/****************************************************************************
The contents of this file are subject to the Mozilla Public License
Version 1.1 (the "License"); you may not use this file except in
compliance with the License. You may obtain a copy of the License at
http://www.mozilla.org/MPL/
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
the specific language governing rights and limitations under the License.
The Original Code is TEAM Engine.
The Initial Developer of the Original Code is Northrop Grumman Corporation
jointly with The National Technology Alliance. Portions created by
Northrop Grumman Corporation are Copyright (C) 2005-2006, Northrop
Grumman Corporation. All Rights Reserved.
Contributor(s):
C. Heazel (WiSC): Added Fortify adjudication changes
****************************************************************************/
package com.occamlab.te.web;
import java.io.File;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.XMLConstants; // Addition for Fortify modifications
import com.occamlab.te.util.Misc;
/**
* Handles (GET) requests to view a test case specification (from the test
* summary report).
*
*/
public class ViewTestServlet extends HttpServlet {
private static final long serialVersionUID = -1396673675342836097L;
Templates viewTestTemplates;
public void init() throws ServletException {
try {
File stylesheet = Misc
.getResourceAsFile("com/occamlab/te/web/viewtest.xsl");
// Fortify Mod: prevent external entity injection
TransformerFactory tf = TransformerFactory.newInstance();
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
viewTestTemplates = tf.newTemplates(new StreamSource(stylesheet));
// viewTestTemplates = TransformerFactory.newInstance().newTemplates(
// new StreamSource(stylesheet));
} catch (Exception e) {
throw new ServletException(e);
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException {
try {
File file = new File(request.getParameter("file"));
Transformer t = viewTestTemplates.newTransformer();
t.setParameter("namespace-uri", request.getParameter("namespace"));
t.setParameter("local-name", request.getParameter("name"));
URL url = new URL(request.getScheme(), request.getServerName(),
request.getServerPort(), request.getContextPath());
t.setParameter("baseURL", url.toString());
t.setParameter("user", request.getRemoteUser());
t.transform(new StreamSource(file),
new StreamResult(response.getOutputStream()));
} catch (Exception e) {
throw new ServletException(e);
}
}
}