WW-4429 Adds additional tests to cover unsecure access
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f4918d1e Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f4918d1e Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f4918d1e Branch: refs/heads/master Commit: f4918d1e2fc254a4805963ffa91c6f7c5f5e5988 Parents: 095018c Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Fri Dec 26 20:49:26 2014 +0100 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Fri Dec 26 20:49:26 2014 +0100 ---------------------------------------------------------------------- .../xwork2/ognl/SecurityMemberAccessTest.java | 26 ++++++++++++++++++++ 1 file changed, 26 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/f4918d1e/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java index 11ff9d0..69dceca 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java @@ -229,6 +229,32 @@ public class SecurityMemberAccessTest extends TestCase { assertFalse("Access to static isn't blocked!", actual); } + public void testBlockStaticAccessIfClassIsExcluded() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + sma.setExcludedClasses(new HashSet<Class<?>>(Arrays.<Class<?>>asList(Class.class))); + + // when + Member method = Class.class.getMethod("getClassLoader"); + boolean actual = sma.isAccessible(context, Class.class, method, null); + + // then + assertFalse("Access to static method of excluded class isn't blocked!", actual); + } + + public void testAllowStaticAccessIfClassIsNotExcluded() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + sma.setExcludedClasses(new HashSet<Class<?>>(Arrays.<Class<?>>asList(ClassLoader.class))); + + // when + Member method = Class.class.getMethod("getClassLoader"); + boolean actual = sma.isAccessible(context, Class.class, method, null); + + // then + assertTrue("Invalid test! Access to static method of excluded class is blocked!", actual); + } + } class FooBar implements FooBarInterface {
