Irvin Wilson <mailto:[email protected]>
Tuesday, November 04, 2014 12:20 PM
I was looking to add latest versions of esapi and antiSamy to an app
running on ACF9. I have it working now but isn't really proper
probably. In my mind these functions were "helpers" so I had them set
up external to MG. Now that I have them in Coldspring I have to
reference them with a _modelglue.GetBean approach (or so I believe).
Anyway it's pretty much at the controller level where these get
called in order to scrub and format input and output that originated
from the user. I've got one spot where the model uses esapi in order
to format some stored text for output in the email. Maybe these
functions should have been in a section in the model...
On Monday, November 3, 2014 11:48:21 AM UTC-7, Dan Wilson -
[email protected] wrote:
--
--
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en
---
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
Dan Wilson <mailto:[email protected]>
Monday, November 03, 2014 1:48 PM
Interesting. Did you add the OWASP code to your web application? I
don't think Model Glue does that internally
DW
Irvin Wilson <mailto:[email protected]>
Monday, November 03, 2014 1:32 PM
I fired onSessionEnd manually and trapped
<cfset var componentMetadata = getMetadata( arguments.instance ) />
<cfset var scope = componentMetadata.extends />
since it was componentMetadata.extends that was breaking. This is
what I get. Not sure if same as session expiring naturally? That
said, it sorta makes sense now but not sure what to do about it.
Results of the following:
<cfdump var=#arguments.type# label="type" />
<cfdump var=#instance# label="instance" />
<cfdump var=#componentMetadata# abort="true" label="componentMetadata" />
ModelGlue.gesture.ModelGlue
instance - object of org.owasp.esapi.ESAPI
Class Name org.owasp.esapi.ESAPI
Methods
Method Return Type
accessController() org.owasp.esapi.AccessController
authenticator() org.owasp.esapi.Authenticator
clearCurrent() void
currentRequest() javax.servlet.http.HttpServletRequest
currentResponse() javax.servlet.http.HttpServletResponse
encoder() org.owasp.esapi.Encoder
encryptor() org.owasp.esapi.Encryptor
executor() org.owasp.esapi.Executor
getLogger(java.lang.Class) org.owasp.esapi.Logger
getLogger(java.lang.String) org.owasp.esapi.Logger
httpUtilities() org.owasp.esapi.HTTPUtilities
initialize(java.lang.String) java.lang.String
intrusionDetector() org.owasp.esapi.IntrusionDetector
log() org.owasp.esapi.Logger
override(org.owasp.esapi.SecurityConfiguration) void
randomizer() org.owasp.esapi.Randomizer
securityConfiguration() org.owasp.esapi.SecurityConfiguration
validator() org.owasp.esapi.Validator
componentMetadata - object of java.lang.Class
Class Name java.lang.Class
Methods
Method Return Type
asSubclass(java.lang.Class) java.lang.Class
cast(java.lang.Object) java.lang.Object
desiredAssertionStatus() boolean
forName(java.lang.String, boolean, java.lang.ClassLoader) java.lang.Class
forName(java.lang.String) java.lang.Class
getAnnotation(java.lang.Class) java.lang.annotation.Annotation
getAnnotations() java.lang.annotation.Annotation[]
getCanonicalName() java.lang.String
getClassLoader() java.lang.ClassLoader
getClasses() java.lang.Class[]
getComponentType() java.lang.Class
getConstructor(java.lang.Class[]) java.lang.reflect.Constructor
getConstructors() java.lang.reflect.Constructor[]
getDeclaredAnnotations() java.lang.annotation.Annotation[]
getDeclaredClasses() java.lang.Class[]
getDeclaredConstructor(java.lang.Class[]) java.lang.reflect.Constructor
getDeclaredConstructors() java.lang.reflect.Constructor[]
getDeclaredField(java.lang.String) java.lang.reflect.Field
getDeclaredFields() java.lang.reflect.Field[]
getDeclaredMethod(java.lang.String, java.lang.Class[])
java.lang.reflect.Method
getDeclaredMethods() java.lang.reflect.Method[]
getDeclaringClass() java.lang.Class
getEnclosingClass() java.lang.Class
getEnclosingConstructor() java.lang.reflect.Constructor
getEnclosingMethod() java.lang.reflect.Method
getEnumConstants() java.lang.Object[]
getField(java.lang.String) java.lang.reflect.Field
getFields() java.lang.reflect.Field[]
getGenericInterfaces() java.lang.reflect.Type[]
getGenericSuperclass() java.lang.reflect.Type
getInterfaces() java.lang.Class[]
getMethod(java.lang.String, java.lang.Class[]) java.lang.reflect.Method
getMethods() java.lang.reflect.Method[]
getModifiers() int
getName() java.lang.String
getPackage() java.lang.Package
getProtectionDomain() java.security.ProtectionDomain
getResource(java.lang.String) java.net.URL
getResourceAsStream(java.lang.String) java.io.InputStream
getSigners() java.lang.Object[]
getSimpleName() java.lang.String
getSuperclass() java.lang.Class
getTypeParameters() java.lang.reflect.TypeVariable[]
isAnnotation() boolean
isAnnotationPresent(java.lang.Class) boolean
isAnonymousClass() boolean
isArray() boolean
isAssignableFrom(java.lang.Class) boolean
isEnum() boolean
isInstance(java.lang.Object) boolean
isInterface() boolean
isLocalClass() boolean
isMemberClass() boolean
isPrimitive() boolean
isSynthetic() boolean
newInstance() java.lang.Object
toString() java.lang.String
--
--
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en
---
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
Dan Wilson <mailto:[email protected]>
Monday, November 03, 2014 12:49 PM
Trap the error and find out what this variable contains:
scope[key]
in this line in ModelGlueFrameworkLocator .findInScope()
<cfif isObject(scope[key]) and isTypeOf(
"ModelGlue.gesture.ModelGlue", scope[key] )>
DW
Irvin Wilson <mailto:[email protected]>
Monday, November 03, 2014 12:16 PM
In Application.cfc I have
<cffunction name="onSessionEnd" output="false">
<cfargument name="sessionScope" type="struct" required="true">
<cfargument name="appScope" type="struct" required="false">
<cfset invokeSessionEvent("modelglue.onSessionEnd",
arguments.sessionScope, appScope) />
</cffunction>
<cffunction name="invokeSessionEvent" output="false" access="private">
<cfargument name="eventName" />
<cfargument name="sessionScope" />
<cfargument name="appScope" />
<cfset var mgInstances = createObject("component",
"ModelGlue.Util.ModelGlueFrameworkLocator").findInScope(appScope) />
<cfset var values = structNew() />
<cfset var i = "" />
<cfset values.sessionScope = arguments.sessionScope />
<cfloop from="1" to="#arrayLen(mgInstances)#" index="i">
<cfset mgInstances[i].executeEvent(arguments.eventName, values) />
</cfloop>
</cffunction>
ModelGlueFrameworkLocator then has....
<cffunction name="findInScope" output="false" returntype="array"
hint="Finds all or specific instances of Model-Glue within a given
scope (or any struct, for that matter).">
<cfargument name="scope" type="struct" required="true" />
<cfargument name="scopeKey" type="string" required="false" />
<cfset var key = "" />
<cfset var mgInstance = "" />
<cfset var result = arrayNew(1) />
<!--- Find ModelGlue instances in the application scope. --->
<cfloop collection="#scope#" item="key">
<cfif isObject(scope[key]) and isTypeOf(
"ModelGlue.gesture.ModelGlue", scope[key] )>
<cfif not structKeyExists(arguments, "scopeKey") or arguments.scopeKey
eq key>
<cfset arrayAppend(result, scope[key]) />
</cfif>
</cfif>
</cfloop>
<cfreturn result />
</cffunction>
<!--- This could be refactored for isInstanceOf once we drop CF7
support. --->
<cffunction name="isTypeOf" output="false" access="public"
returntype="any" hint="I check to see if this component extends
another component somewhere in the inheritance chain">
<cfargument name="type" type="string" required="true"/>
<cfargument name="instance" type="any" required="true"/>
<cfset var componentMetadata = getMetadata( arguments.instance ) />
<cfset var scope = componentMetadata.extends />
<!--- Maybe the component is the component we want --->
<cfif listFindNoCase( "#arguments.type#,#scope.name#",
componentMetadata.name ) GT 0>
<cfreturn true />
</cfif>
<!--- Ok, maybe it extends the component we want, so we'll rip over
the metadata until we either find it, or hit the end of the road --->
<cfloop condition="true">
<!--- Check to see if this go-round has what we are looking for --->
<cfif scope.name IS arguments.type>
<cfreturn true />
<!--- Put the defensive position here so we don't spiral out of
control. No more EXTENDS structs means the end of the inheritance tree
--->
<cfelseif structKeyExists( scope, "extends") IS false>
<cfreturn false />
</cfif>
<!--- Set the scope to the next struct and let's spin the wheel again --->
<cfset scope = scope.extends />
</cfloop>
</cffunction>
So I guess the real question is why wouldn't getMetadata(
arguments.instance ) have an "extends"? Adobe says "Metadata for
the component’s ancestor component. Components that do not explicitly
extend another component extend the WEB-INF.cftags.component."
--
--
Model-Glue Sites:
Home Page: http://www.model-glue.com
Documentation: http://docs.model-glue.com
Bug Tracker: http://bugs.model-glue.com
Blog: http://www.model-glue.com/blog
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/model-glue?hl=en
---
You received this message because you are subscribed to the Google
Groups "model-glue" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
For more options, visit https://groups.google.com/d/optout.
