This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 08253299599394c15111bf0f48ce04bd4eced89d
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Wed Nov 15 00:18:48 2023 +1100
WW-5343 Extract ConfigParseUtil
---
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 59 -----------------
.../opensymphony/xwork2/util/ConfigParseUtil.java | 77 ++++++++++++++++++++++
2 files changed, 77 insertions(+), 59 deletions(-)
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 1f019f64a..bbcf3bdff 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -185,30 +185,6 @@ public class OgnlUtil {
devModeExcludedClasses = toNewClassesSet(devModeExcludedClasses,
commaDelimitedClasses);
}
- private static Set<String> toClassesSet(String newDelimitedClasses) throws
ConfigurationException {
- Set<String> classNames =
commaDelimitedStringToSet(newDelimitedClasses);
- validateClasses(classNames, OgnlUtil.class.getClassLoader());
- return unmodifiableSet(classNames);
- }
-
- private static Set<String> toNewClassesSet(Set<String> oldClasses, String
newDelimitedClasses) throws ConfigurationException {
- Set<String> classNames =
commaDelimitedStringToSet(newDelimitedClasses);
- validateClasses(classNames, OgnlUtil.class.getClassLoader());
- Set<String> excludedClasses = new HashSet<>(oldClasses);
- excludedClasses.addAll(classNames);
- return unmodifiableSet(excludedClasses);
- }
-
- private static void validateClasses(Set<String> classNames, ClassLoader
validatingClassLoader) throws ConfigurationException {
- for (String className : classNames) {
- try {
- validatingClassLoader.loadClass(className);
- } catch (ClassNotFoundException e) {
- throw new ConfigurationException("Cannot load class for
exclusion/exemption configuration: " + className, e);
- }
- }
- }
-
@Inject(value = StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS,
required = false)
protected void setExcludedPackageNamePatterns(String
commaDelimitedPackagePatterns) {
excludedPackageNamePatterns =
toNewPatternsSet(excludedPackageNamePatterns, commaDelimitedPackagePatterns);
@@ -219,19 +195,6 @@ public class OgnlUtil {
devModeExcludedPackageNamePatterns =
toNewPatternsSet(devModeExcludedPackageNamePatterns,
commaDelimitedPackagePatterns);
}
- private static Set<Pattern> toNewPatternsSet(Set<Pattern> oldPatterns,
String newDelimitedPatterns) throws ConfigurationException {
- Set<String> patterns = commaDelimitedStringToSet(newDelimitedPatterns);
- Set<Pattern> newPatterns = new HashSet<>(oldPatterns);
- for (String pattern: patterns) {
- try {
- newPatterns.add(Pattern.compile(pattern));
- } catch (PatternSyntaxException e) {
- throw new ConfigurationException("Excluded package name
patterns could not be parsed due to invalid regex: " + pattern, e);
- }
- }
- return unmodifiableSet(newPatterns);
- }
-
@Inject(value = StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAMES, required =
false)
protected void setExcludedPackageNames(String commaDelimitedPackageNames) {
excludedPackageNames = toNewPackageNamesSet(excludedPackageNames,
commaDelimitedPackageNames);
@@ -242,28 +205,6 @@ public class OgnlUtil {
devModeExcludedPackageNames =
toNewPackageNamesSet(devModeExcludedPackageNames, commaDelimitedPackageNames);
}
- private static Set<String> toPackageNamesSet(String
newDelimitedPackageNames) throws ConfigurationException {
- Set<String> packageNames =
commaDelimitedStringToSet(newDelimitedPackageNames)
- .stream().map(s -> strip(s, ".")).collect(toSet());
- validatePackageNames(packageNames);
- return unmodifiableSet(packageNames);
- }
-
- private static Set<String> toNewPackageNamesSet(Collection<String>
oldPackageNames, String newDelimitedPackageNames) throws ConfigurationException
{
- Set<String> packageNames =
commaDelimitedStringToSet(newDelimitedPackageNames)
- .stream().map(s -> strip(s, ".")).collect(toSet());
- validatePackageNames(packageNames);
- Set<String> newPackageNames = new HashSet<>(oldPackageNames);
- newPackageNames.addAll(packageNames);
- return unmodifiableSet(newPackageNames);
- }
-
- private static void validatePackageNames(Collection<String> packageNames) {
- if (packageNames.stream().anyMatch(s ->
Pattern.compile("\\s").matcher(s).find())) {
- throw new ConfigurationException("Excluded package names could not
be parsed due to erroneous whitespace characters: " + packageNames);
- }
- }
-
@Inject(value = StrutsConstants.STRUTS_EXCLUDED_PACKAGE_EXEMPT_CLASSES,
required = false)
public void setExcludedPackageExemptClasses(String commaDelimitedClasses) {
excludedPackageExemptClasses = toClassesSet(commaDelimitedClasses);
diff --git
a/core/src/main/java/com/opensymphony/xwork2/util/ConfigParseUtil.java
b/core/src/main/java/com/opensymphony/xwork2/util/ConfigParseUtil.java
new file mode 100644
index 000000000..3b7028db1
--- /dev/null
+++ b/core/src/main/java/com/opensymphony/xwork2/util/ConfigParseUtil.java
@@ -0,0 +1,77 @@
+package com.opensymphony.xwork2.util;
+
+import com.opensymphony.xwork2.config.ConfigurationException;
+import com.opensymphony.xwork2.ognl.OgnlUtil;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+import static
com.opensymphony.xwork2.util.TextParseUtil.commaDelimitedStringToSet;
+import static java.util.Collections.unmodifiableSet;
+import static java.util.stream.Collectors.toSet;
+import static org.apache.commons.lang3.StringUtils.strip;
+
+public class ConfigParseUtil {
+
+ public static Set<String> toClassesSet(String newDelimitedClasses) throws
ConfigurationException {
+ Set<String> classNames =
commaDelimitedStringToSet(newDelimitedClasses);
+ validateClasses(classNames, OgnlUtil.class.getClassLoader());
+ return unmodifiableSet(classNames);
+ }
+
+ public static Set<String> toNewClassesSet(Set<String> oldClasses, String
newDelimitedClasses) throws ConfigurationException {
+ Set<String> classNames =
commaDelimitedStringToSet(newDelimitedClasses);
+ validateClasses(classNames, OgnlUtil.class.getClassLoader());
+ Set<String> excludedClasses = new HashSet<>(oldClasses);
+ excludedClasses.addAll(classNames);
+ return unmodifiableSet(excludedClasses);
+ }
+
+ public static Set<Pattern> toNewPatternsSet(Set<Pattern> oldPatterns,
String newDelimitedPatterns) throws ConfigurationException {
+ Set<String> patterns = commaDelimitedStringToSet(newDelimitedPatterns);
+ Set<Pattern> newPatterns = new HashSet<>(oldPatterns);
+ for (String pattern: patterns) {
+ try {
+ newPatterns.add(Pattern.compile(pattern));
+ } catch (PatternSyntaxException e) {
+ throw new ConfigurationException("Excluded package name
patterns could not be parsed due to invalid regex: " + pattern, e);
+ }
+ }
+ return unmodifiableSet(newPatterns);
+ }
+
+ public static void validateClasses(Set<String> classNames, ClassLoader
validatingClassLoader) throws ConfigurationException {
+ for (String className : classNames) {
+ try {
+ validatingClassLoader.loadClass(className);
+ } catch (ClassNotFoundException e) {
+ throw new ConfigurationException("Cannot load class for
exclusion/exemption configuration: " + className, e);
+ }
+ }
+ }
+
+ public static Set<String> toPackageNamesSet(String
newDelimitedPackageNames) throws ConfigurationException {
+ Set<String> packageNames =
commaDelimitedStringToSet(newDelimitedPackageNames)
+ .stream().map(s -> strip(s, ".")).collect(toSet());
+ validatePackageNames(packageNames);
+ return unmodifiableSet(packageNames);
+ }
+
+ public static Set<String> toNewPackageNamesSet(Collection<String>
oldPackageNames, String newDelimitedPackageNames) throws ConfigurationException
{
+ Set<String> packageNames =
commaDelimitedStringToSet(newDelimitedPackageNames)
+ .stream().map(s -> strip(s, ".")).collect(toSet());
+ validatePackageNames(packageNames);
+ Set<String> newPackageNames = new HashSet<>(oldPackageNames);
+ newPackageNames.addAll(packageNames);
+ return unmodifiableSet(newPackageNames);
+ }
+
+ public static void validatePackageNames(Collection<String> packageNames) {
+ if (packageNames.stream().anyMatch(s ->
Pattern.compile("\\s").matcher(s).find())) {
+ throw new ConfigurationException("Excluded package names could not
be parsed due to erroneous whitespace characters: " + packageNames);
+ }
+ }
+}
