Additional use cases to check method access
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ee3c8d56 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ee3c8d56 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ee3c8d56 Branch: refs/heads/feature/exclude-object-class Commit: ee3c8d5630b077e2f2708bc4cbeeb933150a71fe Parents: 53fb5ba Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Thu May 1 09:40:33 2014 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Thu May 1 09:40:33 2014 +0200 ---------------------------------------------------------------------- .../opensymphony/xwork2/ognl/OgnlUtilTest.java | 54 ++++++++++++++++++++ 1 file changed, 54 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/ee3c8d56/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java index d471183..98ff671 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java @@ -685,6 +685,24 @@ public class OgnlUtilTest extends XWorkTestCase { assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]"); } + public void testAvoidCallingMethodsOnObjectClassAsMap2() throws Exception { + Foo foo = new Foo(); + OgnlUtil util = new OgnlUtil(); + util.setEnableExpressionCache("false"); + util.setExcludedProperties("class"); + + Exception expected = null; + try { + util.setValue("model['class']['classLoader']['defaultAssertionStatus']", ActionContext.getContext().getContextMap(), foo, true); + fail(); + } catch (OgnlException e) { + expected = e; + } + assertNotNull(expected); + assertSame(expected.getClass(), OgnlException.class); + assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]"); + } + public void testAvoidCallingMethodsOnObjectClassAsMapWithQuotes() throws Exception { Foo foo = new Foo(); OgnlUtil util = new OgnlUtil(); @@ -721,6 +739,42 @@ public class OgnlUtilTest extends XWorkTestCase { assertEquals(expected.getMessage(), "Tree [toString] trying access excluded pattern [toString]"); } + public void testAvoidCallingMethodsWithBraces() throws Exception { + Foo foo = new Foo(); + OgnlUtil util = new OgnlUtil(); + util.setEnableExpressionCache("false"); + util.setExcludedProperties("toString"); + + Exception expected = null; + try { + util.setValue("toString()", ActionContext.getContext().getContextMap(), foo, true); + fail(); + } catch (OgnlException e) { + expected = e; + } + assertNotNull(expected); + assertSame(expected.getClass(), OgnlException.class); + assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]"); + } + + public void testAvoidCallingSomeClasses() throws Exception { + Foo foo = new Foo(); + OgnlUtil util = new OgnlUtil(); + util.setEnableExpressionCache("false"); + util.setExcludedProperties("Runtime"); + + Exception expected = null; + try { + util.setValue("@java.lang.Runtime@getRuntime().exec('mate')", ActionContext.getContext().getContextMap(), foo, true); + fail(); + } catch (OgnlException e) { + expected = e; + } + assertNotNull(expected); + assertSame(expected.getClass(), OgnlException.class); + assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]"); + } + public static class Email { String address;
