ViewLogServlet.java

/****************************************************************************

 The contents of this file are subject to the Mozilla Public License
 Version 1.1 (the "License"); you may not use this file except in
 compliance with the License. You may obtain a copy of the License at
 http://www.mozilla.org/MPL/ 

 Software distributed under the License is distributed on an "AS IS" basis,
 WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
 the specific language governing rights and limitations under the License. 

 The Original Code is TEAM Engine.

 The Initial Developer of the Original Code is Northrop Grumman Corporation
 jointly with The National Technology Alliance.  Portions created by
 Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop
 Grumman Corporation. All Rights Reserved.

 Contributor(s): 
 	C. Heazel (WiSC): Added Fortify adjudication changes

 ****************************************************************************/
package com.occamlab.te.web;

import java.io.File;
import java.io.OutputStreamWriter;
import java.util.ArrayList;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.Templates;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamSource;
import javax.xml.XMLConstants; // Addition for Fortify modifications

import com.occamlab.te.ViewLog;
import com.occamlab.te.util.Misc;

/**
 * Processes (GET method) requests to view a test log.
 * 
 */
public class ViewLogServlet extends HttpServlet {

    private static final long serialVersionUID = 2891486945236875019L;

    Config conf;

    Templates viewLogTemplates;

    public void init() throws ServletException {
        try {
            conf = new Config();
            File stylesheet = Misc
                    .getResourceAsFile("com/occamlab/te/web/viewlog.xsl");
            TransformerFactory transformerFactory = TransformerFactory
                    .newInstance();
                // Fortify Mod: prevent external entity injection
            transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
            viewLogTemplates = transformerFactory
                    .newTemplates(new StreamSource(stylesheet));
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }
    }

    public void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException {
        try {
            ArrayList<String> tests = new ArrayList<String>();
            String user = request.getRemoteUser();
            File userlog = new File(conf.getUsersDir(), user);
            String session = request.getParameter("session");
            String test = request.getParameter("test");
            if (test != null) {
                tests.add(test);
            }
            String suiteName=null;
            ViewLog.view_log(suiteName,userlog, session, tests, viewLogTemplates,
                    new OutputStreamWriter(response.getOutputStream()));
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }
}