added whitelist handler to correct any data incorrectly sanitized bef…

…ore whitelist in place.
redbox-mint · Sep 27, 2018 · 16b8653 · 16b8653
1 parent ed2d2f1
commit 16b8653
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/config/src/main/config/home/restore/redboxMigration1.9.py b/config/src/main/config/home/restore/redboxMigration1.9.py
@@ -10,6 +10,7 @@
 from org.apache.commons.lang import StringUtils
 from org.joda.time import DateTime, DateTimeZone
 from com.googlecode.fascinator.portal.services import OwaspSanitizer
+from java.util import Arrays, Collections
 
 
 class MigrateData:
@@ -55,6 +56,8 @@ def __activate__(self, bindings):
                 # add new keys if not present
                 self.injectFreshKeys()
 
+                self.handleOwaspWhitelist()
+
                 # # save the package data...
                 self.__savePackageData()
 
@@ -117,10 +120,10 @@ def setDescriptionShadow(self):
             ## no tags are added to wysiwyg until user interacts with wysiwyg editor
             unescapedDescription = ""
             escapedDescription = ""
-            rawDescription = StringUtils.defaultString(deprecated_description)
+            rawDescription = StringUtils.defaultString("%s" % deprecated_description)
             ## sanitize the incoming description
             self.log.debug("raw deprecated description is: %s" % rawDescription)
-            sanitizedDescription = OwaspSanitizer.sanitizeHtml(rawDescription)
+            sanitizedDescription = OwaspSanitizer.sanitizeHtml("dc:description.1.text", rawDescription)
             if (sanitizedDescription):
                 # not completely accurate for checking for tags but ensures a style consistent with wysiwyg editor
                 if re.search("^<p>.*</p>|^&lt;p&gt;.*&lt;\/p&gt;", sanitizedDescription):
@@ -185,6 +188,19 @@ def injectFreshKeys(self):
             else:
                 self.log.info("skipping fresh key: %s as it already exists" % freshKey)
 
+    def handleOwaspWhitelist(self):
+        whitelist = OwaspSanitizer.whitelist
+        self.log.debug("have whitelist: %s" % whitelist.toString())
+        for field in whitelist.toArray():
+            value = self.getPackageJson().get(field)
+            if value:
+                unescaped = StringEscapeUtils.unescapeHtml("%s" % value)
+                self.log.debug("Unescaped field: %s from: %s to: %s" % (field, value, unescaped))
+                if unescaped:
+                    self.getPackageJson().put(field, unescaped)
+                else:
+                    self.log.warning("Failed to unescape field: %s from: %s" % (field, value))
+
     def getPackageJson(self):
         return self.packageData.getJsonObject()