
在下文中一共展示了PolicyFactory.sanitize方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doGet
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
PolicyFactory policy = new HtmlPolicyBuilder()
.allowElements("p").toFactory();
String query = req.getQueryString();
String notes = req.getParameter("notes");
String foundIn = req.getParameter("foundIn");
String faultData = req.getParameter("faultData");
String projectId = req.getParameter("projectId");
if (notes == null) notes = "";
if (foundIn == null) foundIn = "";
if (faultData == null) faultData = "";
if (projectId == null) projectId = "-1";
notes = policy.sanitize(notes);
foundIn = policy.sanitize(foundIn);
projectId = policy.sanitize(projectId);
PrintWriter out = new PrintWriter(resp.getWriter());
out.println(String.format(template, notes, foundIn, faultData, projectId));
}
示例2: renderContentAsText
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
public static String renderContentAsText(LocalDispatcher dispatcher, Delegator delegator, String contentId, Map<String, Object> templateContext,
Locale locale, String mimeTypeId, boolean cache) throws GeneralException, IOException {
Writer writer = new StringWriter();
renderContentAsText(dispatcher, delegator, contentId, writer, templateContext, locale, mimeTypeId, null, null, cache);
String rendered = writer.toString();
// According to https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#XSS_Prevention_Rules_Summary
// Normally head should be protected by X-XSS-Protection Response Header by default
if (EntityUtilProperties.propertyValueEqualsIgnoreCase("content.properties", "content.sanitize", "true", delegator)
&& (rendered.contains("<script>")
|| rendered.contains("<!--")
|| rendered.contains("<div")
|| rendered.contains("<style>")
|| rendered.contains("<span")
|| rendered.contains("<input")
|| rendered.contains("<input")
|| rendered.contains("<iframe")
|| rendered.contains("<a"))) {
PolicyFactory sanitizer = Sanitizers.FORMATTING.and(Sanitizers.BLOCKS).and(Sanitizers.IMAGES).and(Sanitizers.LINKS).and(Sanitizers.STYLES);
rendered = sanitizer.sanitize(rendered);
}
return rendered;
}
示例3: doPost
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseStepActionExecutionService testCaseExecutionDetailService = appContext.getBean(ITestCaseStepActionExecutionService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String test = policy.sanitize(httpServletRequest.getParameter("test"));
String testcase = policy.sanitize(httpServletRequest.getParameter("testcase"));
String country = policy.sanitize(httpServletRequest.getParameter("country"));
JSONArray data = testCaseExecutionDetailService.lastActionExecutionDuration(test, testcase, country);
try {
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(data.toString());
} catch (Exception e) {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(e.getMessage());
}
}
示例4: doGet
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
IDocumentationService docService = appContext.getBean(IDocumentationService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String result = "";
String docTable = policy.sanitize(httpServletRequest.getParameter("docTable"));
String docField = policy.sanitize(httpServletRequest.getParameter("docField"));
String docLabel = policy.sanitize(httpServletRequest.getParameter("docLabel"));
String lang = ParameterParserUtil.parseStringParamAndSanitize(httpServletRequest.getParameter("lang"), "en");
result = docService.findLabelHTML(docTable, docField, docLabel, lang);
try {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(result);
} catch (Exception exception) {
LOG.warn(exception.toString());
}
}
示例5: doPost
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
testBatteryService = appContext.getBean(ITestBatteryService.class);
factoryTestBattery = appContext.getBean(IFactoryTestBattery.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String id = policy.sanitize(request.getParameter("id"));
response.setContentType("text/html");
testBatteryService.deleteTestBattery(factoryTestBattery.create(Integer.parseInt(id), null, null));
}
示例6: processRequest
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseExecutionService executionService = appContext.getBean(ITestCaseExecutionService.class);
try {
String id = policy.sanitize(request.getParameter("executionId"));
String tag = policy.sanitize(request.getParameter("newTag"));
executionService.setTagToExecution(Long.valueOf(id), tag);
// Create Tag when exist.
if (!StringUtil.isNullOrEmpty(tag)) {
// We create or update it.
ITagService tagService = appContext.getBean(ITagService.class);
tagService.createAuto(tag, "", request.getRemoteUser());
}
/* TODO output your page here. You may use following sample code. */
out.println("<!DOCTYPE html>");
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet SetTagToExecution</title>");
out.println("</head>");
out.println("<body>");
out.println("<h1>Servlet SetTagToExecution at " + request.getContextPath() + "</h1>");
out.println("</body>");
out.println("</html>");
} catch (CerberusException ex) {
LOG.warn(ex);
} finally {
out.close();
}
}
示例7: processRequest
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String[] tcToDelete = request.getParameterValues("test_testcase_delete");
String testToDelete = policy.sanitize(request.getParameter("test_of_page"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService tcService = appContext.getBean(ITestCaseService.class);
ITestCaseStepService tcsService = appContext.getBean(ITestCaseStepService.class);
try {
for (String ttd : tcToDelete) {
TestCase testCase = tcService.findTestCaseByKey(testToDelete, ttd);
if (testCase != null) {
List<TestCaseStep> tcsList = tcsService.getTestCaseStepUsingTestCaseInParamter(testCase.getTest(), testCase.getTestCase());
if (tcsList != null && !tcsList.isEmpty()){
response.sendError(403, MessageGeneralEnum.GUI_TESTCASE_DELETE_USED_STEP.getDescription());
return;
}
tcService.deleteTestCase(testCase);
} else {
throw new CerberusException(new MessageGeneral(MessageGeneralEnum.NO_DATA_FOUND));
}
}
} catch (CerberusException ex) {
LOG.warn(ex);
}
response.sendRedirect("Test.jsp?stestbox="+testToDelete);
}
示例8: doGet
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testName = policy.sanitize(httpServletRequest.getParameter("test"));
String system = policy.sanitize(httpServletRequest.getParameter("system"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseService testService = appContext.getBean(ITestCaseService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
try {
List<TestCase> tcaseList;
if (system == null){
tcaseList = testService.findTestCaseByTest(testName);
} else{
tcaseList = testService.findTestCaseActiveAutomatedBySystem(testName, system);
}
for (TestCase list : tcaseList) {
JSONObject testCase = new JSONObject();
testCase.put("testCase", list.getTestCase());
testCase.put("description", list.getTestCase().concat(" [").concat(list.getApplication()).concat("] : ").concat(list.getDescription()));
testCase.put("application", list.getApplication());
array.put(testCase);
}
jsonObject.put("testCaseList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例9: doGet
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String testName = policy.sanitize(httpServletRequest.getParameter("test"));
String testCaseName = policy.sanitize(httpServletRequest.getParameter("testCase"));
String country = policy.sanitize(httpServletRequest.getParameter("country"));
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ICountryEnvironmentService countryEnvironmentService = appContext.getBean(CountryEnvironmentService.class);
JSONArray array = new JSONArray();
JSONObject jsonObject = new JSONObject();
try {
for (String[] strings : countryEnvironmentService.getEnvironmentAvailable(testName, testCaseName, country)) {
JSONObject env = new JSONObject();
env.put("environment", strings[0]);
env.put("description", strings[0].concat(" With Build: ").concat(strings[1]).concat(" And Revision: ").concat(strings[2]));
array.put(env);
}
jsonObject.put("envList", array);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonObject.toString());
} catch (JSONException exception) {
LOG.warn(exception.toString());
}
}
示例10: doGet
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
String echo = httpServletRequest.getParameter("sEcho");
String sStart = httpServletRequest.getParameter("iDisplayStart");
String sAmount = httpServletRequest.getParameter("iDisplayLength");
String sCol = httpServletRequest.getParameter("iSortCol_0");
String sdir = httpServletRequest.getParameter("sSortDir_0");
String dir = "asc";
// String[] cols = {"id","execID","start","url",
// "end","ext","statusCode","method","bytes","timeInMillis","reqHeader_Host","resHeader_ContentType"};
int start = 0;
int amount = 0;
int col = 0;
if (sStart != null) {
start = Integer.parseInt(sStart);
if (start < 0)
start = 0;
}
if (sAmount != null) {
amount = Integer.parseInt(sAmount);
if (amount < 10 || amount > 100)
amount = 10;}
if (sCol != null) {
col = Integer.parseInt(sCol);
if (col < 0 || col > 5)
col = 0;
}
if (sdir != null) {
if (!sdir.equals("asc"))
dir = "desc";
}
// String colName = cols[col];
JSONArray data = new JSONArray(); //data that will be shown in the table
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
ITestCaseExecutionwwwDetService tCEwwwDetService = appContext.getBean(ITestCaseExecutionwwwDetService.class);
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
String id = policy.sanitize(httpServletRequest.getParameter("id"));
List<TestCaseExecutionwwwDet> detailList = tCEwwwDetService.getListOfDetail(Integer.valueOf(id));
try {
JSONObject jsonResponse = new JSONObject();
for (TestCaseExecutionwwwDet detail : detailList) {
JSONArray row = new JSONArray();
row.put(detail.getId())
.put(detail.getExecID()).put(detail.getStart())
.put(detail.getUrl()).put(detail.getEnd())
.put(detail.getExt()).put(detail.getStatusCode())
.put(detail.getMethod())
.put(detail.getBytes())
.put(detail.getTimeInMillis()).put(detail.getReqHeader_Host())
.put(detail.getResHeader_ContentType());
data.put(row);
}
jsonResponse.put("aaData", data);
jsonResponse.put("sEcho", echo);
httpServletResponse.setContentType("application/json");
httpServletResponse.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
httpServletResponse.setContentType("text/html");
httpServletResponse.getWriter().print(e.getMessage());
}
}
示例11: processRequest
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
// Nothing to do here as no parameter to check.
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("Label");
//Get Parameters
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
Boolean likeColumn = ParameterParserUtil.parseBooleanParam(request.getParameter("likeColumn"), false);
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse = new JSONObject();
if ((request.getParameter("id") == null) && (request.getParameter("system") == null) && Strings.isNullOrEmpty(columnName) ) {
answer = findLabelList(null, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
} else {
if (request.getParameter("id") != null) {
Integer id = Integer.valueOf(policy.sanitize(request.getParameter("id")));
answer = findLabelByKey(id, appContext, userHasPermissions);
jsonResponse = (JSONObject) answer.getItem();
} else if (request.getParameter("system") != null && !Strings.isNullOrEmpty(columnName)) {
answer = findDistinctValuesOfColumn(request.getParameter("system"),appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else if (request.getParameter("system") != null) {
String system = policy.sanitize(request.getParameter("system"));
answer = findLabelList(system, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
//returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
示例12: processRequest
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
* @throws org.cerberus.exception.CerberusException
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException, CerberusException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
/**
* Parsing and securing all required parameters.
*/
String mySystem = request.getParameter("system");
String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
// Nothing to do here as no parameter to check.
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = request.isUserInRole("Administrator");
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse;
String system1;
if (request.getParameter("system1") == null) {
system1 = "DEFAULT";
} else {
system1 = policy.sanitize(request.getParameter("system1"));
}
if (request.getParameter("param") == null && Strings.isNullOrEmpty(columnName)) {
answer = findParameterList(system1, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
} else if (!Strings.isNullOrEmpty(columnName)) {
answer = findDistinctValuesOfColumn(system1, appContext, request, columnName);
jsonResponse = (JSONObject) answer.getItem();
} else {
answer = findParameterBySystemByKey(system1, request.getParameter("param"), userHasPermissions, appContext);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
//returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
示例13: doPost
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = true;
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse = new JSONObject();
if (request.getParameter("system") != null) {
answer = findBuildRevList(system, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
//returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
示例14: processRequest
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code>
* methods.
*
* @param request servlet request
* @param response servlet response
* @throws ServletException if a servlet-specific error occurs
* @throws IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
AnswerItem answer = new AnswerItem(msg);
response.setContentType("application/json");
response.setCharacterEncoding("utf8");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
/**
* Parsing and securing all required parameters.
*/
Integer testdatalibid = 0;
boolean testdatalibid_error = true;
try {
if (request.getParameter("testdatalibid") != null && !request.getParameter("testdatalibid").isEmpty()) {
testdatalibid = Integer.valueOf(request.getParameter("testdatalibid"));
testdatalibid_error = false;
}
} catch (NumberFormatException ex) {
LOG.warn(ex);
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Test Data Library Data"));
msg.setDescription(msg.getDescription().replace("%OPERATION%", "Read by test data lib id"));
msg.setDescription(msg.getDescription().replace("%REASON%", "Test data library must be an integer value."));
answer.setResultMessage(msg);
testdatalibid_error = true;
}
try {
JSONObject jsonResponse;
if (request.getParameter("testdatalibid") != null && !testdatalibid_error) {
//returns sub-data entries with basis on the test data library id
answer = readById(appContext, testdatalibid);
} else if (request.getParameter("name") != null) {
//return sub-data entries with basis on the name
String name = policy.sanitize(request.getParameter("name"));
answer = readByName(appContext, name);
} else {
//return all entries
answer = readAll(appContext);
}
jsonResponse = (JSONObject) answer.getItem();
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
//returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}
示例15: doPost
import org.owasp.html.PolicyFactory; //导入方法依赖的package包/类
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String echo = request.getParameter("sEcho");
ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
response.setContentType("application/json");
// Calling Servlet Transversal Util.
ServletUtil.servletStart(request);
// Default message to unexpected error.
MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
/**
* Parsing and securing all required parameters.
*/
String system = policy.sanitize(request.getParameter("system"));
String envGp = policy.sanitize(request.getParameter("envgp"));
Integer nbDays = 10;
boolean nbdays_error = false;
try {
if (request.getParameter("nbdays") != null && !request.getParameter("nbdays").equals("")) {
nbDays = Integer.valueOf(policy.sanitize(request.getParameter("nbdays")));
}
} catch (Exception ex) {
nbdays_error = true;
}
//
// Global boolean on the servlet that define if the user has permition to edit and delete object.
boolean userHasPermissions = true;
// Init Answer with potencial error from Parsing parameter.
AnswerItem answer = new AnswerItem(new MessageEvent(MessageEventEnum.DATA_OPERATION_OK));
try {
JSONObject jsonResponse = new JSONObject();
if (StringUtil.isNullOrEmpty(system)) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment Last Change per Country")
.replace("%OPERATION%", "Read")
.replace("%REASON%", "System is missing."));
answer.setResultMessage(msg);
} else if (nbdays_error) {
msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
msg.setDescription(msg.getDescription().replace("%ITEM%", "Environment Last Change per Country")
.replace("%OPERATION%", "Read")
.replace("%REASON%", "Could not manage to convert nbdays to an integer value."));
answer.setResultMessage(msg);
} else if (request.getParameter("system") != null) {
answer = findBuildRevList(system, envGp, nbDays, appContext, userHasPermissions, request);
jsonResponse = (JSONObject) answer.getItem();
}
jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
jsonResponse.put("message", answer.getResultMessage().getDescription());
jsonResponse.put("sEcho", echo);
response.getWriter().print(jsonResponse.toString());
} catch (JSONException e) {
LOG.warn(e);
//returns a default error message with the json format that is able to be parsed by the client-side
response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
}
}