public static Document toDocument(ResultSet rs)
throws ParserConfigurationException, SQLException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.newDocument();
Element results = doc.createElement("Results");
doc.appendChild(results);
ResultSetMetaData rsmd = rs.getMetaData();
int colCount = rsmd.getColumnCount();
while (rs.next()) {
Element row = doc.createElement("Row");
results.appendChild(row);
for (int i = 1; i <= colCount; i++) {
String columnName = StringEscapeUtils.escapeXml(rsmd.getColumnName(i));
String value = StringEscapeUtils.escapeXml(oscar.Misc.getString(rs, i));
Element node = doc.createElement(columnName);
node.appendChild(doc.createTextNode(value));
row.appendChild(node);
}
}
rs.close();
return doc;
}
/* goodB2G() - use badsource and goodsink */
public void goodB2G_sink(
CWE643_Unsafe_Treatment_of_XPath_Input__fromFile_67a.Container data_container)
throws Throwable {
String data = data_container.a;
final String xmldoc =
"\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
/* FIX: validate input using StringEscapeUtils */
String uname = StringEscapeUtils.escapeXml(tokens[0]);
String pword = StringEscapeUtils.escapeXml(tokens[1]);
/* build xpath */
XPath xp = XPathFactory.newInstance().newXPath();
InputSource inxml = new InputSource(xmldoc);
String query =
"//users/user[name/text()='"
+ uname
+ "' and pass/text()='"
+ pword
+ "']"
+ "/secret/text()";
String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
}
/* goodB2G() - use badsource and goodsink */
private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
String data =
(new CWE643_Unsafe_Treatment_of_XPath_Input__getCookiesServlet_61b())
.goodB2G_source(request, response);
final String xmldoc =
"\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
/* FIX: validate input using StringEscapeUtils */
String uname = StringEscapeUtils.escapeXml(tokens[0]);
String pword = StringEscapeUtils.escapeXml(tokens[1]);
/* build xpath */
XPath xp = XPathFactory.newInstance().newXPath();
InputSource inxml = new InputSource(xmldoc);
String query =
"//users/user[name/text()='"
+ uname
+ "' and pass/text()='"
+ pword
+ "']"
+ "/secret/text()";
String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
}
public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setStatus(HttpServletResponse.SC_OK);
String vsName = request.getParameter("name");
VSensorConfig sensorConfig = Mappings.getVSensorConfig(vsName);
if (logger.isInfoEnabled())
logger.info(
new StringBuilder()
.append("Structure request for *")
.append(vsName)
.append("* received.")
.toString());
StringBuilder sb =
new StringBuilder("<virtual-sensor name=\"")
.append(vsName)
.append("\" last-modified=\"")
.append(new File(sensorConfig.getFileName()).lastModified())
.append("\">\n");
for (KeyValue df : sensorConfig.getAddressing())
sb.append("<predicate key=\"")
.append(StringEscapeUtils.escapeXml(df.getKey().toString()))
.append("\">")
.append(StringEscapeUtils.escapeXml(df.getValue().toString()))
.append("</predicate>\n");
sb.append("</virtual-sensor>");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
response.getWriter().write(sb.toString());
}
/**
* DB환경 정보 파일을 올바른 정보로 바꾸어준다.
*
* @param dbInfo
* @return
* @throws Exception
*/
private static String getConfig(UserDBDAO dbInfo) throws Exception {
String config = getFileToString(dbInfo.getDBDefine().getLocation());
config = config.replace(URL, StringEscapeUtils.escapeXml(dbInfo.getUrl()));
config = config.replace(USERNAME, StringEscapeUtils.escapeXml(dbInfo.getUsers()));
config = config.replace(PASSWORD, StringEscapeUtils.escapeXml(dbInfo.getPasswd()));
return config;
}
public static String highlight(String text, String[] words) {
if (text == null) {
return null;
}
if (words == null || words.length == 0) {
return text;
}
// TODO Consider using a primitive array
List<Pair<Integer, Integer>> positions = Lists.newArrayList();
String lower = text.toLowerCase();
for (int i = 0; i < words.length; i++) {
String word = words[i].toLowerCase();
int start = 0;
while (start != -1) {
start = lower.indexOf(word, start);
if (start != -1) {
int end = start + word.length();
positions.add(Pair.of(start, end));
start++;
}
}
}
if (positions.isEmpty()) {
return text;
}
Collections.sort(
positions,
new Comparator<Pair<Integer, Integer>>() {
@Override
public int compare(Pair<Integer, Integer> o1, Pair<Integer, Integer> o2) {
int comparison = o1.getKey().compareTo(o2.getKey());
if (comparison == 0) {
return o2.getValue().compareTo(o1.getValue());
}
return comparison;
}
});
StringBuilder out = new StringBuilder();
int pos = 0;
for (Pair<Integer, Integer> position : positions) {
int from = position.getKey();
int to = position.getValue();
if (from >= pos) {
String sub = text.substring(pos, from);
out.append(StringEscapeUtils.escapeXml(sub));
out.append("<em>");
out.append(StringEscapeUtils.escapeXml(text.substring(from, to)));
out.append("</em>");
pos = to;
}
}
out.append(text.substring(pos));
return out.toString();
}
private void appendHeader(RulesProfile profile, Writer writer) throws IOException {
writer.append(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<!-- Generated by Sonar -->"
+ "<profile><name>");
StringEscapeUtils.escapeXml(writer, profile.getName());
writer.append("</name><language>");
StringEscapeUtils.escapeXml(writer, profile.getLanguage());
writer.append("</language>");
}
private void appendRuleParameter(Writer writer, ActiveRuleParam activeRuleParam)
throws IOException {
if (StringUtils.isNotBlank(activeRuleParam.getValue())) {
writer.append("<parameter><key>");
StringEscapeUtils.escapeXml(writer, activeRuleParam.getKey());
writer.append("</key><value>");
StringEscapeUtils.escapeXml(writer, activeRuleParam.getValue());
writer.append("</value>");
writer.append("</parameter>");
}
}
public String serializeComponentData() throws Exception {
// Serialize visible properties and options.
StringWriter sw = new StringWriter();
PrintWriter out = new PrintWriter(sw);
int indent = 0;
printIndent(out, indent);
out.println("<dashboard_filter>");
Iterator it = properties.iterator();
while (it.hasNext()) {
DashboardFilterProperty dashboardFilterProperty = (DashboardFilterProperty) it.next();
printIndent(out, indent + 1);
out.println(
"<property id=\""
+ StringEscapeUtils.escapeXml(dashboardFilterProperty.getPropertyId())
+ "\" providerCode =\""
+ StringEscapeUtils.escapeXml(dashboardFilterProperty.getDataProviderCode())
+ "\">");
printIndent(out, indent + 2);
out.println("<visible>" + dashboardFilterProperty.isVisible() + "</visible>");
if (dashboardFilterProperty.getSectionId() != null) {
printIndent(out, indent + 2);
out.println("<section>" + dashboardFilterProperty.getSectionId() + "</section>");
}
printIndent(out, indent + 1);
out.println("</property>");
}
// Serialize options.
printIndent(out, indent + 1);
out.println("<options>");
printIndent(out, indent + 2);
out.println("<shortViewMode>" + isShortMode + "</shortViewMode>");
printIndent(out, indent + 2);
out.println("<showLegend>" + showLegend + "</showLegend>");
printIndent(out, indent + 2);
out.println("<showRefreshButton>" + showRefreshButton + "</showRefreshButton>");
printIndent(out, indent + 2);
out.println("<showApplyhButton>" + showApplyButton + "</showApplyhButton>");
printIndent(out, indent + 2);
out.println("<showClearButton>" + showClearButton + "</showClearButton>");
printIndent(out, indent + 2);
out.println("<showPropertyNames>" + showPropertyNames + "</showPropertyNames>");
printIndent(out, indent + 2);
out.println("<showSubmitOnChange>" + showSubmitOnChange + "</showSubmitOnChange>");
printIndent(out, indent + 1);
out.println("<showAutoRefresh>" + showAutoRefresh + "</showAutoRefresh>");
printIndent(out, indent + 1);
out.println("</options>");
printIndent(out, indent);
out.println("</dashboard_filter>");
serializedProperties = sw.toString();
return sw.toString();
}
private void exportProperty(String name, String value, String type) {
m_out.println(
" <sv:property sv:name='"
+ StringEscapeUtils.escapeXml(name)
+ "' sv:type='"
+ type
+ "'>");
m_out.print(" <sv:value>");
m_out.print(StringEscapeUtils.escapeXml(value));
m_out.println("</sv:value>");
m_out.println(" </sv:property>");
}
@Override
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
throws Exception {
// return new ModelAndView(getSuccessView());
// }
/* protected ModelAndView onSubmit(
HttpServletRequest request,
HttpServletResponse response,
Object command,
BindException errors)
throws ServletException, Exception {*/
StringEscapeUtils esc = new StringEscapeUtils();
setTitle(esc.escapeXml(request.getParameter("title")));
setLink(esc.escapeXml(request.getParameter("link")));
setDescription(esc.escapeXml(request.getParameter("description")));
// create timestamp
formatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z");
Date date = new Date();
publishDate = formatter.format(date);
String item = "";
item =
(new StringBuilder())
.append("<item>" + NEW_LINE)
.append("<title>")
.append(title)
.append("</title>" + NEW_LINE)
.append("<link>")
.append(link)
.append("</link>" + NEW_LINE)
.append("<description>")
.append(description)
.append("</description>" + NEW_LINE)
.append("<pubDate>")
.append(publishDate)
.append("</pubDate>" + NEW_LINE)
.append("</item>" + NEW_LINE)
.toString();
try {
BufferedWriter out =
new BufferedWriter(new FileWriter(getFileLocation() + getFileName(), true));
out.write(item);
out.close();
} catch (IOException e) {
e.printStackTrace();
}
return new ModelAndView(getSuccessView());
}
/* goodB2G1() - use badsource and goodsink by changing second privateReturnsTrue() to privateReturnsFalse() */
private void goodB2G1() throws Throwable {
String data;
if (privateReturnsTrue()) {
/* get system property user.home */
/* POTENTIAL FLAW: Read data from a system property */
data = System.getProperty("user.home");
} else {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run
* but ensure data is inititialized before the Sink to avoid compiler errors */
data = null;
}
if (privateReturnsFalse()) {
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
IO.writeLine("Benign, fixed string");
} else {
String xmlFile = null;
if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
/* running on Windows */
xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
} else {
/* running on non-Windows */
xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
}
if (data != null) {
/* assume username||password as source */
String[] tokens = data.split("||");
if (tokens.length < 2) {
return;
}
/* FIX: validate input using StringEscapeUtils */
String username = StringEscapeUtils.escapeXml(tokens[0]);
String password = StringEscapeUtils.escapeXml(tokens[1]);
/* build xpath */
XPath xPath = XPathFactory.newInstance().newXPath();
InputSource inputXml = new InputSource(xmlFile);
String query =
"//users/user[name/text()='"
+ username
+ "' and pass/text()='"
+ password
+ "']"
+ "/secret/text()";
String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
}
}
}
protected void writeParentName(final PrintWriter pw, final Object parent) {
if (parent != null && parent instanceof String) {
pw.write(" name=\"");
pw.write(StringEscapeUtils.escapeXml((String) parent));
pw.write("\"");
}
}
private static String getGenericCaseInformation(final Case currentCase) {
String result =
"<dem><case>"
+ "<name>"
+ StringEscapeUtils.escapeXml(currentCase.getCaseName())
+ "</name>"
+ "<author>"
+ StringEscapeUtils.escapeXml(currentCase.getInvestigatorName())
+ "</author>"
+ "<source> "
+ StringEscapeUtils.escapeXml(currentCase.getCaseLocation())
+ "</source>"
+ "</case>";
return result;
}
/**
* 得到反馈信息列表
*
* @param xml
* @return
* @throws DocumentException
*/
public static List<TradingFeedBackDetail> getFeedBackListElement(String xml) throws Exception {
List<TradingFeedBackDetail> lifb = new ArrayList();
Document document = formatStr2Doc(xml);
Element rootElt = document.getRootElement();
Element recommend = rootElt.element("FeedbackDetailArray");
Iterator<Element> iter = recommend.elementIterator("FeedbackDetail");
while (iter.hasNext()) {
Element element = iter.next();
TradingFeedBackDetail tfbd = new TradingFeedBackDetail();
tfbd.setCommentinguser(element.elementText("CommentingUser"));
tfbd.setCommentinguserscore(Long.parseLong(element.elementText("CommentingUserScore")));
tfbd.setCommenttext(
StringEscapeUtils.escapeXml(element.element("CommentText").getStringValue()));
tfbd.setCommenttime(DateUtils.returnDate(element.elementText("CommentTime")));
tfbd.setCommenttype(element.elementText("CommentType"));
tfbd.setItemid(element.elementText("ItemID"));
tfbd.setRole(element.elementText("Role"));
tfbd.setFeedbackid(element.elementText("FeedbackID"));
tfbd.setTransactionid(element.elementText("TransactionID"));
tfbd.setOrderlineitemid(element.elementText("OrderLineItemID"));
tfbd.setItemtitle(element.elementText("ItemTitle"));
tfbd.setCreateTime(new Date());
if (element.elementText("ItemPrice") != null) {
tfbd.setItemprice(Double.parseDouble(element.elementText("ItemPrice")));
}
lifb.add(tfbd);
}
return lifb;
}
static String createCompareStatsRequest(String sosEndpoint) {
return new String(
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<wps:Execute service=\"WPS\" version=\"1.0.0\" "
+ "xmlns:wps=\"http://www.opengis.net/wps/1.0.0\" "
+ "xmlns:ows=\"http://www.opengis.net/ows/1.1\" "
+ "xmlns:xlink=\"http://www.w3.org/1999/xlink\" "
+ "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
+ "xsi:schemaLocation=\"http://www.opengis.net/wps/1.0.0 "
+ "http://schemas.opengis.net/wps/1.0.0/wpsExecute_request.xsd\">"
+ "<ows:Identifier>"
+ stats_compare
+ "</ows:Identifier>"
+ "<wps:DataInputs>"
+ "<wps:Input>"
+ "<ows:Identifier>model_url</ows:Identifier>"
+ "<wps:Data>"
+ "<wps:LiteralData>"
+ StringEscapeUtils.escapeXml(
sosEndpoint + "?request=GetObservation&service=SOS&version=1.0.0&offering")
+ "</wps:LiteralData>"
+ "</wps:Data>"
+ "</wps:Input>"
+ "</wps:DataInputs>"
+ "<wps:ResponseForm>"
+ "<wps:ResponseDocument storeExecuteResponse=\"true\" status=\"true\">"
+ "<wps:Output asReference=\"true\">"
+ "<ows:Identifier>output</ows:Identifier>"
+ "</wps:Output>"
+ "</wps:ResponseDocument>"
+ "</wps:ResponseForm>"
+ "</wps:Execute>");
}
public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException {
response.setStatus(HttpServletResponse.SC_OK);
String vsName = request.getParameter("name");
VSensorConfig sensorConfig = Mappings.getVSensorConfig(vsName);
if (logger.isInfoEnabled())
logger.info(
new StringBuilder()
.append("Structure request for *")
.append(vsName)
.append("* received.")
.toString());
StringBuilder sb = new StringBuilder("<virtual-sensor name=\"").append(vsName).append("\">\n");
for (DataField df : sensorConfig.getOutputStructure())
sb.append("<field name=\"")
.append(df.getName())
.append("\" ")
.append("type=\"")
.append(df.getType())
.append("\" ")
.append("description=\"")
.append(StringEscapeUtils.escapeXml(df.getDescription()))
.append("\" />\n");
sb.append(
"<field name=\"timed\" type=\"string\" description=\"The timestamp associated with the stream element\" />\n");
sb.append("</virtual-sensor>");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", 0);
response.setHeader("Pragma", "no-cache");
response.getWriter().write(sb.toString());
}
/** {@inheritDoc} */
public String execute(List<String> parameterList) {
if (CollectionUtils.isEmpty(parameterList) || parameterList.size() != 1) {
throw new InvalidFunctionUsageException(
"Invalid function parameter usage! Missing parameter!");
}
return StringEscapeUtils.escapeXml(parameterList.get(0));
}
/**
* Convert a string to a string with XML entities
*
* @param source
* @return
*/
public static String escapeXml(String source) {
logger.info("converting :" + source);
String converted = StringEscapeUtils.escapeXml(source);
logger.info("converted: " + converted);
return (converted);
}
private void addAttribute(final StringBuilder doc, final String name, final Object value) {
if (value != null) {
doc.append(" ");
doc.append(name);
doc.append("=\"");
doc.append(StringEscapeUtils.escapeXml(value.toString()));
doc.append('"');
}
}
/**
* This will return the cell XML.
*
* @param colValue
* @return the cell XML.
*/
public static String getCellXML(String colValue) {
StringBuffer cellXML = new StringBuffer(300);
cellXML.append(GridUtil.getCellStartTag());
if (colValue != null) {
cellXML.append(formatString(org.apache.commons.lang.StringEscapeUtils.escapeXml(colValue)));
}
cellXML.append(GridUtil.getCellEndTag());
return cellXML.toString();
}
public String format(Template template, Object value) {
if (value != null) {
if (TagContext.hasParentTag("verbatim")) {
return value.toString();
}
return StringEscapeUtils.escapeXml(value.toString());
}
return "";
}
public static DatasourceXml getCasesXmlFile(final List<Case> cases, final CaseFacade caseFacade)
throws Exception {
DatasourceXml sourceXml = new DatasourceXml();
sourceXml.m_strJasperFile = ApplicationConstants.CASES_JASPER_FILE;
sourceXml.m_strXPath = ApplicationConstants.CASES_X_PATH;
sourceXml.m_strReportName = ApplicationConstants.CASES_REPORT_NAME;
sourceXml.m_strXmlPath =
caseFacade.getCaseRawReportFolderLocation()
+ File.separator
+ ApplicationConstants.CASES_XML_FILE;
StringBuilder casesBuffer = new StringBuilder();
casesBuffer.append("<dem><cases>");
for (Case aCase : cases) {
String caseLocation = aCase.getCaseLocation(); // .replace(':', '\\');
caseLocation = StringEscapeUtils.escapeXml(caseLocation);
String caseCreatingTime = DateUtil.formatedDateWithTime(aCase.getCreateTime());
long caseSize = caseFacade.getCaseHistory().getCaseSize();
casesBuffer
.append("<case>" + "<path>")
.append(StringEscapeUtils.escapeXml(caseLocation))
.append("</path>" + "<creator>")
.append(StringEscapeUtils.escapeXml(aCase.getInvestigatorName()))
.append("</creator>" + "<name>")
.append(StringEscapeUtils.escapeXml(aCase.getCaseName()))
.append("</name>" + "<description>")
.append(StringEscapeUtils.escapeXml(aCase.getDescription()))
.append("</description>" + "<size>")
.append(caseSize)
.append("</size>" + "<date>")
.append(caseCreatingTime)
.append("</date>" + "</case>");
}
casesBuffer.append("</cases></dem>");
File file = new File(sourceXml.m_strXmlPath);
FileUtils.writeStringToFile(file, casesBuffer.toString());
return sourceXml;
}
private void appendAlert(Alert alert, Writer writer) throws IOException {
writer.append("<alert><metric>");
StringEscapeUtils.escapeXml(writer, alert.getMetric().getKey());
writer.append("</metric>");
if (alert.getPeriod() != null) {
writer.append("<period>");
StringEscapeUtils.escapeXml(writer, Integer.toString(alert.getPeriod()));
writer.append("</period>");
}
writer.append("<operator>");
StringEscapeUtils.escapeXml(writer, alert.getOperator());
writer.append("</operator>");
writer.append("<warning>");
StringEscapeUtils.escapeXml(writer, alert.getValueWarning());
writer.append("</warning>");
writer.append("<error>");
StringEscapeUtils.escapeXml(writer, alert.getValueError());
writer.append("</error></alert>");
}
/**
* Prints the content between "<" and ">" (or "/>") in the output of the tag name and its
* attributes in XML format.
*
* @param printWriter the writer to print in
*/
protected void printOpeningTagContentAsXml(final PrintWriter printWriter) {
printWriter.print(getTagName());
for (final String name : attributes_.keySet()) {
printWriter.print(" ");
printWriter.print(name);
printWriter.print("=\"");
printWriter.print(StringEscapeUtils.escapeXml(attributes_.get(name).getNodeValue()));
printWriter.print("\"");
}
}
public String toXml() {
String xml = "";
xml += " <name>Groovy</name>\n";
xml += " <pageName>" + this.pageName + "</pageName>\n";
xml +=
" <pageCode>"
+ StringEscapeUtils.escapeXml(this.gui.codePane.getText())
+ "</pageCode>\n";
return xml;
}
private void appendOryxField(Writer writer, String field, String entry) throws IOException {
writer.append("<span class=\"oryx-");
writer.append(field);
if (entry != null) {
writer.append("\">");
writer.append(StringEscapeUtils.escapeXml(entry));
writer.append("</span>");
} else {
writer.append("\"/>");
}
}
public void assertSiteMap(File baseDirCitations, String substring, String siteMapLocation)
throws IOException {
final File file = new File(baseDirCitations, "sitemap.xml.gz");
assertThat(file.exists(), is(true));
final String siteMapString = IOUtils.toString(new GZIPInputStream(new FileInputStream(file)));
assertThat(siteMapString, containsString(StringEscapeUtils.escapeXml(substring)));
final File sitemapIndex = new File(baseDirCitations, "sitemap_index.xml");
assertThat(sitemapIndex.exists(), is(true));
final String sitemapIndexString = IOUtils.toString(new FileInputStream(sitemapIndex));
assertThat(sitemapIndexString, containsString(siteMapLocation));
}
private String processSectionText(String sectionText, String pageUrl) {
// handles href="#link", href="/link", and href="../"
sectionText = processAnchors(sectionText, pageUrl);
// as method suggests, this is a temporary solution to resolving embedded image tags in section
// text
sectionText = tmpProcessToLImageTags(sectionText);
// strip out class, id, and style attributes from embedded markup
sectionText = stripOutClassIdStyleAttributes(sectionText);
return StringEscapeUtils.escapeXml(sectionText);
}
/**
* Goes through SynapsePath argument list, evaluating each by calling stringValueOf and returns a
* HashMap String, String array where each item will contain a hash map with key "evaluated
* expression" and value "SynapsePath type".
*
* @param synCtx
* @return
*/
private HashMap<String, String>[] getArgValues(MessageContext synCtx) {
HashMap<String, String>[] argValues = new HashMap[pathArgumentList.size()];
HashMap<String, String> valueMap;
String value = "";
for (int i = 0; i < pathArgumentList.size(); ++i) {
/*ToDo use foreach*/
Argument arg = pathArgumentList.get(i);
if (arg.getValue() != null) {
value = arg.getValue();
if (!isWellFormedXML(value)) {
value = StringEscapeUtils.escapeXml(value);
}
value = Matcher.quoteReplacement(value);
} else if (arg.getExpression() != null) {
value = arg.getExpression().stringValueOf(synCtx);
if (value != null) {
// XML escape the result of an expression that produces a literal, if the target format
// of the payload is XML.
if (!isWellFormedXML(value)
&& !arg.getExpression().getPathType().equals(SynapsePath.JSON_PATH)
&& XML_TYPE.equals(getType())) {
value = StringEscapeUtils.escapeXml(value);
}
value = Matcher.quoteReplacement(value);
} else {
value = "";
}
} else {
handleException("Unexpected arg type detected", synCtx);
}
// value = value.replace(String.valueOf((char) 160), " ").trim();
valueMap = new HashMap<String, String>();
if (null != arg.getExpression()) {
valueMap.put(value, arg.getExpression().getPathType());
} else {
valueMap.put(value, SynapsePath.X_PATH);
}
argValues[i] = valueMap;
}
return argValues;
}