zervo/seb-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBSERV-114 fix by escaping chars for XML

Browse source
This commit is contained in:
anhefti 2020-04-14 14:10:26 +02:00
parent 05c02d30b7
commit 7c402c7a46
1 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/converter/StringConverter.java
View file

@ -16,19 +16,20 @@ import java.util.HashSet;
import java.util.Set; import java.util.Set;
import java.util.function.Function; import java.util.function.Function;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.webservice.servicelayer.client.ClientCredentialService;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
import org.springframework.context.annotation.Lazy; import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import ch.ethz.seb.sebserver.gbl.Constants;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.AttributeType; import ch.ethz.seb.sebserver.gbl.model.sebconfig.AttributeType;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationAttribute; import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationAttribute;
import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationValue; import ch.ethz.seb.sebserver.gbl.model.sebconfig.ConfigurationValue;
import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile; import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
import ch.ethz.seb.sebserver.gbl.util.Utils; import ch.ethz.seb.sebserver.gbl.util.Utils;
import ch.ethz.seb.sebserver.webservice.servicelayer.client.ClientCredentialService;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.AttributeValueConverter; import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.AttributeValueConverter;
import ch.ethz.seb.sebserver.webservice.servicelayer.sebconfig.impl.ExamConfigXMLParser;
@Lazy @Lazy
@Component @Component
@ -43,8 +44,6 @@ public class StringConverter implements AttributeValueConverter {
AttributeType.DECIMAL, AttributeType.DECIMAL,
AttributeType.COMBO_SELECTION))); AttributeType.COMBO_SELECTION)));
private static final String XML_TEMPLATE = "<key>%s</key><string>%s</string>"; private static final String XML_TEMPLATE = "<key>%s</key><string>%s</string>";
private static final String XML_TEMPLATE_EMPTY = "<key>%s</key><string />"; private static final String XML_TEMPLATE_EMPTY = "<key>%s</key><string />";
@ -95,8 +94,10 @@ public class StringConverter implements AttributeValueConverter {
final String template, final String template,
final String emptyTemplate) throws IOException { final String emptyTemplate) throws IOException {
final String val = (value != null && value.value != null) ? value.value : attribute.getDefaultValue(); final String val = StringEscapeUtils.escapeXml10((value != null && value.value != null)
String realName = AttributeValueConverter.extractName(attribute); ? value.value
: attribute.getDefaultValue());
final String realName = AttributeValueConverter.extractName(attribute);
if (StringUtils.isNotBlank(val)) { if (StringUtils.isNotBlank(val)) {
out.write(Utils.toByteArray(String.format( out.write(Utils.toByteArray(String.format(
template, template,
@ -123,7 +124,7 @@ public class StringConverter implements AttributeValueConverter {
// decrypt internally encrypted password and hash it for export // decrypt internally encrypted password and hash it for export
// NOTE: see special case description in ExamConfigXMLParser.createConfigurationValue // NOTE: see special case description in ExamConfigXMLParser.createConfigurationValue
String plainText = this.clientCredentialService.decrypt(value).toString(); final String plainText = this.clientCredentialService.decrypt(value).toString();
if (plainText.endsWith(Constants.IMPORTED_PASSWORD_MARKER)) { if (plainText.endsWith(Constants.IMPORTED_PASSWORD_MARKER)) {
return plainText.replace(Constants.IMPORTED_PASSWORD_MARKER, StringUtils.EMPTY); return plainText.replace(Constants.IMPORTED_PASSWORD_MARKER, StringUtils.EMPTY);
} else { } else {