[Building Sakai] samigo unable to create test using markup

Sanghyun Jeon euksa99 at gmail.com
Thu Mar 28 11:33:56 PDT 2013 

Sakai 2.7. has the same security issue, and that was the reason we need to
apply this patch. I already advised our instructor to use assessment
builder option, but he refused to do that, since it requires to copy more
than 500 questions for each test manually.
Do you have a better idea for this issue (avoid copying more than 500
questions)?

I tried to apply some fixes on this issue and now we have the below error
before NPE and I think Sakai 2.8 probably support this, but Sakai 2.7 does
not.....

2013-03-28 11:16:26,568 ERROR http-8443-Processor22
org.sakaiproject.tool.assessment.qti.util.XmlUtil -
jaxp_feature_not_supported: Feature "
http://xml.org/sax/features/external-general-entities" is not supported.
javax.xml.parsers.ParserConfigurationException: jaxp_feature_not_supported:
Feature "http://xml.org/sax/features/external-general-entities" is not
supported.
        at
com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl.setFeature(DocumentBuilderFactoryImpl.java:207)
        at
org.sakaiproject.tool.assessment.qti.util.XmlUtil.setDocumentBuilderFactoryFeatures(XmlUtil.java:101)
        at
org.sakaiproject.tool.assessment.qti.util.XmlUtil.readDocument(XmlUtil.java:212)
        at
org.sakaiproject.tool.assessment.qti.helper.ExtractionHelper.getTransformDocument(ExtractionHelper.java:193)
        at
org.sakaiproject.tool.assessment.qti.helper.ExtractionHelper.map(ExtractionHelper.java:247)
        at
org.sakaiproject.tool.assessment.qti.helper.ExtractionHelper.mapAssessment(ExtractionHelper.java:204)
        at
org.sakaiproject.tool.assessment.qti.helper.AuthoringHelper.createImportedAssessment(AuthoringHelper.java:491)
        at
org.sakaiproject.tool.assessment.services.qti.QTIService.createImportedAssessment(QTIService.java:76)
        at
org.sakaiproject.tool.assessment.ui.listener.samlite.AssessmentListener.createImportedAssessment(AssessmentListener.java:48)
        at
org.sakaiproject.tool.assessment.ui.listener.samlite.AssessmentListener.processAction(AssessmentListener.java:29)
        at
javax.faces.event.ActionEvent.processListener(ActionEvent.java:57)
        at
javax.faces.component.UIComponentBase.broadcast(UIComponentBase.java:649)
        at javax.faces.component.UICommand.broadcast(UICommand.java:297)
        at
javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:267)
        at
javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:381)
        at
com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:75)
        at
com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200)
        at
com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:90)
        at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at
org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:580)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
        at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
        at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:399)
        at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
        at
org.sakaiproject.jsf.util.SamigoJsfTool.dispatch(SamigoJsfTool.java:301)
        at org.sakaiproject.jsf.util.JsfTool.doPost(JsfTool.java:256)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
        at
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:461)
        at
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:364)
        at
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301)
        at
org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:500)
        at
org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1216)
        at
org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
        at
org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)


On Thu, Mar 28, 2013 at 11:10 AM, Karen Tsao <ktsao at stanford.edu> wrote:

> Hi Sanghyun,
>
> This is a tough question. I really have no good answer for you.
>
> Can the instruction use the assessment builder to create the assessment?
> It he agrees to do that, then you can keep the patch.
>
> By the way, have you tried to reproduce the XXE injection issue in your
> environment? Although this should be an existing issue for a long time, it
> is worth to confirm it in 2.7 environment. Because if this is not an issue
> in 2.7, we don't need to worry about this patch.
>
> Thanks,
> Karen
>
>
> On Wed, Mar 27, 2013 at 9:38 PM, Sanghyun Jeon <euksa99 at gmail.com> wrote:
>
>> Karen,
>>
>> Can I have your opinion on which you would choose between security patch
>> and markup text functionality?
>>
>> S
>>
>>
>>
>> On Wed, Mar 27, 2013 at 9:06 PM, Sanghyun Jeon <euksa99 at gmail.com> wrote:
>>
>>> Thank you for your reply.  I reached the same conclusion when I reverted
>>> our war files one by one on our development instance this afternoon.
>>> However, I hesitated to remove  this security patch, so that I informed our
>>> user our current situation, because I did not have a fix/patch without
>>> reverting this security patch and our user wanted me to fix this markup
>>> text feature by today. I am wondering whether you have one...
>>>
>>>  I'd appreciated any help or suggestions you may have.
>>>
>>>
>>> S
>>>
>>>
>>>
>>> On Mar 27, 2013 3:45 PM, "Karen Tsao" <ktsao at stanford.edu> wrote:
>>>
>>>> Out of the three patches, I think most likely SAM-2041 is the one
>>>> causing your error. Do you want to revert it and see if you can create
>>>> exam using markup text?
>>>>
>>>> Thanks,
>>>> Karen
>>>>
>>>>
>>>> On Wed, Mar 27, 2013 at 3:35 PM, Sanghyun Jeon <euksa99 at gmail.com>wrote:
>>>>
>>>>> Hello again,
>>>>>
>>>>> I have a faculty to schedule his test tomorrow and he is waiting for
>>>>> my fix....
>>>>>
>>>>> Any information would be helpful..
>>>>>
>>>>> S
>>>>>
>>>>> On Wed, Mar 27, 2013 at 1:42 PM, Sanghyun Jeon <euksa99 at gmail.com>wrote:
>>>>>
>>>>>> Hello All,
>>>>>>
>>>>>> We are using samigo 2.7.0 in sakai2.7.0 We are experiencing unable to
>>>>>> create test using markup text.
>>>>>>
>>>>>> Steps to reproduce:
>>>>>>
>>>>>>
>>>>>>
>>>>>> 1)Login as instructor/admin
>>>>>>
>>>>>> 2)Samigo < create using markup text
>>>>>>
>>>>>> 3)Copy and paste questions from the examples 4)Create assessment
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Then user received " An unexpected error has occurred" on his/her
>>>>>> webpage and tomcat log complained about nullpointexception.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Attached is our bug report which is almost the same as our tomcat log.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Our current samigo is generic 2.7.0 with SAM-2041, SAM-924, and SAM
>>>>>> 1126 patch. I can tell it worked before these patches...because when we
>>>>>> revert old samgio war file without patches, this feature
>>>>>>
>>>>>> Is working...
>>>>>>
>>>>>>
>>>>>>
>>>>>> Looks like Nullpointexception occurs on
>>>>>>
>>>>>> at
>>>>>> org.sakaiproject.tool.assessment.ui.listener.samlite.AssessmentListener.createImportedAssessment(AssessmentListener.java:45)
>>>>>>
>>>>>>     at
>>>>>> org.sakaiproject.tool.assessment.ui.listener.samlite.AssessmentListener.processAction(AssessmentListener.java:26)
>>>>>>
>>>>>>
>>>>>>
>>>>>> However, I cannot find the patch to fix this problem.
>>>>>>
>>>>>> Would you minding  shedding some light on this problem?
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you in advance.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sanghyun
>>>>>>
>>>>>
>>>>>
>>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20130328/a2e717a5/attachment.html

More information about the sakai-dev mailing list