This is an automated email from the ASF dual-hosted git repository.
kusal pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git
from cf4523fba Bump actions/setup-java from 3 to 4 (#804)
add ebdf01995 WW-5364 Modify XmlDocConfigurationProvider to be able to
load into allowlist
add 1d76bff95 WW-5364 Make allowlist classloader specific
add 198812fe8 WW-5364 Implement provider allowlist
add 3bf3e5f8d WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
add ee442db9e WW-5364 Enable allowlist for showcase
add 39c3e332d WW-5364 Add Struts components to allowlist
add 6657e01f9 WW-5364 Don't throw ConfigurationException on unloadable
action or interceptor classes
add d7df9ce99 WW-5364 Replace some allowlist classes with packages
add 0566a207f Merge branch 'WW-5343-sec-extend' into
WW-5364-populate-allowlist
add d030532d6 WW-5343 Collect bootstrap factories
add 9aff37a83 Merge branch 'master' into WW-5364-populate-allowlist
add 5e33c7f2c WW-5343 Add unit test coverage for ProviderAllowlist
add 16f822a2b WW-5343 Move JUnit4 test case into Struts-core
add a26823386 WW-5343 Add integration tests for ConfigurationProvider
populating ProviderAllowlist
add 589219baa WW-5343 Add missing licenses
add a7d273c1f WW-5343 Make StrutsTestCase extend same package
add 80e83616b Merge pull request #800 from
apache/WW-5364-populate-allowlist
No new revisions were added by this update.
Summary of changes:
apps/showcase/src/main/resources/struts.xml | 13 ++
.../opensymphony/xwork2}/XWorkJUnit4TestCase.java | 3 +-
.../xwork2/config/impl/DefaultConfiguration.java | 101 +++++++------
.../StrutsDefaultConfigurationProvider.java | 167 +++++----------------
.../providers/XmlDocConfigurationProvider.java | 88 +++++++----
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 1 +
.../xwork2/ognl/SecurityMemberAccess.java | 32 +++-
.../opensymphony/xwork2/util/ConfigParseUtil.java | 11 +-
.../org/apache/struts2/ognl/ProviderAllowlist.java | 73 +++++++++
core/src/main/resources/struts-beans.xml | 1 +
core/src/main/resources/struts-default.xml | 2 -
.../src/main/resources/struts-excluded-classes.xml | 12 +-
.../ConfigurationProviderOgnlAllowlistTest.java | 114 ++++++++++++++
.../xwork2/ognl/SecurityMemberAccessTest.java | 9 +-
.../apache/struts2/ognl/ProviderAllowlistTest.java | 88 +++++++++++
...clude-parent.xml => xwork-test-allowlist-2.xml} | 16 +-
...rceptors-basic.xml => xwork-test-allowlist.xml} | 24 +--
.../org/apache/struts2/junit/StrutsTestCase.java | 1 -
.../apache/struts2/junit/XWorkJUnit4TestCase.java | 71 +--------
.../org/apache/struts2/junit/XWorkTestCase.java} | 6 +-
20 files changed, 526 insertions(+), 307 deletions(-)
copy {plugins/junit/src/main/java/org/apache/struts2/junit =>
core/src/main/java/com/opensymphony/xwork2}/XWorkJUnit4TestCase.java (97%)
create mode 100644
core/src/main/java/org/apache/struts2/ognl/ProviderAllowlist.java
create mode 100644
core/src/test/java/com/opensymphony/xwork2/config/providers/ConfigurationProviderOgnlAllowlistTest.java
create mode 100644
core/src/test/java/org/apache/struts2/ognl/ProviderAllowlistTest.java
copy
core/src/test/resources/com/opensymphony/xwork2/config/providers/{xwork-include-parent.xml
=> xwork-test-allowlist-2.xml} (76%)
copy
core/src/test/resources/com/opensymphony/xwork2/config/providers/{xwork-test-interceptors-basic.xml
=> xwork-test-allowlist.xml} (70%)
copy plugins/junit/src/{test/java/org/apache/struts2/junit/MySessionBean.java
=> main/java/org/apache/struts2/junit/XWorkTestCase.java} (90%)
