Пример #1
0
  public static Document toDocument(ResultSet rs)
      throws ParserConfigurationException, SQLException {
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    DocumentBuilder builder = factory.newDocumentBuilder();
    Document doc = builder.newDocument();

    Element results = doc.createElement("Results");
    doc.appendChild(results);

    ResultSetMetaData rsmd = rs.getMetaData();
    int colCount = rsmd.getColumnCount();

    while (rs.next()) {
      Element row = doc.createElement("Row");
      results.appendChild(row);

      for (int i = 1; i <= colCount; i++) {
        String columnName = StringEscapeUtils.escapeXml(rsmd.getColumnName(i));
        String value = StringEscapeUtils.escapeXml(oscar.Misc.getString(rs, i));

        Element node = doc.createElement(columnName);
        node.appendChild(doc.createTextNode(value));
        row.appendChild(node);
      }
    }
    rs.close();
    return doc;
  }
  /* goodB2G() - use badsource and goodsink */
  public void goodB2G_sink(
      CWE643_Unsafe_Treatment_of_XPath_Input__fromFile_67a.Container data_container)
      throws Throwable {
    String data = data_container.a;

    final String xmldoc =
        "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";

    /* assume username||password as source */
    String[] tokens = data.split("||");
    if (tokens.length < 2) {
      return;
    }

    /* FIX: validate input using StringEscapeUtils */
    String uname = StringEscapeUtils.escapeXml(tokens[0]);
    String pword = StringEscapeUtils.escapeXml(tokens[1]);

    /* build xpath */
    XPath xp = XPathFactory.newInstance().newXPath();
    InputSource inxml = new InputSource(xmldoc);

    String query =
        "//users/user[name/text()='"
            + uname
            + "' and pass/text()='"
            + pword
            + "']"
            + "/secret/text()";
    String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
  }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data =
        (new CWE643_Unsafe_Treatment_of_XPath_Input__getCookiesServlet_61b())
            .goodB2G_source(request, response);

    final String xmldoc =
        "\\src\\testcases\\CWE643_Unsafe_Treatment_of_XPath_Input\\console_to_evaluate\\CWE643_Unsafe_Treatment_of_XPath_Input__helper.xml";

    /* assume username||password as source */
    String[] tokens = data.split("||");
    if (tokens.length < 2) {
      return;
    }

    /* FIX: validate input using StringEscapeUtils */
    String uname = StringEscapeUtils.escapeXml(tokens[0]);
    String pword = StringEscapeUtils.escapeXml(tokens[1]);

    /* build xpath */
    XPath xp = XPathFactory.newInstance().newXPath();
    InputSource inxml = new InputSource(xmldoc);

    String query =
        "//users/user[name/text()='"
            + uname
            + "' and pass/text()='"
            + pword
            + "']"
            + "/secret/text()";
    String secret = (String) xp.evaluate(query, inxml, XPathConstants.STRING);
  }
Пример #4
0
 public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException {
   response.setStatus(HttpServletResponse.SC_OK);
   String vsName = request.getParameter("name");
   VSensorConfig sensorConfig = Mappings.getVSensorConfig(vsName);
   if (logger.isInfoEnabled())
     logger.info(
         new StringBuilder()
             .append("Structure request for *")
             .append(vsName)
             .append("* received.")
             .toString());
   StringBuilder sb =
       new StringBuilder("<virtual-sensor name=\"")
           .append(vsName)
           .append("\" last-modified=\"")
           .append(new File(sensorConfig.getFileName()).lastModified())
           .append("\">\n");
   for (KeyValue df : sensorConfig.getAddressing())
     sb.append("<predicate key=\"")
         .append(StringEscapeUtils.escapeXml(df.getKey().toString()))
         .append("\">")
         .append(StringEscapeUtils.escapeXml(df.getValue().toString()))
         .append("</predicate>\n");
   sb.append("</virtual-sensor>");
   response.setHeader("Cache-Control", "no-store");
   response.setDateHeader("Expires", 0);
   response.setHeader("Pragma", "no-cache");
   response.getWriter().write(sb.toString());
 }
Пример #5
0
  /**
   * DB환경 정보 파일을 올바른 정보로 바꾸어준다.
   *
   * @param dbInfo
   * @return
   * @throws Exception
   */
  private static String getConfig(UserDBDAO dbInfo) throws Exception {
    String config = getFileToString(dbInfo.getDBDefine().getLocation());

    config = config.replace(URL, StringEscapeUtils.escapeXml(dbInfo.getUrl()));
    config = config.replace(USERNAME, StringEscapeUtils.escapeXml(dbInfo.getUsers()));
    config = config.replace(PASSWORD, StringEscapeUtils.escapeXml(dbInfo.getPasswd()));

    return config;
  }
Пример #6
0
  public static String highlight(String text, String[] words) {
    if (text == null) {
      return null;
    }
    if (words == null || words.length == 0) {
      return text;
    }
    // TODO Consider using a primitive array
    List<Pair<Integer, Integer>> positions = Lists.newArrayList();
    String lower = text.toLowerCase();
    for (int i = 0; i < words.length; i++) {
      String word = words[i].toLowerCase();
      int start = 0;
      while (start != -1) {
        start = lower.indexOf(word, start);
        if (start != -1) {
          int end = start + word.length();
          positions.add(Pair.of(start, end));
          start++;
        }
      }
    }
    if (positions.isEmpty()) {
      return text;
    }
    Collections.sort(
        positions,
        new Comparator<Pair<Integer, Integer>>() {

          @Override
          public int compare(Pair<Integer, Integer> o1, Pair<Integer, Integer> o2) {
            int comparison = o1.getKey().compareTo(o2.getKey());
            if (comparison == 0) {
              return o2.getValue().compareTo(o1.getValue());
            }
            return comparison;
          }
        });

    StringBuilder out = new StringBuilder();
    int pos = 0;
    for (Pair<Integer, Integer> position : positions) {
      int from = position.getKey();
      int to = position.getValue();
      if (from >= pos) {
        String sub = text.substring(pos, from);
        out.append(StringEscapeUtils.escapeXml(sub));
        out.append("<em>");
        out.append(StringEscapeUtils.escapeXml(text.substring(from, to)));
        out.append("</em>");
        pos = to;
      }
    }
    out.append(text.substring(pos));
    return out.toString();
  }
Пример #7
0
 private void appendHeader(RulesProfile profile, Writer writer) throws IOException {
   writer.append(
       "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
           + "<!-- Generated by Sonar -->"
           + "<profile><name>");
   StringEscapeUtils.escapeXml(writer, profile.getName());
   writer.append("</name><language>");
   StringEscapeUtils.escapeXml(writer, profile.getLanguage());
   writer.append("</language>");
 }
Пример #8
0
 private void appendRuleParameter(Writer writer, ActiveRuleParam activeRuleParam)
     throws IOException {
   if (StringUtils.isNotBlank(activeRuleParam.getValue())) {
     writer.append("<parameter><key>");
     StringEscapeUtils.escapeXml(writer, activeRuleParam.getKey());
     writer.append("</key><value>");
     StringEscapeUtils.escapeXml(writer, activeRuleParam.getValue());
     writer.append("</value>");
     writer.append("</parameter>");
   }
 }
  public String serializeComponentData() throws Exception {
    // Serialize visible properties and options.
    StringWriter sw = new StringWriter();
    PrintWriter out = new PrintWriter(sw);
    int indent = 0;
    printIndent(out, indent);
    out.println("<dashboard_filter>");
    Iterator it = properties.iterator();
    while (it.hasNext()) {
      DashboardFilterProperty dashboardFilterProperty = (DashboardFilterProperty) it.next();
      printIndent(out, indent + 1);
      out.println(
          "<property id=\""
              + StringEscapeUtils.escapeXml(dashboardFilterProperty.getPropertyId())
              + "\" providerCode =\""
              + StringEscapeUtils.escapeXml(dashboardFilterProperty.getDataProviderCode())
              + "\">");
      printIndent(out, indent + 2);
      out.println("<visible>" + dashboardFilterProperty.isVisible() + "</visible>");
      if (dashboardFilterProperty.getSectionId() != null) {
        printIndent(out, indent + 2);
        out.println("<section>" + dashboardFilterProperty.getSectionId() + "</section>");
      }
      printIndent(out, indent + 1);
      out.println("</property>");
    }

    // Serialize options.
    printIndent(out, indent + 1);
    out.println("<options>");
    printIndent(out, indent + 2);
    out.println("<shortViewMode>" + isShortMode + "</shortViewMode>");
    printIndent(out, indent + 2);
    out.println("<showLegend>" + showLegend + "</showLegend>");
    printIndent(out, indent + 2);
    out.println("<showRefreshButton>" + showRefreshButton + "</showRefreshButton>");
    printIndent(out, indent + 2);
    out.println("<showApplyhButton>" + showApplyButton + "</showApplyhButton>");
    printIndent(out, indent + 2);
    out.println("<showClearButton>" + showClearButton + "</showClearButton>");
    printIndent(out, indent + 2);
    out.println("<showPropertyNames>" + showPropertyNames + "</showPropertyNames>");
    printIndent(out, indent + 2);
    out.println("<showSubmitOnChange>" + showSubmitOnChange + "</showSubmitOnChange>");
    printIndent(out, indent + 1);
    out.println("<showAutoRefresh>" + showAutoRefresh + "</showAutoRefresh>");
    printIndent(out, indent + 1);
    out.println("</options>");
    printIndent(out, indent);

    out.println("</dashboard_filter>");
    serializedProperties = sw.toString();
    return sw.toString();
  }
Пример #10
0
 private void exportProperty(String name, String value, String type) {
   m_out.println(
       "  <sv:property sv:name='"
           + StringEscapeUtils.escapeXml(name)
           + "' sv:type='"
           + type
           + "'>");
   m_out.print("    <sv:value>");
   m_out.print(StringEscapeUtils.escapeXml(value));
   m_out.println("</sv:value>");
   m_out.println("  </sv:property>");
 }
  @Override
  public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response)
      throws Exception {
    //   return new ModelAndView(getSuccessView());
    //  }

    /*    protected ModelAndView onSubmit(
    HttpServletRequest request,
    HttpServletResponse response,
    Object command,
    BindException errors)
    throws ServletException, Exception {*/

    StringEscapeUtils esc = new StringEscapeUtils();

    setTitle(esc.escapeXml(request.getParameter("title")));
    setLink(esc.escapeXml(request.getParameter("link")));
    setDescription(esc.escapeXml(request.getParameter("description")));

    // create timestamp
    formatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z");
    Date date = new Date();
    publishDate = formatter.format(date);
    String item = "";
    item =
        (new StringBuilder())
            .append("<item>" + NEW_LINE)
            .append("<title>")
            .append(title)
            .append("</title>" + NEW_LINE)
            .append("<link>")
            .append(link)
            .append("</link>" + NEW_LINE)
            .append("<description>")
            .append(description)
            .append("</description>" + NEW_LINE)
            .append("<pubDate>")
            .append(publishDate)
            .append("</pubDate>" + NEW_LINE)
            .append("</item>" + NEW_LINE)
            .toString();
    try {
      BufferedWriter out =
          new BufferedWriter(new FileWriter(getFileLocation() + getFileName(), true));
      out.write(item);
      out.close();
    } catch (IOException e) {
      e.printStackTrace();
    }

    return new ModelAndView(getSuccessView());
  }
  /* goodB2G1() - use badsource and goodsink by changing second privateReturnsTrue() to privateReturnsFalse() */
  private void goodB2G1() throws Throwable {
    String data;
    if (privateReturnsTrue()) {
      /* get system property user.home */
      /* POTENTIAL FLAW: Read data from a system property */
      data = System.getProperty("user.home");
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = null;
    }

    if (privateReturnsFalse()) {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
      IO.writeLine("Benign, fixed string");
    } else {

      String xmlFile = null;
      if (System.getProperty("os.name").toLowerCase().indexOf("win") >= 0) {
        /* running on Windows */
        xmlFile = "\\src\\testcases\\CWE643_Xpath Injection\\CWE643_Xpath_Injection__Helper.xml";
      } else {
        /* running on non-Windows */
        xmlFile = "./src/testcases/CWE643_Xpath Injection/CWE643_Xpath_Injection__Helper.xml";
      }

      if (data != null) {
        /* assume username||password as source */
        String[] tokens = data.split("||");
        if (tokens.length < 2) {
          return;
        }
        /* FIX: validate input using StringEscapeUtils */
        String username = StringEscapeUtils.escapeXml(tokens[0]);
        String password = StringEscapeUtils.escapeXml(tokens[1]);
        /* build xpath */
        XPath xPath = XPathFactory.newInstance().newXPath();
        InputSource inputXml = new InputSource(xmlFile);
        String query =
            "//users/user[name/text()='"
                + username
                + "' and pass/text()='"
                + password
                + "']"
                + "/secret/text()";
        String secret = (String) xPath.evaluate(query, inputXml, XPathConstants.STRING);
      }
    }
  }
 protected void writeParentName(final PrintWriter pw, final Object parent) {
   if (parent != null && parent instanceof String) {
     pw.write(" name=\"");
     pw.write(StringEscapeUtils.escapeXml((String) parent));
     pw.write("\"");
   }
 }
Пример #14
0
  private static String getGenericCaseInformation(final Case currentCase) {
    String result =
        "<dem><case>"
            + "<name>"
            + StringEscapeUtils.escapeXml(currentCase.getCaseName())
            + "</name>"
            + "<author>"
            + StringEscapeUtils.escapeXml(currentCase.getInvestigatorName())
            + "</author>"
            + "<source> "
            + StringEscapeUtils.escapeXml(currentCase.getCaseLocation())
            + "</source>"
            + "</case>";

    return result;
  }
Пример #15
0
 /**
  * 得到反馈信息列表
  *
  * @param xml
  * @return
  * @throws DocumentException
  */
 public static List<TradingFeedBackDetail> getFeedBackListElement(String xml) throws Exception {
   List<TradingFeedBackDetail> lifb = new ArrayList();
   Document document = formatStr2Doc(xml);
   Element rootElt = document.getRootElement();
   Element recommend = rootElt.element("FeedbackDetailArray");
   Iterator<Element> iter = recommend.elementIterator("FeedbackDetail");
   while (iter.hasNext()) {
     Element element = iter.next();
     TradingFeedBackDetail tfbd = new TradingFeedBackDetail();
     tfbd.setCommentinguser(element.elementText("CommentingUser"));
     tfbd.setCommentinguserscore(Long.parseLong(element.elementText("CommentingUserScore")));
     tfbd.setCommenttext(
         StringEscapeUtils.escapeXml(element.element("CommentText").getStringValue()));
     tfbd.setCommenttime(DateUtils.returnDate(element.elementText("CommentTime")));
     tfbd.setCommenttype(element.elementText("CommentType"));
     tfbd.setItemid(element.elementText("ItemID"));
     tfbd.setRole(element.elementText("Role"));
     tfbd.setFeedbackid(element.elementText("FeedbackID"));
     tfbd.setTransactionid(element.elementText("TransactionID"));
     tfbd.setOrderlineitemid(element.elementText("OrderLineItemID"));
     tfbd.setItemtitle(element.elementText("ItemTitle"));
     tfbd.setCreateTime(new Date());
     if (element.elementText("ItemPrice") != null) {
       tfbd.setItemprice(Double.parseDouble(element.elementText("ItemPrice")));
     }
     lifb.add(tfbd);
   }
   return lifb;
 }
Пример #16
0
  static String createCompareStatsRequest(String sosEndpoint) {

    return new String(
        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
            + "<wps:Execute service=\"WPS\" version=\"1.0.0\" "
            + "xmlns:wps=\"http://www.opengis.net/wps/1.0.0\" "
            + "xmlns:ows=\"http://www.opengis.net/ows/1.1\" "
            + "xmlns:xlink=\"http://www.w3.org/1999/xlink\" "
            + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" "
            + "xsi:schemaLocation=\"http://www.opengis.net/wps/1.0.0 "
            + "http://schemas.opengis.net/wps/1.0.0/wpsExecute_request.xsd\">"
            + "<ows:Identifier>"
            + stats_compare
            + "</ows:Identifier>"
            + "<wps:DataInputs>"
            + "<wps:Input>"
            + "<ows:Identifier>model_url</ows:Identifier>"
            + "<wps:Data>"
            + "<wps:LiteralData>"
            + StringEscapeUtils.escapeXml(
                sosEndpoint + "?request=GetObservation&service=SOS&version=1.0.0&offering")
            + "</wps:LiteralData>"
            + "</wps:Data>"
            + "</wps:Input>"
            + "</wps:DataInputs>"
            + "<wps:ResponseForm>"
            + "<wps:ResponseDocument storeExecuteResponse=\"true\" status=\"true\">"
            + "<wps:Output asReference=\"true\">"
            + "<ows:Identifier>output</ows:Identifier>"
            + "</wps:Output>"
            + "</wps:ResponseDocument>"
            + "</wps:ResponseForm>"
            + "</wps:Execute>");
  }
Пример #17
0
 public void handle(HttpServletRequest request, HttpServletResponse response) throws IOException {
   response.setStatus(HttpServletResponse.SC_OK);
   String vsName = request.getParameter("name");
   VSensorConfig sensorConfig = Mappings.getVSensorConfig(vsName);
   if (logger.isInfoEnabled())
     logger.info(
         new StringBuilder()
             .append("Structure request for *")
             .append(vsName)
             .append("* received.")
             .toString());
   StringBuilder sb = new StringBuilder("<virtual-sensor name=\"").append(vsName).append("\">\n");
   for (DataField df : sensorConfig.getOutputStructure())
     sb.append("<field name=\"")
         .append(df.getName())
         .append("\" ")
         .append("type=\"")
         .append(df.getType())
         .append("\" ")
         .append("description=\"")
         .append(StringEscapeUtils.escapeXml(df.getDescription()))
         .append("\" />\n");
   sb.append(
       "<field name=\"timed\" type=\"string\" description=\"The timestamp associated with the stream element\" />\n");
   sb.append("</virtual-sensor>");
   response.setHeader("Cache-Control", "no-store");
   response.setDateHeader("Expires", 0);
   response.setHeader("Pragma", "no-cache");
   response.getWriter().write(sb.toString());
 }
Пример #18
0
  /** {@inheritDoc} */
  public String execute(List<String> parameterList) {
    if (CollectionUtils.isEmpty(parameterList) || parameterList.size() != 1) {
      throw new InvalidFunctionUsageException(
          "Invalid function parameter usage! Missing parameter!");
    }

    return StringEscapeUtils.escapeXml(parameterList.get(0));
  }
Пример #19
0
  /**
   * Convert a string to a string with XML entities
   *
   * @param source
   * @return
   */
  public static String escapeXml(String source) {
    logger.info("converting :" + source);

    String converted = StringEscapeUtils.escapeXml(source);
    logger.info("converted: " + converted);

    return (converted);
  }
Пример #20
0
 private void addAttribute(final StringBuilder doc, final String name, final Object value) {
   if (value != null) {
     doc.append(" ");
     doc.append(name);
     doc.append("=\"");
     doc.append(StringEscapeUtils.escapeXml(value.toString()));
     doc.append('"');
   }
 }
Пример #21
0
 /**
  * This will return the cell XML.
  *
  * @param colValue
  * @return the cell XML.
  */
 public static String getCellXML(String colValue) {
   StringBuffer cellXML = new StringBuffer(300);
   cellXML.append(GridUtil.getCellStartTag());
   if (colValue != null) {
     cellXML.append(formatString(org.apache.commons.lang.StringEscapeUtils.escapeXml(colValue)));
   }
   cellXML.append(GridUtil.getCellEndTag());
   return cellXML.toString();
 }
Пример #22
0
 public String format(Template template, Object value) {
   if (value != null) {
     if (TagContext.hasParentTag("verbatim")) {
       return value.toString();
     }
     return StringEscapeUtils.escapeXml(value.toString());
   }
   return "";
 }
Пример #23
0
  public static DatasourceXml getCasesXmlFile(final List<Case> cases, final CaseFacade caseFacade)
      throws Exception {
    DatasourceXml sourceXml = new DatasourceXml();

    sourceXml.m_strJasperFile = ApplicationConstants.CASES_JASPER_FILE;
    sourceXml.m_strXPath = ApplicationConstants.CASES_X_PATH;
    sourceXml.m_strReportName = ApplicationConstants.CASES_REPORT_NAME;
    sourceXml.m_strXmlPath =
        caseFacade.getCaseRawReportFolderLocation()
            + File.separator
            + ApplicationConstants.CASES_XML_FILE;

    StringBuilder casesBuffer = new StringBuilder();
    casesBuffer.append("<dem><cases>");

    for (Case aCase : cases) {
      String caseLocation = aCase.getCaseLocation(); // .replace(':', '\\');
      caseLocation = StringEscapeUtils.escapeXml(caseLocation);
      String caseCreatingTime = DateUtil.formatedDateWithTime(aCase.getCreateTime());
      long caseSize = caseFacade.getCaseHistory().getCaseSize();

      casesBuffer
          .append("<case>" + "<path>")
          .append(StringEscapeUtils.escapeXml(caseLocation))
          .append("</path>" + "<creator>")
          .append(StringEscapeUtils.escapeXml(aCase.getInvestigatorName()))
          .append("</creator>" + "<name>")
          .append(StringEscapeUtils.escapeXml(aCase.getCaseName()))
          .append("</name>" + "<description>")
          .append(StringEscapeUtils.escapeXml(aCase.getDescription()))
          .append("</description>" + "<size>")
          .append(caseSize)
          .append("</size>" + "<date>")
          .append(caseCreatingTime)
          .append("</date>" + "</case>");
    }

    casesBuffer.append("</cases></dem>");

    File file = new File(sourceXml.m_strXmlPath);
    FileUtils.writeStringToFile(file, casesBuffer.toString());

    return sourceXml;
  }
Пример #24
0
 private void appendAlert(Alert alert, Writer writer) throws IOException {
   writer.append("<alert><metric>");
   StringEscapeUtils.escapeXml(writer, alert.getMetric().getKey());
   writer.append("</metric>");
   if (alert.getPeriod() != null) {
     writer.append("<period>");
     StringEscapeUtils.escapeXml(writer, Integer.toString(alert.getPeriod()));
     writer.append("</period>");
   }
   writer.append("<operator>");
   StringEscapeUtils.escapeXml(writer, alert.getOperator());
   writer.append("</operator>");
   writer.append("<warning>");
   StringEscapeUtils.escapeXml(writer, alert.getValueWarning());
   writer.append("</warning>");
   writer.append("<error>");
   StringEscapeUtils.escapeXml(writer, alert.getValueError());
   writer.append("</error></alert>");
 }
Пример #25
0
 /**
  * Prints the content between "&lt;" and "&gt;" (or "/&gt;") in the output of the tag name and its
  * attributes in XML format.
  *
  * @param printWriter the writer to print in
  */
 protected void printOpeningTagContentAsXml(final PrintWriter printWriter) {
   printWriter.print(getTagName());
   for (final String name : attributes_.keySet()) {
     printWriter.print(" ");
     printWriter.print(name);
     printWriter.print("=\"");
     printWriter.print(StringEscapeUtils.escapeXml(attributes_.get(name).getNodeValue()));
     printWriter.print("\"");
   }
 }
Пример #26
0
 public String toXml() {
   String xml = "";
   xml += "      <name>Groovy</name>\n";
   xml += "      <pageName>" + this.pageName + "</pageName>\n";
   xml +=
       "      <pageCode>"
           + StringEscapeUtils.escapeXml(this.gui.codePane.getText())
           + "</pageCode>\n";
   return xml;
 }
 private void appendOryxField(Writer writer, String field, String entry) throws IOException {
   writer.append("<span class=\"oryx-");
   writer.append(field);
   if (entry != null) {
     writer.append("\">");
     writer.append(StringEscapeUtils.escapeXml(entry));
     writer.append("</span>");
   } else {
     writer.append("\"/>");
   }
 }
 public void assertSiteMap(File baseDirCitations, String substring, String siteMapLocation)
     throws IOException {
   final File file = new File(baseDirCitations, "sitemap.xml.gz");
   assertThat(file.exists(), is(true));
   final String siteMapString = IOUtils.toString(new GZIPInputStream(new FileInputStream(file)));
   assertThat(siteMapString, containsString(StringEscapeUtils.escapeXml(substring)));
   final File sitemapIndex = new File(baseDirCitations, "sitemap_index.xml");
   assertThat(sitemapIndex.exists(), is(true));
   final String sitemapIndexString = IOUtils.toString(new FileInputStream(sitemapIndex));
   assertThat(sitemapIndexString, containsString(siteMapLocation));
 }
Пример #29
0
  private String processSectionText(String sectionText, String pageUrl) {

    // handles href="#link", href="/link", and href="../"
    sectionText = processAnchors(sectionText, pageUrl);
    // as method suggests, this is a temporary solution to resolving embedded image tags in section
    // text
    sectionText = tmpProcessToLImageTags(sectionText);
    // strip out class, id, and style attributes from embedded markup
    sectionText = stripOutClassIdStyleAttributes(sectionText);
    return StringEscapeUtils.escapeXml(sectionText);
  }
 /**
  * Goes through SynapsePath argument list, evaluating each by calling stringValueOf and returns a
  * HashMap String, String array where each item will contain a hash map with key "evaluated
  * expression" and value "SynapsePath type".
  *
  * @param synCtx
  * @return
  */
 private HashMap<String, String>[] getArgValues(MessageContext synCtx) {
   HashMap<String, String>[] argValues = new HashMap[pathArgumentList.size()];
   HashMap<String, String> valueMap;
   String value = "";
   for (int i = 0; i < pathArgumentList.size(); ++i) {
       /*ToDo use foreach*/
     Argument arg = pathArgumentList.get(i);
     if (arg.getValue() != null) {
       value = arg.getValue();
       if (!isWellFormedXML(value)) {
         value = StringEscapeUtils.escapeXml(value);
       }
       value = Matcher.quoteReplacement(value);
     } else if (arg.getExpression() != null) {
       value = arg.getExpression().stringValueOf(synCtx);
       if (value != null) {
         // XML escape the result of an expression that produces a literal, if the target format
         // of the payload is XML.
         if (!isWellFormedXML(value)
             && !arg.getExpression().getPathType().equals(SynapsePath.JSON_PATH)
             && XML_TYPE.equals(getType())) {
           value = StringEscapeUtils.escapeXml(value);
         }
         value = Matcher.quoteReplacement(value);
       } else {
         value = "";
       }
     } else {
       handleException("Unexpected arg type detected", synCtx);
     }
     // value = value.replace(String.valueOf((char) 160), " ").trim();
     valueMap = new HashMap<String, String>();
     if (null != arg.getExpression()) {
       valueMap.put(value, arg.getExpression().getPathType());
     } else {
       valueMap.put(value, SynapsePath.X_PATH);
     }
     argValues[i] = valueMap;
   }
   return argValues;
 }