[CONF] Confluence Changes in the last 24 hours
Confluence Changes in the last 24 hours Apache ActiveMQ Pages Page: Version 5 Initial Configuration edited by Timothy Bish [06:55 PM] (View Changes) Page: TCP Transport Reference edited by Gary Tully [02:18 PM] (View Changes) Apache Airavata Pages Page: GSoC 2014 - Add Security capabilities to Airavata Thrift services and clients (Project Proposal) created by Supun Chathuranga Nakandala [03:14 PM] Apache Ambari Pages Page: View Definition created by Jeff Sposetti [03:14 PM] Page: Views edited by Jeff Sposetti [03:15 PM] (View Changes) Apache Camel Pages Page: CXF edited by Gregor Zurowski [10:14 AM] (View Changes) Page: Splitter edited by Ben O'Day [04:29 AM] (View Changes) Apache Cloudstack Pages Page: Marvin - Testing with Python edited by Santhosh Kumar Edukulla [02:34 PM] (View Changes) Apache CXF Pages Page: Fediz edited by Colm O hEigeartaigh [09:07 AM] (View Changes) Page: Fediz Downloads edited by Colm O hEigeartaigh [09:06 AM] (View Changes) OFBiz Project Administration Workspace Comments Page: Libraries Included in OFBiz has a new comment [ Pierre Smits ] Page: Scaling and Performance Plan has a new comment [ Pierre Smits ] Page: Component and Component Set Dependencies has a new comment [ Pierre Smits ] Apache Roller Pages Page: Apache Roller 5.1 Release edited by Greg Huber [04:25 PM] (View Changes)
git commit: Adds additional classes to be excluded
Repository: struts Updated Branches: refs/heads/feature/exclude-object-class bbcc6014f -> 965428711 Adds additional classes to be excluded Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/96542871 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/96542871 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/96542871 Branch: refs/heads/feature/exclude-object-class Commit: 965428711572ad52d3713b3432ff38e1dd3e9dae Parents: bbcc601 Author: Lukasz Lenart Authored: Wed Jun 18 08:45:56 2014 +0200 Committer: Lukasz Lenart Committed: Wed Jun 18 08:45:56 2014 +0200 -- core/src/main/resources/struts-default.xml | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/96542871/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 49eba90..ea2a631 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -42,13 +42,17 @@ value=" java.lang.Object, java.lang.Runtime, +java.lang.System, +java.lang.Class, +java.lang.ClassLoader, +java.lang.Shutdown, ognl.OgnlContext, ognl.MemberAccess, ognl.ClassResolver, ognl.TypeConverter, com.opensymphony.xwork2.ActionContext" /> - +
[03/50] git commit: Adds conversion of Struts property to XWork property
Adds conversion of Struts property to XWork property
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/aff3a3a6
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/aff3a3a6
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/aff3a3a6
Branch: refs/heads/develop
Commit: aff3a3a625dc89f93f5b6548887245ffd6bba3d3
Parents: 14ad0ab
Author: Lukasz Lenart
Authored: Fri Apr 25 14:59:38 2014 +0200
Committer: Lukasz Lenart
Committed: Fri Apr 25 14:59:38 2014 +0200
--
core/src/main/java/org/apache/struts2/StrutsConstants.java | 4
.../org/apache/struts2/config/DefaultBeanSelectionProvider.java | 1 +
core/src/main/resources/struts-default.xml | 3 +++
3 files changed, 8 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/aff3a3a6/core/src/main/java/org/apache/struts2/StrutsConstants.java
--
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index 3423ec8..6be58ad 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -281,4 +281,8 @@ public final class StrutsConstants {
/** Allows override default DispatcherErrorHandler **/
public static final String STRUTS_DISPATCHER_ERROR_HANDLER =
"struts.dispatcher.errorHandler";
+
+/** Comma delimited set of excluded properties which cannot be accessed
via expressions **/
+public static final String STRUTS_EXCLUDED_PROPERTIES =
"struts.excludedProperties";
+
}
http://git-wip-us.apache.org/repos/asf/struts/blob/aff3a3a6/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index b6b5b45..4cc2d61 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -391,6 +391,7 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
convertIfExist(props,
StrutsConstants.STRUTS_ENABLE_OGNL_EVAL_EXPRESSION,
XWorkConstants.ENABLE_OGNL_EVAL_EXPRESSION);
convertIfExist(props,
StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS,
XWorkConstants.ALLOW_STATIC_METHOD_ACCESS);
convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD,
XWorkConstants.RELOAD_XML_CONFIGURATION);
+convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_PROPERTIES,
XWorkConstants.OGNL_EXCLUDED_PROPERTIES);
LocalizedTextUtil.addDefaultResourceBundle("org/apache/struts2/struts-messages");
loadCustomResourceBundles(props);
http://git-wip-us.apache.org/repos/asf/struts/blob/aff3a3a6/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 87f1ff5..7cb687e 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -37,6 +37,9 @@
"http://struts.apache.org/dtds/struts-2.3.dtd";>
+
+
+
[04/50] git commit: Includes check for braces in expression
Includes check for braces in expression
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/58a58615
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/58a58615
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/58a58615
Branch: refs/heads/develop
Commit: 58a58615cf45c669800deafd462f7c427b677caf
Parents: aff3a3a
Author: Lukasz Lenart
Authored: Sat Apr 26 06:57:42 2014 +0200
Committer: Lukasz Lenart
Committed: Sat Apr 26 06:57:42 2014 +0200
--
.../src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/58a58615/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index a0231bc..81f9700 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -309,7 +309,8 @@ public class OgnlUtil {
if (tree instanceof SimpleNode) {
SimpleNode node = (SimpleNode) tree;
for (String excludedPattern : excludedProperties) {
-if (excludedPattern.equalsIgnoreCase(node.toString())) {
+// TODO lukaszlenart: need a better way to check 'toString'
and 'toString()' call
+if (excludedPattern.equalsIgnoreCase(node.toString()) ||
(excludedPattern + "()").equalsIgnoreCase(node.toString())) {
throw new OgnlException("Tree [" + (parent != null ?
parent : tree) + "] trying access excluded pattern [" + excludedPattern + "]");
}
for (int i = 0; i < node.jjtGetNumChildren(); i++) {
[12/50] git commit: Sets excluded classes during injecting OgnlUtil
Sets excluded classes during injecting OgnlUtil
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/2180b06f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/2180b06f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/2180b06f
Branch: refs/heads/develop
Commit: 2180b06f7d1d38e7701e72123e57208feb4cb444
Parents: 2798057
Author: Lukasz Lenart
Authored: Sat May 3 20:16:33 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:16:33 2014 +0200
--
.../main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java| 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/2180b06f/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index 76f0d3f..83be3ed 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -79,6 +79,7 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
@Inject
public void setOgnlUtil(OgnlUtil ognlUtil) {
this.ognlUtil = ognlUtil;
+securityMemberAccess.setExcludedClasses(ognlUtil.getExcludedClasses());
}
protected void setRoot(XWorkConverter xworkConverter, CompoundRootAccessor
accessor, CompoundRoot compoundRoot,
@@ -446,7 +447,7 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
XWorkConverter xworkConverter = cont.getInstance(XWorkConverter.class);
CompoundRootAccessor accessor = (CompoundRootAccessor)
cont.getInstance(PropertyAccessor.class, CompoundRoot.class.getName());
TextProvider prov = cont.getInstance(TextProvider.class, "system");
-boolean allow = "true".equals(cont.getInstance(String.class,
"allowStaticMethodAccess"));
+boolean allow = "true".equals(cont.getInstance(String.class,
XWorkConstants.ALLOW_STATIC_METHOD_ACCESS));
OgnlValueStack aStack = new OgnlValueStack(xworkConverter, accessor,
prov, allow);
aStack.setOgnlUtil(cont.getInstance(OgnlUtil.class));
aStack.setRoot(xworkConverter, accessor, this.root, allow);
[16/50] git commit: Defines excluded classes
Defines excluded classes Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f84efa5f Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f84efa5f Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f84efa5f Branch: refs/heads/develop Commit: f84efa5f42a31ecbcbe3eba28653a57829e598b8 Parents: cdfb94d Author: Lukasz Lenart Authored: Sat May 3 20:18:44 2014 +0200 Committer: Lukasz Lenart Committed: Sat May 3 20:18:44 2014 +0200 -- core/src/main/resources/struts-default.xml | 2 +- xwork-core/src/test/resources/xwork-param-test.xml | 2 +- xwork-core/src/test/resources/xwork-test-beans.xml | 8 3 files changed, 6 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/f84efa5f/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 7cb687e..0e4c419 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -38,7 +38,7 @@ - + http://git-wip-us.apache.org/repos/asf/struts/blob/f84efa5f/xwork-core/src/test/resources/xwork-param-test.xml -- diff --git a/xwork-core/src/test/resources/xwork-param-test.xml b/xwork-core/src/test/resources/xwork-param-test.xml index 3ca616a..01787f7 100644 --- a/xwork-core/src/test/resources/xwork-param-test.xml +++ b/xwork-core/src/test/resources/xwork-param-test.xml @@ -4,5 +4,5 @@ - + \ No newline at end of file http://git-wip-us.apache.org/repos/asf/struts/blob/f84efa5f/xwork-core/src/test/resources/xwork-test-beans.xml -- diff --git a/xwork-core/src/test/resources/xwork-test-beans.xml b/xwork-core/src/test/resources/xwork-test-beans.xml index 3fa5b28..7268ef7 100644 --- a/xwork-core/src/test/resources/xwork-test-beans.xml +++ b/xwork-core/src/test/resources/xwork-test-beans.xml @@ -3,11 +3,11 @@ "http://struts.apache.org/dtds/xwork-2.0.dtd";> - -
[11/50] git commit: Creates default context with excluded classes
Creates default context with excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/27980572
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/27980572
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/27980572
Branch: refs/heads/develop
Commit: 279805721d6223673b5cb93e29fa91a4bbe0ea90
Parents: d5bd607
Author: Lukasz Lenart
Authored: Sat May 3 20:15:53 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:15:53 2014 +0200
--
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 78 +---
1 file changed, 51 insertions(+), 27 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/27980572/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 5e06977..1c17eca 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -16,13 +16,18 @@
package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.XWorkConstants;
+import com.opensymphony.xwork2.XWorkException;
+import com.opensymphony.xwork2.config.ConfigurationException;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.TextParseUtil;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import com.opensymphony.xwork2.util.reflection.ReflectionException;
+import ognl.ClassResolver;
import ognl.Ognl;
import ognl.OgnlContext;
import ognl.OgnlException;
@@ -61,7 +66,9 @@ public class OgnlUtil {
private boolean enableExpressionCache = true;
private boolean enableEvalExpression;
-private Set excludedProperties = new HashSet();
+private Set> excludedClasses = new HashSet>();
+private Container container;
+private boolean allowStaticMethodAccess;
@Inject
public void setXWorkConverter(XWorkConverter conv) {
@@ -87,15 +94,32 @@ public class OgnlUtil {
}
}
-@Inject(value = XWorkConstants.OGNL_EXCLUDED_PROPERTIES, required = false)
-public void setExcludedProperties(String commaDelimitedProperties) {
-Set props =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
-for (String prop : props) {
-excludedProperties.add(prop);
-excludedProperties.add(prop + "()");
+@Inject(value = XWorkConstants.OGNL_EXCLUDED_CLASSES, required = false)
+public void setExcludedClasses(String commaDelimitedClasses) {
+Set classes =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedClasses);
+for (String className : classes) {
+try {
+excludedClasses.add(Class.forName(className));
+} catch (ClassNotFoundException e) {
+throw new ConfigurationException("Cannot load excluded class:
" + className, e);
+}
}
}
+public Set> getExcludedClasses() {
+return excludedClasses;
+}
+
+@Inject
+public void setContainer(Container container) {
+this.container = container;
+}
+
+@Inject(value = XWorkConstants.ALLOW_STATIC_METHOD_ACCESS, required =
false)
+public void setAllowStaticMethodAccess(String allowStaticMethodAccess) {
+this.allowStaticMethodAccess =
Boolean.parseBoolean(allowStaticMethodAccess);
+}
+
/**
* Sets the object's properties using the default type converter,
defaulting to not throw
* exceptions for problems setting the properties.
@@ -155,7 +179,7 @@ public class OgnlUtil {
*problems setting the properties
*/
public void setProperties(Map properties, Object o, boolean
throwPropertyExceptions) {
-Map context = Ognl.createDefaultContext(o);
+Map context = createDefaultContext(o, null);
setProperties(properties, o, context, throwPropertyExceptions);
}
@@ -293,13 +317,11 @@ public class OgnlUtil {
if (tree == null) {
tree = Ognl.parseExpression(expression);
checkEnableEvalExpression(tree, context);
-checkExcludedPropertiesAccess(tree, null);
expressions.putIfAbsent(expression, tree);
}
} else {
tree = Ognl.parseExpression(expression);
checkEnableEvalEx
[06/50] git commit: Updates tests as using Object's methods is prohibited
Updates tests as using Object's methods is prohibited
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5d8aa8a8
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5d8aa8a8
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5d8aa8a8
Branch: refs/heads/develop
Commit: 5d8aa8a80be131dbcf412c28aec0435d3bdc23e3
Parents: bcc0327
Author: Lukasz Lenart
Authored: Sat Apr 26 06:59:18 2014 +0200
Committer: Lukasz Lenart
Committed: Sat Apr 26 06:59:18 2014 +0200
--
.../ExecuteAndWaitInterceptorTest.java | 2 ++
.../struts2/views/jsp/PropertyTagTest.java | 30
.../apache/struts2/views/jsp/ui/SelectTest.java | 2 +-
.../struts2/rest/RestActionInvocationTest.java | 2 ++
.../xwork2/DefaultActionInvocationTest.java | 8 ++
5 files changed, 31 insertions(+), 13 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/5d8aa8a8/core/src/test/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptorTest.java
--
diff --git
a/core/src/test/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptorTest.java
b/core/src/test/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptorTest.java
index 01d1a6e..5a01015 100644
---
a/core/src/test/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptorTest.java
+++
b/core/src/test/java/org/apache/struts2/interceptor/ExecuteAndWaitInterceptorTest.java
@@ -32,6 +32,7 @@ import com.opensymphony.xwork2.config.entities.ResultConfig;
import com.opensymphony.xwork2.inject.ContainerBuilder;
import com.opensymphony.xwork2.interceptor.ParametersInterceptor;
import com.opensymphony.xwork2.mock.MockResult;
+import com.opensymphony.xwork2.ognl.OgnlUtil;
import com.opensymphony.xwork2.util.location.LocatableProperties;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.StrutsInternalTestCase;
@@ -222,6 +223,7 @@ public class ExecuteAndWaitInterceptorTest extends
StrutsInternalTestCase {
public void register(ContainerBuilder builder, LocatableProperties
props) throws ConfigurationException {
builder.factory(ObjectFactory.class);
builder.factory(ActionProxyFactory.class,
DefaultActionProxyFactory.class);
+builder.factory(OgnlUtil.class, OgnlUtil.class);
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/5d8aa8a8/core/src/test/java/org/apache/struts2/views/jsp/PropertyTagTest.java
--
diff --git
a/core/src/test/java/org/apache/struts2/views/jsp/PropertyTagTest.java
b/core/src/test/java/org/apache/struts2/views/jsp/PropertyTagTest.java
index cce9a0c..a2b77ba 100644
--- a/core/src/test/java/org/apache/struts2/views/jsp/PropertyTagTest.java
+++ b/core/src/test/java/org/apache/struts2/views/jsp/PropertyTagTest.java
@@ -180,11 +180,13 @@ public class PropertyTagTest extends
StrutsInternalTestCase {
pageContext.setRequest(request);
// test
-{PropertyTag tag = new PropertyTag();
-tag.setPageContext(pageContext);
-tag.setValue("%{toString()}");
-tag.doStartTag();
-tag.doEndTag();}
+{
+PropertyTag tag = new PropertyTag();
+tag.setPageContext(pageContext);
+tag.setValue("%{formatTitle()}");
+tag.doStartTag();
+tag.doEndTag();
+}
// verify test
request.verify();
@@ -212,7 +214,7 @@ public class PropertyTagTest extends StrutsInternalTestCase
{
tag.setEscape(false);
tag.setEscapeJavaScript(true);
tag.setPageContext(pageContext);
-tag.setValue("%{toString()}");
+tag.setValue("%{formatTitle()}");
tag.doStartTag();
tag.doEndTag();}
@@ -242,7 +244,7 @@ public class PropertyTagTest extends StrutsInternalTestCase
{
tag.setEscape(false);
tag.setEscapeXml(true);
tag.setPageContext(pageContext);
-tag.setValue("%{toString()}");
+tag.setValue("%{formatTitle()}");
tag.doStartTag();
tag.doEndTag();}
@@ -272,7 +274,7 @@ public class PropertyTagTest extends StrutsInternalTestCase
{
tag.setEscape(false);
tag.setEscapeCsv(true);
tag.setPageContext(pageContext);
-tag.setValue("%{toString()}");
+tag.setValue("%{formatTitle()}");
tag.doStartTag();
tag.doEndTag();}
@@ -300,7 +302,7 @@ public class PropertyTagTest extends StrutsInternalTestCase
{
// test
{PropertyTag tag = new PropertyTag();
tag.setPageContext(pageContext);
-tag.setValue("toString()");
+tag.setValue("formatTitle()");
tag.doStartTag();
[05/50] git commit: Uses OgnlUtil to execute action/method instead of Reflection
Uses OgnlUtil to execute action/method instead of Reflection
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bcc0327e
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bcc0327e
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bcc0327e
Branch: refs/heads/develop
Commit: bcc0327ee49c60b10d158354c0d1be06eb8a9f52
Parents: 58a5861
Author: Lukasz Lenart
Authored: Sat Apr 26 06:58:50 2014 +0200
Committer: Lukasz Lenart
Committed: Sat Apr 26 06:58:50 2014 +0200
--
.../xwork2/DefaultActionInvocation.java | 54 +++-
1 file changed, 18 insertions(+), 36 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/bcc0327e/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java
index 531a725..4539e56 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultActionInvocation.java
@@ -22,14 +22,14 @@ import com.opensymphony.xwork2.config.entities.ResultConfig;
import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.interceptor.PreResultListener;
+import com.opensymphony.xwork2.ognl.OgnlUtil;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.ValueStackFactory;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import com.opensymphony.xwork2.util.profiling.UtilTimerStack;
+import ognl.OgnlException;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -46,18 +46,8 @@ import java.util.Map;
*/
public class DefaultActionInvocation implements ActionInvocation {
-private static final long serialVersionUID = -585293628862447329L;
-
-//static {
-//if (ObjectFactory.getContinuationPackage() != null) {
-//continuationHandler = new ContinuationHandler();
-//}
-//}
private static final Logger LOG =
LoggerFactory.getLogger(DefaultActionInvocation.class);
-private static final Class[] EMPTY_CLASS_ARRAY = new Class[0];
-private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0];
-
protected Object action;
protected ActionProxy proxy;
protected List preResultListeners;
@@ -75,6 +65,7 @@ public class DefaultActionInvocation implements
ActionInvocation {
protected ValueStackFactory valueStackFactory;
protected Container container;
protected UnknownHandlerManager unknownHandlerManager;
+protected OgnlUtil ognlUtil;
public DefaultActionInvocation(final Map extraContext,
final boolean pushAction) {
this.extraContext = extraContext;
@@ -106,6 +97,11 @@ public class DefaultActionInvocation implements
ActionInvocation {
this.actionEventListener = listener;
}
+@Inject
+public void setOgnlUtil(OgnlUtil ognlUtil) {
+this.ognlUtil = ognlUtil;
+}
+
public Object getAction() {
return action;
}
@@ -420,22 +416,19 @@ public class DefaultActionInvocation implements
ActionInvocation {
try {
UtilTimerStack.push(timerKey);
-boolean methodCalled = false;
-Object methodResult = null;
-Method method = null;
+Object methodResult;
try {
-method = getAction().getClass().getMethod(methodName,
EMPTY_CLASS_ARRAY);
-} catch (NoSuchMethodException e) {
+methodResult = ognlUtil.getValue(methodName + "()",
getStack().getContext(), action);
+} catch (OgnlException e) {
// hmm -- OK, try doXxx instead
try {
-String altMethodName = "do" + methodName.substring(0,
1).toUpperCase() + methodName.substring(1);
-method = getAction().getClass().getMethod(altMethodName,
EMPTY_CLASS_ARRAY);
-} catch (NoSuchMethodException e1) {
+String altMethodName = "do" + methodName.substring(0,
1).toUpperCase() + methodName.substring(1) + "()";
+methodResult = ognlUtil.getValue(altMethodName,
ActionContext.getContext().getContextMap(), action);
+} catch (OgnlException e1) {
// well, give the unknown handler a shot
if (unknownHandlerManager.hasUnknownHandlers()) {
t
[07/50] git commit: Extends patterns with parenthesis during initialisation
Extends patterns with parenthesis during initialisation
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/53fb5ba5
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/53fb5ba5
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/53fb5ba5
Branch: refs/heads/develop
Commit: 53fb5ba5f89c641a92a4f7bee7584e7764741572
Parents: 5d8aa8a
Author: Lukasz Lenart
Authored: Thu May 1 09:39:55 2014 +0200
Committer: Lukasz Lenart
Committed: Thu May 1 09:39:55 2014 +0200
--
.../main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java| 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/53fb5ba5/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 81f9700..5e06977 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -89,7 +89,11 @@ public class OgnlUtil {
@Inject(value = XWorkConstants.OGNL_EXCLUDED_PROPERTIES, required = false)
public void setExcludedProperties(String commaDelimitedProperties) {
-excludedProperties =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
+Set props =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
+for (String prop : props) {
+excludedProperties.add(prop);
+excludedProperties.add(prop + "()");
+}
}
/**
@@ -309,8 +313,7 @@ public class OgnlUtil {
if (tree instanceof SimpleNode) {
SimpleNode node = (SimpleNode) tree;
for (String excludedPattern : excludedProperties) {
-// TODO lukaszlenart: need a better way to check 'toString'
and 'toString()' call
-if (excludedPattern.equalsIgnoreCase(node.toString()) ||
(excludedPattern + "()").equalsIgnoreCase(node.toString())) {
+if (excludedPattern.equalsIgnoreCase(node.toString())) {
throw new OgnlException("Tree [" + (parent != null ?
parent : tree) + "] trying access excluded pattern [" + excludedPattern + "]");
}
for (int i = 0; i < node.jjtGetNumChildren(); i++) {
[13/50] git commit: Adds mapping of excluded classes key
Adds mapping of excluded classes key
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f0799fd9
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f0799fd9
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f0799fd9
Branch: refs/heads/develop
Commit: f0799fd99bff78f0c984922ac358d7cf3eede0ba
Parents: 2180b06
Author: Lukasz Lenart
Authored: Sat May 3 20:16:58 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:16:58 2014 +0200
--
.../org/apache/struts2/config/DefaultBeanSelectionProvider.java| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/f0799fd9/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index 4cc2d61..dedbce5 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -391,7 +391,7 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
convertIfExist(props,
StrutsConstants.STRUTS_ENABLE_OGNL_EVAL_EXPRESSION,
XWorkConstants.ENABLE_OGNL_EVAL_EXPRESSION);
convertIfExist(props,
StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS,
XWorkConstants.ALLOW_STATIC_METHOD_ACCESS);
convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD,
XWorkConstants.RELOAD_XML_CONFIGURATION);
-convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_PROPERTIES,
XWorkConstants.OGNL_EXCLUDED_PROPERTIES);
+convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES,
XWorkConstants.OGNL_EXCLUDED_CLASSES);
LocalizedTextUtil.addDefaultResourceBundle("org/apache/struts2/struts-messages");
loadCustomResourceBundles(props);
[09/50] git commit: Extends SecurityMemberAccess to included excluded classes
Extends SecurityMemberAccess to included excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/c778297e
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/c778297e
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/c778297e
Branch: refs/heads/develop
Commit: c778297e80e19c7e16389e5c5bb3487512695c0a
Parents: ee3c8d5
Author: Lukasz Lenart
Authored: Sat May 3 20:12:14 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:12:14 2014 +0200
--
.../xwork2/ognl/SecurityMemberAccess.java | 17 +
1 file changed, 17 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/c778297e/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 7bbcbda..9d84702 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -35,6 +35,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess
{
private final boolean allowStaticMethodAccess;
private Set excludeProperties = Collections.emptySet();
private Set acceptProperties = Collections.emptySet();
+private Set> excludedClasses = Collections.emptySet();
public SecurityMemberAccess(boolean method) {
super(false);
@@ -49,6 +50,9 @@ public class SecurityMemberAccess extends DefaultMemberAccess
{
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
+if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
+return false;
+}
boolean allow = true;
int modifiers = member.getModifiers();
if (Modifier.isStatic(modifiers)) {
@@ -74,6 +78,15 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
return isAcceptableProperty(propertyName);
}
+protected boolean isClassExcluded(Class targetClass, Class
declaringClass) {
+for (Class excludedClass : excludedClasses) {
+if (targetClass.isAssignableFrom(excludedClass) ||
declaringClass.isAssignableFrom(excludedClass)) {
+return true;
+}
+}
+return false;
+}
+
protected boolean isAcceptableProperty(String name) {
return name == null || ((!isExcluded(name)) && isAccepted(name));
}
@@ -115,4 +128,8 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
this.acceptProperties = acceptedProperties;
}
+public void setExcludedClasses(Set> excludedClasses) {
+this.excludedClasses = excludedClasses;
+}
+
}
[18/50] git commit: Adds special treatment of Object class and unit test
Adds special treatment of Object class and unit test
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/b3ca9ea5
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/b3ca9ea5
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/b3ca9ea5
Branch: refs/heads/develop
Commit: b3ca9ea5e31fc9b6c0a5e644e833874bb7cc62fa
Parents: cb59074
Author: Lukasz Lenart
Authored: Sun May 4 11:18:00 2014 +0200
Committer: Lukasz Lenart
Committed: Sun May 4 11:18:00 2014 +0200
--
.../xwork2/ognl/SecurityMemberAccess.java | 11 +-
.../xwork2/ognl/SecurityMemberAccessTest.java | 139 +++
2 files changed, 146 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/b3ca9ea5/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 9d84702..7fe77c3 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -21,6 +21,7 @@ import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collections;
+import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
@@ -47,8 +48,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess
{
}
@Override
-public boolean isAccessible(Map context, Object target, Member member,
-String propertyName) {
+public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
return false;
@@ -79,8 +79,11 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
}
protected boolean isClassExcluded(Class targetClass, Class
declaringClass) {
-for (Class excludedClass : excludedClasses) {
-if (targetClass.isAssignableFrom(excludedClass) ||
declaringClass.isAssignableFrom(excludedClass)) {
+if (targetClass == Object.class || declaringClass == Object.class) {
+return true;
+}
+for (Class excludedClass : excludedClasses) {
+if (excludedClass.isAssignableFrom(targetClass) ||
declaringClass.isAssignableFrom(excludedClass)) {
return true;
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/b3ca9ea5/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
new file mode 100644
index 000..4ccc831
--- /dev/null
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -0,0 +1,139 @@
+package com.opensymphony.xwork2.ognl;
+
+import junit.framework.TestCase;
+
+import java.lang.reflect.Member;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class SecurityMemberAccessTest extends TestCase {
+
+private Map context;
+private FooBar target;
+
+@Override
+public void setUp() throws Exception {
+context = new HashMap();
+target = new FooBar();
+}
+
+public void testWithoutClassExclusion() throws Exception {
+// given
+SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+String propertyName = "stringField";
+Member member = FooBar.class.getMethod("get" +
propertyName.substring(0, 1).toUpperCase() + propertyName.substring(1));
+
+// when
+boolean accessible = sma.isAccessible(context, target, member,
propertyName);
+
+// then
+assertTrue(accessible);
+}
+
+public void testClassExclusion() throws Exception {
+// given
+SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+String propertyName = "stringField";
+Member member = FooBar.class.getDeclaredMethod("get" +
propertyName.substring(0, 1).toUpperCase() + propertyName.substring(1));
+
+Set> excluded = new HashSet>();
+excluded.add(FooBar.class);
+sma.setExcludedClasses(excluded);
+
+// when
+boolean accessible = sma.isAccessible(context, target, member,
propertyName);
+
+// then
+assertFalse(accessible);
+
[48/50] git commit: Excludes ActionContext from Ognl evaluation
Excludes ActionContext from Ognl evaluation Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bbcc6014 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bbcc6014 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bbcc6014 Branch: refs/heads/develop Commit: bbcc6014f61e4d751114051605e8041474e5b496 Parents: eb8aae8 Author: Lukasz Lenart Authored: Thu Jun 5 08:25:44 2014 +0200 Committer: Lukasz Lenart Committed: Thu Jun 5 08:25:44 2014 +0200 -- core/src/main/resources/struts-default.xml | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/bbcc6014/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 0fe8e68..49eba90 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -38,7 +38,15 @@ - +
[49/50] git commit: Adds additional classes to be excluded
Adds additional classes to be excluded Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/96542871 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/96542871 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/96542871 Branch: refs/heads/develop Commit: 965428711572ad52d3713b3432ff38e1dd3e9dae Parents: bbcc601 Author: Lukasz Lenart Authored: Wed Jun 18 08:45:56 2014 +0200 Committer: Lukasz Lenart Committed: Wed Jun 18 08:45:56 2014 +0200 -- core/src/main/resources/struts-default.xml | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/96542871/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 49eba90..ea2a631 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -42,13 +42,17 @@ value=" java.lang.Object, java.lang.Runtime, +java.lang.System, +java.lang.Class, +java.lang.ClassLoader, +java.lang.Shutdown, ognl.OgnlContext, ognl.MemberAccess, ognl.ClassResolver, ognl.TypeConverter, com.opensymphony.xwork2.ActionContext" /> - +
[42/50] git commit: Ties excluding packages into Struts DI mechanism
Ties excluding packages into Struts DI mechanism
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/4ee18f96
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/4ee18f96
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/4ee18f96
Branch: refs/heads/develop
Commit: 4ee18f96bc2d401f9007c5fd458c47b7ae4ff35d
Parents: dba9da3
Author: Lukasz Lenart
Authored: Fri May 23 09:58:33 2014 +0200
Committer: Lukasz Lenart
Committed: Fri May 23 09:58:33 2014 +0200
--
.../java/org/apache/struts2/StrutsConstants.java | 3 ++-
.../config/DefaultBeanSelectionProvider.java | 3 +++
core/src/main/resources/struts-default.xml | 2 ++
.../com/opensymphony/xwork2/XWorkConstants.java| 2 ++
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 17 -
.../opensymphony/xwork2/ognl/OgnlValueStack.java | 1 +
6 files changed, 26 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/core/src/main/java/org/apache/struts2/StrutsConstants.java
--
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index 8c0c5ce..dd08993 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -282,8 +282,9 @@ public final class StrutsConstants {
/** Allows override default DispatcherErrorHandler **/
public static final String STRUTS_DISPATCHER_ERROR_HANDLER =
"struts.dispatcher.errorHandler";
-/** Comma delimited set of excluded classes which cannot be accessed via
expressions **/
+/** Comma delimited set of excluded classes and package names which cannot
be accessed via expressions **/
public static final String STRUTS_EXCLUDED_CLASSES =
"struts.excludedClasses";
+public static final String STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS =
"struts.excludedPackageNamePatterns";
/** Dedicated services to check if passed string is excluded/accepted **/
public static final String STRUTS_EXCLUDED_PATTERNS_CHECKER =
"struts.excludedPatterns.checker";
http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index 4334d3c..a671133 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -403,7 +403,10 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
convertIfExist(props,
StrutsConstants.STRUTS_ENABLE_OGNL_EVAL_EXPRESSION,
XWorkConstants.ENABLE_OGNL_EVAL_EXPRESSION);
convertIfExist(props,
StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS,
XWorkConstants.ALLOW_STATIC_METHOD_ACCESS);
convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD,
XWorkConstants.RELOAD_XML_CONFIGURATION);
+
convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES,
XWorkConstants.OGNL_EXCLUDED_CLASSES);
+convertIfExist(props,
StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS,
XWorkConstants.OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS);
+
convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_EXCLUDED_PATTERNS,
XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS);
convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_ACCEPTED_PATTERNS,
XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS);
http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index a1aa63f..0275a48 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -39,6 +39,8 @@
+
+
http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
index b846ac0..830df78 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
@@ -17,7 +17,9
[19/50] git commit: Adds more use cases
Adds more use cases
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ba0ac0df
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ba0ac0df
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ba0ac0df
Branch: refs/heads/develop
Commit: ba0ac0dfd47c768661fcd5fa12bb00af851eb548
Parents: b3ca9ea
Author: Lukasz Lenart
Authored: Sun May 4 11:58:08 2014 +0200
Committer: Lukasz Lenart
Committed: Sun May 4 11:58:08 2014 +0200
--
.../xwork2/ognl/SecurityMemberAccess.java | 4 +-
.../xwork2/ognl/SecurityMemberAccessTest.java | 84 +++-
2 files changed, 83 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/ba0ac0df/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 7fe77c3..a35f68b 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -49,10 +49,10 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
@Override
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
-
if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
return false;
}
+
boolean allow = true;
int modifiers = member.getModifiers();
if (Modifier.isStatic(modifiers)) {
@@ -83,7 +83,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess
{
return true;
}
for (Class excludedClass : excludedClasses) {
-if (excludedClass.isAssignableFrom(targetClass) ||
declaringClass.isAssignableFrom(excludedClass)) {
+if (targetClass.isAssignableFrom(excludedClass) ||
declaringClass.isAssignableFrom(excludedClass)) {
return true;
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/ba0ac0df/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index 4ccc831..1c14cb2 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -84,7 +84,7 @@ public class SecurityMemberAccessTest extends TestCase {
SecurityMemberAccess sma = new SecurityMemberAccess(false);
String propertyName = "barLogic";
-Member member = FooBar.class.getMethod("barLogic");
+Member member = BarInterface.class.getMethod(propertyName);
Set> excluded = new HashSet>();
excluded.add(BarInterface.class);
@@ -97,9 +97,83 @@ public class SecurityMemberAccessTest extends TestCase {
assertFalse("barLogic() from BarInterface is accessible!!!",
accessible);
}
+public void testMiddleOfInheritanceExclusion1() throws Exception {
+// given
+SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+String propertyName = "fooLogic";
+Member member = FooBar.class.getMethod(propertyName);
+
+Set> excluded = new HashSet>();
+excluded.add(BarInterface.class);
+sma.setExcludedClasses(excluded);
+
+// when
+boolean accessible = sma.isAccessible(context, target, member,
propertyName);
+
+// then
+assertTrue("fooLogic() from FooInterface isn't accessible!!!",
accessible);
+}
+
+public void testMiddleOfInheritanceExclusion2() throws Exception {
+// given
+SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+String propertyName = "barLogic";
+Member member = BarInterface.class.getMethod(propertyName);
+
+Set> excluded = new HashSet>();
+excluded.add(BarInterface.class);
+sma.setExcludedClasses(excluded);
+
+// when
+boolean accessible = sma.isAccessible(context, target, member,
propertyName);
+
+// then
+assertFalse("barLogic() from BarInterface is accessible!!!",
accessible);
+}
+
+public void testMiddleOfInheritanceExclusion3() throws Exception {
+// given
+SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+String propertyName = "barLogic";
+Member member = BarInte
[50/50] git commit: Merge branch 'feature/exclude-object-class' into develop This adds new security mechanism to prevent access particular classes and packages
Merge branch 'feature/exclude-object-class' into develop This adds new security mechanism to prevent access particular classes and packages Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/21ef4e34 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/21ef4e34 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/21ef4e34 Branch: refs/heads/develop Commit: 21ef4e3487f5dbf46f9b6bdff7eceb057da28bdd Parents: 63897e8 9654287 Author: Lukasz Lenart Authored: Wed Jun 18 08:48:22 2014 +0200 Committer: Lukasz Lenart Committed: Wed Jun 18 08:48:22 2014 +0200 -- .../org/apache/struts2/StrutsConstants.java | 16 ++ .../config/DefaultBeanSelectionProvider.java| 22 +- .../struts2/interceptor/CookieInterceptor.java | 48 ++-- core/src/main/resources/struts-default.xml | 20 ++ .../struts2/TestConfigurationProvider.java | 5 + .../interceptor/CookieInterceptorTest.java | 11 + .../ExecuteAndWaitInterceptorTest.java | 2 + .../struts2/views/jsp/PropertyTagTest.java | 30 ++- .../apache/struts2/views/jsp/ui/SelectTest.java | 2 +- .../struts2/rest/RestActionInvocationTest.java | 2 + .../xwork2/DefaultActionInvocation.java | 54 ++--- .../opensymphony/xwork2/ExcludedPatterns.java | 22 -- .../com/opensymphony/xwork2/XWorkConstants.java | 10 + .../providers/XWorkConfigurationProvider.java | 11 +- .../interceptor/ParametersInterceptor.java | 138 +-- .../com/opensymphony/xwork2/ognl/OgnlUtil.java | 77 +- .../xwork2/ognl/OgnlValueStack.java | 6 +- .../xwork2/ognl/SecurityMemberAccess.java | 50 +++- .../security/AcceptedPatternsChecker.java | 82 +++ .../DefaultAcceptedPatternsChecker.java | 86 +++ .../DefaultExcludedPatternsChecker.java | 95 .../security/ExcludedPatternsChecker.java | 82 +++ .../xwork2/DefaultActionInvocationTest.java | 8 + .../impl/AnnotationXWorkConverterTest.java | 10 +- .../interceptor/ParametersInterceptorTest.java | 47 ++-- .../opensymphony/xwork2/ognl/OgnlUtilTest.java | 164 +++-- .../xwork2/ognl/OgnlValueStackTest.java | 1 + .../xwork2/ognl/SecurityMemberAccessTest.java | 236 +++ .../DefaultAcceptedPatternsCheckerTest.java | 56 + .../DefaultExcludedPatternsCheckerTest.java | 60 + .../test/resources/xwork-class-param-test.xml | 11 + .../src/test/resources/xwork-param-test.xml | 1 + .../src/test/resources/xwork-test-beans.xml | 24 +- 33 files changed, 1226 insertions(+), 263 deletions(-) --
[28/50] git commit: Adds description about new extension point
Adds description about new extension point
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ba1850a1
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ba1850a1
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ba1850a1
Branch: refs/heads/develop
Commit: ba1850a1382765eb51c58103a8c5ee7c0d9417f4
Parents: 735fd96
Author: Lukasz Lenart
Authored: Tue May 13 20:28:26 2014 +0200
Committer: Lukasz Lenart
Committed: Tue May 13 20:28:26 2014 +0200
--
.../apache/struts2/config/DefaultBeanSelectionProvider.java| 6 ++
1 file changed, 6 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/ba1850a1/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index 5304910..5296b41 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -313,6 +313,12 @@ import java.util.StringTokenizer;
* Used to parse expressions like ${foo.bar} or %{bar.foo} but it is
up tp the TextParser's
* implementation what kind of opening char to use (#, $, %, etc)
*
+ *
+ * com.opensymphony.xwork2.ExcludedPatternsChecker
+ * struts.excludedPatterns.checker
+ * request
+ * Used across different interceptors to check if given string matches
one of the excluded patterns
+ *
*
*
*
[01/50] git commit: Adds constant under which excluded properties can be defined
Repository: struts
Updated Branches:
refs/heads/develop 63897e83d -> 21ef4e348
Adds constant under which excluded properties can be defined
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bbcee42f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bbcee42f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bbcee42f
Branch: refs/heads/develop
Commit: bbcee42f669f9e11e1ba1892eddbd612506616d2
Parents: 2550384
Author: Lukasz Lenart
Authored: Fri Apr 25 14:57:44 2014 +0200
Committer: Lukasz Lenart
Committed: Fri Apr 25 14:57:44 2014 +0200
--
.../src/main/java/com/opensymphony/xwork2/XWorkConstants.java | 2 ++
1 file changed, 2 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/bbcee42f/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
index 1936368..1894372 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
@@ -17,4 +17,6 @@ public final class XWorkConstants {
public static final String RELOAD_XML_CONFIGURATION =
"reloadXmlConfiguration";
public static final String ALLOW_STATIC_METHOD_ACCESS =
"allowStaticMethodAccess";
public static final String XWORK_LOGGER_FACTORY = "xwork.loggerFactory";
+public static final String OGNL_EXCLUDED_PROPERTIES =
"ognlExcludedProperties";
+
}
[30/50] git commit: Extends logging with more information
Extends logging with more information
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/833a07e7
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/833a07e7
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/833a07e7
Branch: refs/heads/develop
Commit: 833a07e7fa1143f2a09786d561da70f144954c60
Parents: bfbc4c0
Author: Lukasz Lenart
Authored: Wed May 14 08:24:03 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 14 08:24:03 2014 +0200
--
.../src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/833a07e7/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index 83be3ed..1e4a576 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -198,7 +198,7 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
throw new XWorkException(message, re);
} else {
if (LOG.isWarnEnabled()) {
-LOG.warn("Error setting value", re);
+LOG.warn("Error setting value [#0] with expression [#1]", re,
value.toString(), expr);
}
}
}
[20/50] git commit: Merge branch 'develop' into feature/exclude-object-class
Merge branch 'develop' into feature/exclude-object-class
Conflicts:
xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/a5946d08
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/a5946d08
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/a5946d08
Branch: refs/heads/develop
Commit: a5946d0814b6245f1e83e4ff8e5f337b045991ae
Parents: ba0ac0d 086c0a0
Author: Lukasz Lenart
Authored: Mon May 5 06:43:31 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 5 06:43:31 2014 +0200
--
.../struts2/interceptor/CookieInterceptor.java | 74 +++-
core/src/main/resources/struts-default.xml | 8 +--
.../interceptor/CookieInterceptorTest.java | 66 +
plugins/rest/pom.xml| 2 +-
pom.xml | 3 +-
src/site/resources/archetype-catalog.xml| 12 ++--
.../opensymphony/xwork2/ExcludedPatterns.java | 22 ++
.../interceptor/ParametersInterceptor.java | 2 +-
.../opensymphony/xwork2/mock/MockResult.java| 2 +
.../interceptor/ParametersInterceptorTest.java | 68 ++
10 files changed, 242 insertions(+), 17 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/a5946d08/core/src/main/resources/struts-default.xml
--
http://git-wip-us.apache.org/repos/asf/struts/blob/a5946d08/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
--
diff --cc
xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
index e09ab54,c73b057..6de6aad
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
@@@ -485,9 -507,8 +485,9 @@@ public class ParametersInterceptor exte
public void setExcludeParams(String commaDelim) {
Collection excludePatterns =
ArrayUtils.asCollection(commaDelim);
if (excludePatterns != null) {
+excludeParams = new HashSet();
for (String pattern : excludePatterns) {
- excludeParams.add(Pattern.compile(pattern));
+ excludeParams.add(Pattern.compile(pattern,
Pattern.CASE_INSENSITIVE));
}
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/a5946d08/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
--
[46/50] git commit: Adds additional method to check if value of param isn't excluded
Adds additional method to check if value of param isn't excluded
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5ebc0643
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5ebc0643
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5ebc0643
Branch: refs/heads/develop
Commit: 5ebc0643b55d728a6713a82559a594d875452cd8
Parents: 89cbe13
Author: Lukasz Lenart
Authored: Sun Jun 1 10:49:20 2014 +0200
Committer: Lukasz Lenart
Committed: Sun Jun 1 10:49:20 2014 +0200
--
.../interceptor/ParametersInterceptor.java | 30 +++-
1 file changed, 29 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/5ebc0643/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
index c1b2f3d..d95c2a7 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
@@ -273,7 +273,8 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
for (Map.Entry entry : params.entrySet()) {
String name = entry.getKey();
-if (isAcceptableParameter(name, action)) {
+Object value = entry.getValue();
+if (isAcceptableParameter(name, action) &&
isAcceptableValue(value)) {
acceptableParameters.put(name, entry.getValue());
}
}
@@ -349,6 +350,33 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
}
/**
+ * Checks if given value doesn't match global excluded patterns to avoid
passing malicious code
+ *
+ * @param value incoming parameter's value
+ * @return true if value is safe
+ *
+ * FIXME: can be removed when parameters won't be represented as simple
Strings
+ */
+protected boolean isAcceptableValue(Object value) {
+if (value == null) {
+return true;
+}
+Object[] values;
+if (value.getClass().isArray()) {
+values = (Object[]) value;
+} else {
+values = new Object[] { value };
+}
+boolean result = true;
+for (Object obj : values) {
+if (isExcluded(obj.toString())) {
+result = false;
+}
+}
+return result;
+}
+
+/**
* Gets an instance of the comparator to use for the ordered sorting.
Override this
* method to customize the ordering of the parameters as they are set to
the
* action.
[32/50] git commit: Adds additional methods needed by ParametersInterceptor
Adds additional methods needed by ParametersInterceptor
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/3d77c348
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/3d77c348
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/3d77c348
Branch: refs/heads/develop
Commit: 3d77c348b15f438c5dcab9790daacfd4d43cd02b
Parents: e8e5b51
Author: Lukasz Lenart
Authored: Wed May 14 08:25:22 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 14 08:25:22 2014 +0200
--
.../xwork2/DefaultExcludedPatternsChecker.java | 19 +++
.../xwork2/ExcludedPatternsChecker.java | 35
2 files changed, 39 insertions(+), 15 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/3d77c348/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
index 3860e57..eabd621 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
@@ -46,29 +46,14 @@ public class DefaultExcludedPatternsChecker implements
ExcludedPatternsChecker {
}
}
-/**
- * Allows add additional excluded patterns during runtime
- *
- * @param commaDelimitedPatterns comma delimited string with patterns
- */
public void addExcludedPatterns(String commaDelimitedPatterns) {
addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
}
-/**
- * Allows add additional excluded patterns during runtime
- *
- * @param additionalPatterns array of additional excluded patterns
- */
public void addExcludedPatterns(String[] additionalPatterns) {
addExcludedPatterns(new
HashSet(Arrays.asList(additionalPatterns)));
}
-/**
- * Allows add additional excluded patterns during runtime
- *
- * @param additionalPatterns set of additional patterns
- */
public void addExcludedPatterns(Set additionalPatterns) {
if (LOG.isTraceEnabled()) {
LOG.trace("Adding additional excluded patterns [#0]",
additionalPatterns);
@@ -90,4 +75,8 @@ public class DefaultExcludedPatternsChecker implements
ExcludedPatternsChecker {
return IsExcluded.no();
}
+public Set getExcludedPatterns() {
+return excludedPatterns;
+}
+
}
http://git-wip-us.apache.org/repos/asf/struts/blob/3d77c348/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
index c4730ea..ac0ff6e 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
@@ -1,5 +1,6 @@
package com.opensymphony.xwork2;
+import java.util.Set;
import java.util.regex.Pattern;
/**
@@ -7,8 +8,42 @@ import java.util.regex.Pattern;
*/
public interface ExcludedPatternsChecker {
+/**
+ * Checks if value matches any of patterns on exclude list
+ *
+ * @param value to check
+ * @return object containing result of matched pattern and pattern itself
+ */
public IsExcluded isExcluded(String value);
+/**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param commaDelimitedPatterns comma delimited string with patterns
+ */
+public void addExcludedPatterns(String commaDelimitedPatterns);
+
+/**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param additionalPatterns array of additional excluded patterns
+ */
+public void addExcludedPatterns(String[] additionalPatterns);
+
+/**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param additionalPatterns set of additional patterns
+ */
+public void addExcludedPatterns(Set additionalPatterns);
+
+/**
+ * Allow access list of all defined excluded patterns
+ *
+ * @return set of excluded patterns
+ */
+public Set getExcludedPatterns();
+
public final static class IsExcluded {
private final boolean excluded;
[08/50] git commit: Additional use cases to check method access
Additional use cases to check method access
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ee3c8d56
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ee3c8d56
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ee3c8d56
Branch: refs/heads/develop
Commit: ee3c8d5630b077e2f2708bc4cbeeb933150a71fe
Parents: 53fb5ba
Author: Lukasz Lenart
Authored: Thu May 1 09:40:33 2014 +0200
Committer: Lukasz Lenart
Committed: Thu May 1 09:40:33 2014 +0200
--
.../opensymphony/xwork2/ognl/OgnlUtilTest.java | 54
1 file changed, 54 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/ee3c8d56/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index d471183..98ff671 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -685,6 +685,24 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(expected.getMessage(), "Tree
[class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded
pattern [class]");
}
+public void testAvoidCallingMethodsOnObjectClassAsMap2() throws Exception {
+Foo foo = new Foo();
+OgnlUtil util = new OgnlUtil();
+util.setEnableExpressionCache("false");
+util.setExcludedProperties("class");
+
+Exception expected = null;
+try {
+
util.setValue("model['class']['classLoader']['defaultAssertionStatus']",
ActionContext.getContext().getContextMap(), foo, true);
+fail();
+} catch (OgnlException e) {
+expected = e;
+}
+assertNotNull(expected);
+assertSame(expected.getClass(), OgnlException.class);
+assertEquals(expected.getMessage(), "Tree
[class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded
pattern [class]");
+}
+
public void testAvoidCallingMethodsOnObjectClassAsMapWithQuotes() throws
Exception {
Foo foo = new Foo();
OgnlUtil util = new OgnlUtil();
@@ -721,6 +739,42 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(expected.getMessage(), "Tree [toString] trying access
excluded pattern [toString]");
}
+public void testAvoidCallingMethodsWithBraces() throws Exception {
+Foo foo = new Foo();
+OgnlUtil util = new OgnlUtil();
+util.setEnableExpressionCache("false");
+util.setExcludedProperties("toString");
+
+Exception expected = null;
+try {
+util.setValue("toString()",
ActionContext.getContext().getContextMap(), foo, true);
+fail();
+} catch (OgnlException e) {
+expected = e;
+}
+assertNotNull(expected);
+assertSame(expected.getClass(), OgnlException.class);
+assertEquals(expected.getMessage(), "Tree [toString()] trying access
excluded pattern [toString()]");
+}
+
+public void testAvoidCallingSomeClasses() throws Exception {
+Foo foo = new Foo();
+OgnlUtil util = new OgnlUtil();
+util.setEnableExpressionCache("false");
+util.setExcludedProperties("Runtime");
+
+Exception expected = null;
+try {
+util.setValue("@java.lang.Runtime@getRuntime().exec('mate')",
ActionContext.getContext().getContextMap(), foo, true);
+fail();
+} catch (OgnlException e) {
+expected = e;
+}
+assertNotNull(expected);
+assertSame(expected.getClass(), OgnlException.class);
+assertEquals(expected.getMessage(), "Tree [toString()] trying access
excluded pattern [toString()]");
+}
+
public static class Email {
String address;
[47/50] git commit: Adds additional default exclude patterns to avoid access to #context
Adds additional default exclude patterns to avoid access to #context
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/eb8aae87
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/eb8aae87
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/eb8aae87
Branch: refs/heads/develop
Commit: eb8aae87521e627d3cd333e4dc351390bf1e80dc
Parents: 5ebc064
Author: Lukasz Lenart
Authored: Thu Jun 5 08:25:24 2014 +0200
Committer: Lukasz Lenart
Committed: Thu Jun 5 08:25:24 2014 +0200
--
.../xwork2/security/DefaultExcludedPatternsChecker.java| 4 +++-
.../xwork2/interceptor/ParametersInterceptorTest.java | 6 ++
.../xwork2/security/DefaultExcludedPatternsCheckerTest.java| 4
3 files changed, 9 insertions(+), 5 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/eb8aae87/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index f0a3d62..983ce63 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -23,7 +23,9 @@ public class DefaultExcludedPatternsChecker implements
ExcludedPatternsChecker {
"(^|.*#)request(\\.|\\[).*",
"(^|.*#)application(\\.|\\[).*",
"(^|.*#)servlet(Request|Response)(\\.|\\[).*",
-"(^|.*#)parameters(\\.|\\[).*"
+"(^|.*#)parameters(\\.|\\[).*",
+"(^|.*#)context(\\.|\\[).*",
+"(^|.*#)_memberAccess(\\.|\\[).*"
};
private Set excludedPatterns;
http://git-wip-us.apache.org/repos/asf/struts/blob/eb8aae87/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index ce86051..d6fc7c5 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -110,13 +110,11 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
pi.setParameters(action, vs, params);
// then
-assertEquals(2, action.getActionMessages().size());
+assertEquals(1, action.getActionMessages().size());
String msg1 = action.getActionMessage(0);
-String msg2 = action.getActionMessage(1);
-assertTrue(msg1.contains("Error setting expression 'name' with value
'(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new
java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true), @java.lang.Runtime@getRuntime().exec('mkdir
/tmp/PWNAGE'))(meh)'"));
-assertTrue(msg2.contains("Error setting expression 'top['name'](0)'
with value 'true'"));
+assertTrue(msg1.contains("Error setting expression 'top['name'](0)'
with value 'true'"));
assertNull(action.getName());
}
http://git-wip-us.apache.org/repos/asf/struts/blob/eb8aae87/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
index 32121b9..6125521 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
@@ -39,6 +39,10 @@ public class DefaultExcludedPatternsCheckerTest extends
XWorkTestCase {
add("%{#parameters.test}");
add("%{#Parameters['test']}");
add("%{#Parameters.test}");
+
add("#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse')");
+
add("%{#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse')}");
+add("#_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true)");
+add("%{#_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boo
[27/50] git commit: Uses newly defined Struts bean instead duplicating logic
Uses newly defined Struts bean instead duplicating logic
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/735fd961
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/735fd961
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/735fd961
Branch: refs/heads/develop
Commit: 735fd96114413181defb17cd49aa75da232a7040
Parents: 9884c49
Author: Lukasz Lenart
Authored: Mon May 12 08:27:30 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 12 08:27:30 2014 +0200
--
.../struts2/interceptor/CookieInterceptor.java | 49
.../interceptor/CookieInterceptorTest.java | 11 +
2 files changed, 30 insertions(+), 30 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/735fd961/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
--
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
index 340b57f..8998c5c 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
@@ -23,17 +23,18 @@ package org.apache.struts2.interceptor;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
+import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
-import com.opensymphony.xwork2.ExcludedPatterns;
+import com.opensymphony.xwork2.ExcludedPatternsChecker;
import com.opensymphony.xwork2.util.TextParseUtil;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import org.apache.struts2.ServletActionContext;
+import org.apache.struts2.StrutsConstants;
import javax.servlet.http.Cookie;
import java.util.Collections;
-import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
@@ -176,12 +177,12 @@ public class CookieInterceptor extends
AbstractInterceptor {
// Allowed names of cookies
private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PATTERN,
Pattern.CASE_INSENSITIVE);
-private Set excludedPatterns = new HashSet();
-public CookieInterceptor() {
-for (String pattern : ExcludedPatterns.EXCLUDED_PATTERNS) {
-excludedPatterns.add(Pattern.compile(pattern,
Pattern.CASE_INSENSITIVE));
-}
+private ExcludedPatternsChecker excludedPatternsChecker;
+
+@Inject(StrutsConstants.STRUTS_EXCLUDED_PATTERNS_CHECKER)
+public void setExcludedPatternsChecker(ExcludedPatternsChecker
excludedPatternsChecker) {
+this.excludedPatternsChecker = excludedPatternsChecker;
}
/**
@@ -260,16 +261,7 @@ public class CookieInterceptor extends AbstractInterceptor
{
* @return true|false
*/
protected boolean isAcceptableValue(String value) {
-for (Pattern excludedPattern : excludedPatterns) {
-boolean matches = !excludedPattern.matcher(value).matches();
-if (!matches) {
-if (LOG.isTraceEnabled()) {
-LOG.trace("Cookie value [#0] matches excludedPattern
[#1]", value, excludedPattern.toString());
-}
-return false;
-}
-}
-return true;
+return !isExcluded(value) && isAccepted(value);
}
/**
@@ -283,7 +275,7 @@ public class CookieInterceptor extends AbstractInterceptor {
}
/**
- * Checks if name of Cookie match {@link #acceptedPattern}
+ * Checks if name/value of Cookie is acceptable
*
* @param name of Cookie
* @return true|false
@@ -303,24 +295,21 @@ public class CookieInterceptor extends
AbstractInterceptor {
}
/**
- * Checks if name of Cookie match {@link #excludedPatterns}
+ * Checks if name/value of Cookie is excluded
*
* @param name of Cookie
* @return true|false
*/
protected boolean isExcluded(String name) {
-for (Pattern excludedPattern : excludedPatterns) {
-boolean matches = excludedPattern.matcher(name).matches();
-if (matches) {
-if (LOG.isTraceEnabled()) {
-LOG.trace("Cookie [#0] matches excludedPattern [#1]",
name, excludedPattern.toString());
-}
-return true;
-} else {
-if (LOG.isTraceEnabled()) {
-LOG.trace("Cookie [#0] doesn't match excludedPattern
[#1]", name, excludedPattern.toString());
-}
+ExcludedPatternsChecker.IsExcluded excluded =
excl
[40/50] git commit: Uses new service to check if param matches accepted patterns
Uses new service to check if param matches accepted patterns
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/8a93df10
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/8a93df10
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/8a93df10
Branch: refs/heads/develop
Commit: 8a93df10c4f5f3f22f1837c47b4ca9b4facc4f94
Parents: b140faa
Author: Lukasz Lenart
Authored: Wed May 21 09:03:51 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 21 09:03:51 2014 +0200
--
.../org/apache/struts2/StrutsConstants.java | 4 +-
.../config/DefaultBeanSelectionProvider.java| 3 ++
core/src/main/resources/struts-default.xml | 1 +
.../providers/XWorkConfigurationProvider.java | 3 ++
.../interceptor/ParametersInterceptor.java | 56 +---
.../interceptor/ParametersInterceptorTest.java | 11 +---
6 files changed, 37 insertions(+), 41 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/8a93df10/core/src/main/java/org/apache/struts2/StrutsConstants.java
--
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index d173add..8c0c5ce 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -285,10 +285,12 @@ public final class StrutsConstants {
/** Comma delimited set of excluded classes which cannot be accessed via
expressions **/
public static final String STRUTS_EXCLUDED_CLASSES =
"struts.excludedClasses";
-/** Dedicated service to check if passed string is excluded or not **/
+/** Dedicated services to check if passed string is excluded/accepted **/
public static final String STRUTS_EXCLUDED_PATTERNS_CHECKER =
"struts.excludedPatterns.checker";
+public static final String STRUTS_ACCEPTED_PATTERNS_CHECKER =
"struts.acceptedPatterns.checker";
/** Constant is used to override framework's default excluded patterns **/
public static final String STRUTS_OVERRIDE_EXCLUDED_PATTERNS =
"struts.override.excludedPatterns";
+public static final String STRUTS_OVERRIDE_ACCEPTED_PATTERNS =
"struts.override.acceptedPatterns";
}
http://git-wip-us.apache.org/repos/asf/struts/blob/8a93df10/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index be4fa82..4334d3c 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -22,6 +22,7 @@
package org.apache.struts2.config;
import com.opensymphony.xwork2.ActionProxyFactory;
+import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
import com.opensymphony.xwork2.FileManager;
import com.opensymphony.xwork2.FileManagerFactory;
@@ -392,6 +393,7 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
/** Checker is used mostly in interceptors, so there be one instance
of checker per interceptor with Scope.DEFAULT **/
alias(ExcludedPatternsChecker.class,
StrutsConstants.STRUTS_EXCLUDED_PATTERNS_CHECKER, builder, props,
Scope.DEFAULT);
+alias(AcceptedPatternsChecker.class,
StrutsConstants.STRUTS_ACCEPTED_PATTERNS_CHECKER, builder, props,
Scope.DEFAULT);
switchDevMode(props);
@@ -403,6 +405,7 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD,
XWorkConstants.RELOAD_XML_CONFIGURATION);
convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES,
XWorkConstants.OGNL_EXCLUDED_CLASSES);
convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_EXCLUDED_PATTERNS,
XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS);
+convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_ACCEPTED_PATTERNS,
XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS);
LocalizedTextUtil.addDefaultResourceBundle("org/apache/struts2/struts-messages");
loadCustomResourceBundles(props);
http://git-wip-us.apache.org/repos/asf/struts/blob/8a93df10/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 2fc16c9..a1aa63f 100644
--- a/core/src/mai
[15/50] git commit: Updates test to use new excluded classes
Updates test to use new excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/cdfb94d7
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/cdfb94d7
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/cdfb94d7
Branch: refs/heads/develop
Commit: cdfb94d712e2b71bcf42f87f6c1b7d02d784dd87
Parents: afb5af1
Author: Lukasz Lenart
Authored: Sat May 3 20:17:19 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:17:19 2014 +0200
--
.../impl/AnnotationXWorkConverterTest.java | 10 +-
.../opensymphony/xwork2/ognl/OgnlUtilTest.java | 115 ---
.../xwork2/ognl/OgnlValueStackTest.java | 1 +
3 files changed, 54 insertions(+), 72 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/cdfb94d7/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
index 4a7f517..14d9be1 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
@@ -374,8 +374,8 @@ public class AnnotationXWorkConverterTest extends
XWorkTestCase {
stack.setValue("genericMap[456.12]", "42");
assertEquals(2, gb.getGenericMap().size());
-assertEquals(Integer.class,
stack.findValue("genericMap.get(123.12).class"));
-assertEquals(Integer.class,
stack.findValue("genericMap.get(456.12).class"));
+assertEquals("66",
stack.findValue("genericMap.get(123.12).toString()"));
+assertEquals("42",
stack.findValue("genericMap.get(456.12).toString()"));
assertEquals(66, stack.findValue("genericMap.get(123.12)"));
assertEquals(42, stack.findValue("genericMap.get(456.12)"));
assertEquals(true, stack.findValue("genericMap.containsValue(66)"));
@@ -393,8 +393,8 @@ public class AnnotationXWorkConverterTest extends
XWorkTestCase {
stack.setValue("genericMap[456.12]", "42");
assertEquals(2, gb.getGenericMap().size());
-assertEquals(Integer.class,
stack.findValue("genericMap.get(123.12).class"));
-assertEquals(Integer.class,
stack.findValue("genericMap.get(456.12).class"));
+assertEquals("66",
stack.findValue("genericMap.get(123.12).toString()"));
+assertEquals("42",
stack.findValue("genericMap.get(456.12).toString()"));
assertEquals(66, stack.findValue("genericMap.get(123.12)"));
assertEquals(42, stack.findValue("genericMap.get(456.12)"));
assertEquals(true, stack.findValue("genericMap.containsValue(66)"));
@@ -409,7 +409,7 @@ public class AnnotationXWorkConverterTest extends
XWorkTestCase {
stack.push(gb);
assertEquals(1, gb.getGetterList().size());
-assertEquals(Double.class, stack.findValue("getterList.get(0).class"));
+assertEquals("42.42", stack.findValue("getterList.get(0).toString()"));
assertEquals(new Double(42.42), stack.findValue("getterList.get(0)"));
assertEquals(new Double(42.42), gb.getGetterList().get(0));
http://git-wip-us.apache.org/repos/asf/struts/blob/cdfb94d7/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index 98ff671..e8733d6 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -82,7 +82,7 @@ public class OgnlUtilTest extends XWorkTestCase {
});
Owner owner = new Owner();
-Map context = Ognl.createDefaultContext(owner);
+Map context = ognlUtil.createDefaultContext(owner);
Map props = new HashMap();
props.put("dog.name", dogName);
@@ -107,7 +107,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testCanSetDependentObjectArray() {
EmailAction action = new EmailAction();
-Map context = Ognl.createDefaultContext(action);
+Map context = ognlUtil.createDefaultContext(action);
Map props = new HashMap();
props.put("email[0].address", "addr1");
@@ -125,7 +125,7 @@ public class OgnlUtilTest extends XWorkTestCase {
Foo foo1 = new Foo();
Foo foo2 = new Foo();
-Map context
[36/50] git commit: Moves security related classes to security package
Moves security related classes to security package
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7faf91ab
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7faf91ab
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7faf91ab
Branch: refs/heads/develop
Commit: 7faf91abe1987aa812655860b4e7ef1ad2f93644
Parents: 83b76b0
Author: Lukasz Lenart
Authored: Mon May 19 09:59:23 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 19 09:59:23 2014 +0200
--
core/src/main/resources/struts-default.xml | 2 +-
.../struts2/TestConfigurationProvider.java | 2 +-
.../interceptor/CookieInterceptorTest.java | 2 +-
.../xwork2/DefaultExcludedPatternsChecker.java | 82 ---
.../providers/XWorkConfigurationProvider.java | 2 +-
.../DefaultExcludedPatternsChecker.java | 83
.../security/ExcludedPatternsChecker.java | 82 +++
7 files changed, 169 insertions(+), 86 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 2d74b4f..ecfa5cf 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,7 +144,7 @@
-
+
http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
--
diff --git
a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
index 9323f02..d9da6c4 100644
--- a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
+++ b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
@@ -24,7 +24,7 @@ package org.apache.struts2;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionProxyFactory;
import com.opensymphony.xwork2.DefaultActionProxyFactory;
-import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
+import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker;
import com.opensymphony.xwork2.ExcludedPatternsChecker;
import com.opensymphony.xwork2.ObjectFactory;
import com.opensymphony.xwork2.config.Configuration;
http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
--
diff --git
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
index 1f642f5..a531a69 100644
---
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
+++
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
@@ -27,7 +27,7 @@ import java.util.Map;
import javax.servlet.http.Cookie;
-import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
+import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker;
import com.opensymphony.xwork2.mock.MockActionInvocation;
import org.easymock.MockControl;
import org.springframework.mock.web.MockHttpServletRequest;
http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
deleted file mode 100644
index eabd621..000
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package com.opensymphony.xwork2;
-
-import com.opensymphony.xwork2.inject.Inject;
-import com.opensymphony.xwork2.util.TextParseUtil;
-import com.opensymphony.xwork2.util.logging.Logger;
-import com.opensymphony.xwork2.util.logging.LoggerFactory;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.regex.Pattern;
-
-public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker
{
-
-private static final Logger LOG =
LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class);
-
-public static final String[] EXCLUDED_PATTERNS = {
-"(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
-"^dojo\\..*",
-"^struts\\..*",
-"^session\\..*",
-"^request\\..*",
-
[17/50] git commit: Removes hardcoded excluded params
Removes hardcoded excluded params
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/cb590742
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/cb590742
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/cb590742
Branch: refs/heads/develop
Commit: cb590742892c39dc6abb84f6a85d87235d555f32
Parents: f84efa5
Author: Lukasz Lenart
Authored: Sun May 4 10:48:09 2014 +0200
Committer: Lukasz Lenart
Committed: Sun May 4 10:48:09 2014 +0200
--
.../interceptor/ParametersInterceptor.java | 16 +++---
.../interceptor/ParametersInterceptorTest.java | 16 ++
.../src/test/resources/xwork-test-beans.xml | 22 ++--
3 files changed, 17 insertions(+), 37 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/cb590742/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
index cb38d57..e09ab54 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
@@ -141,21 +141,16 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
private static final Logger LOG =
LoggerFactory.getLogger(ParametersInterceptor.class);
-public static final String ACCEPTED_PARAM_NAMES =
"\\w+((\\.\\w+)|(\\[\\d+\\])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'\\])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*";
-
protected static final int PARAM_NAME_MAX_LENGTH = 100;
private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
+private boolean devMode = false;
protected boolean ordered = false;
+
protected Set excludeParams = Collections.emptySet();
protected Set acceptParams = Collections.emptySet();
-private boolean devMode = false;
-
-// Allowed names of parameters
-private Pattern acceptedPattern = Pattern.compile(ACCEPTED_PARAM_NAMES);
-
private ValueStackFactory valueStackFactory;
@Inject
@@ -426,13 +421,8 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
}
notifyDeveloper("Parameter [#0] didn't match acceptParams list of
patterns!", paramName);
return false;
-} else {
-boolean matches = acceptedPattern.matcher(paramName).matches();
-if (!matches) {
-notifyDeveloper("Parameter [#0] didn't match acceptedPattern
pattern!", paramName);
-}
-return matches;
}
+return true;
}
protected boolean isExcluded(String paramName) {
http://git-wip-us.apache.org/repos/asf/struts/blob/cb590742/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index f0adf02..79f46e6 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -32,11 +32,13 @@ import
com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.mock.MockActionInvocation;
import com.opensymphony.xwork2.ognl.OgnlValueStack;
import com.opensymphony.xwork2.ognl.OgnlValueStackFactory;
+import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.ValueStackFactory;
import junit.framework.Assert;
+import ognl.OgnlContext;
import ognl.PropertyAccessor;
import java.io.File;
@@ -293,9 +295,8 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
//then
assertEquals("This is blah", ((SimpleAction)
proxy.getAction()).getBlah());
-Object allowMethodAccess =
stack.findValue("\u0023_memberAccess['allowStaticMethodAccess']");
-assertNotNull(allowMethodAccess);
-assertEquals(Boolean.FALSE, allowMethodAccess);
+boolean allowMethodAccess = ((SecurityMemberAccess) ((OgnlContext)
stack.getContext()).getMemberAccess()).getAllowStaticMethodAccess();
+assertFalse(allowMethodAccess);
}
public void testParame
[34/50] git commit: Adds new dependency to allow tests pass
Adds new dependency to allow tests pass
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/d1d81f8a
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/d1d81f8a
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/d1d81f8a
Branch: refs/heads/develop
Commit: d1d81f8a77e05ade18d67571816510d6655cee1e
Parents: 5ec47b1
Author: Lukasz Lenart
Authored: Wed May 14 08:26:27 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 14 08:26:27 2014 +0200
--
.../xwork2/config/providers/XWorkConfigurationProvider.java | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/d1d81f8a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
index 0d48999..c341d98 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
@@ -2,9 +2,11 @@ package com.opensymphony.xwork2.config.providers;
import com.opensymphony.xwork2.ActionProxyFactory;
import com.opensymphony.xwork2.DefaultActionProxyFactory;
+import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
import com.opensymphony.xwork2.DefaultLocaleProvider;
import com.opensymphony.xwork2.DefaultTextProvider;
import com.opensymphony.xwork2.DefaultUnknownHandlerManager;
+import com.opensymphony.xwork2.ExcludedPatternsChecker;
import com.opensymphony.xwork2.FileManager;
import com.opensymphony.xwork2.FileManagerFactory;
import com.opensymphony.xwork2.LocaleProvider;
@@ -168,7 +170,11 @@ public class XWorkConfigurationProvider implements
ConfigurationProvider {
.factory(ArrayConverter.class, Scope.SINGLETON)
.factory(DateConverter.class, Scope.SINGLETON)
.factory(NumberConverter.class, Scope.SINGLETON)
-.factory(StringConverter.class, Scope.SINGLETON);
+.factory(StringConverter.class, Scope.SINGLETON)
+
+.factory(ExcludedPatternsChecker.class,
DefaultExcludedPatternsChecker.class, Scope.DEFAULT)
+;
+
props.setProperty(XWorkConstants.DEV_MODE, Boolean.FALSE.toString());
props.setProperty(XWorkConstants.LOG_MISSING_PROPERTIES,
Boolean.FALSE.toString());
props.setProperty(XWorkConstants.ENABLE_OGNL_EXPRESSION_CACHE,
Boolean.TRUE.toString());
[35/50] git commit: Updates tests to match new requirements
Updates tests to match new requirements
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/83b76b0f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/83b76b0f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/83b76b0f
Branch: refs/heads/develop
Commit: 83b76b0fe83411d93dc2c534c8c47dc53f0dca82
Parents: d1d81f8
Author: Lukasz Lenart
Authored: Wed May 14 08:26:43 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 14 08:26:43 2014 +0200
--
.../org/apache/struts2/TestConfigurationProvider.java| 5 +
xwork-core/src/test/resources/xwork-class-param-test.xml | 11 +++
2 files changed, 16 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/83b76b0f/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
--
diff --git
a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
index cd42ed5..9323f02 100644
--- a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
+++ b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
@@ -24,6 +24,8 @@ package org.apache.struts2;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionProxyFactory;
import com.opensymphony.xwork2.DefaultActionProxyFactory;
+import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
+import com.opensymphony.xwork2.ExcludedPatternsChecker;
import com.opensymphony.xwork2.ObjectFactory;
import com.opensymphony.xwork2.config.Configuration;
import com.opensymphony.xwork2.config.ConfigurationException;
@@ -164,5 +166,8 @@ public class TestConfigurationProvider implements
ConfigurationProvider {
if (!builder.contains(ActionProxyFactory.class)) {
builder.factory(ActionProxyFactory.class,
DefaultActionProxyFactory.class);
}
+if (!builder.contains(ExcludedPatternsChecker.class)) {
+builder.factory(ExcludedPatternsChecker.class,
DefaultExcludedPatternsChecker.class);
+}
}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/83b76b0f/xwork-core/src/test/resources/xwork-class-param-test.xml
--
diff --git a/xwork-core/src/test/resources/xwork-class-param-test.xml
b/xwork-core/src/test/resources/xwork-class-param-test.xml
new file mode 100644
index 000..f12c083
--- /dev/null
+++ b/xwork-core/src/test/resources/xwork-class-param-test.xml
@@ -0,0 +1,11 @@
+http://struts.apache.org/dtds/xwork-2.0.dtd";>
+
+
+
+
+
+
+
+
\ No newline at end of file
[45/50] git commit: Adds option to define additional accepted/excluded patterns Also all patterns are by default case insensitive
Adds option to define additional accepted/excluded patterns
Also all patterns are by default case insensitive
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/89cbe138
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/89cbe138
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/89cbe138
Branch: refs/heads/develop
Commit: 89cbe13853a849340d740d45685e6fd14da93d9b
Parents: 2df72b9
Author: Lukasz Lenart
Authored: Sun Jun 1 10:33:39 2014 +0200
Committer: Lukasz Lenart
Committed: Sun Jun 1 10:33:39 2014 +0200
--
.../org/apache/struts2/StrutsConstants.java | 3 ++
.../config/DefaultBeanSelectionProvider.java| 2 +
.../com/opensymphony/xwork2/XWorkConstants.java | 3 ++
.../DefaultAcceptedPatternsChecker.java | 18 +++
.../DefaultExcludedPatternsChecker.java | 28 ++
.../DefaultAcceptedPatternsCheckerTest.java | 56
.../DefaultExcludedPatternsCheckerTest.java | 56
7 files changed, 147 insertions(+), 19 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/89cbe138/core/src/main/java/org/apache/struts2/StrutsConstants.java
--
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index dd08993..918f91b 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -294,4 +294,7 @@ public final class StrutsConstants {
public static final String STRUTS_OVERRIDE_EXCLUDED_PATTERNS =
"struts.override.excludedPatterns";
public static final String STRUTS_OVERRIDE_ACCEPTED_PATTERNS =
"struts.override.acceptedPatterns";
+public static final String STRUTS_ADDITIONAL_EXCLUDED_PATTERNS =
"struts.additional.excludedPatterns";
+public static final String STRUTS_ADDITIONAL_ACCEPTED_PATTERNS =
"struts.additional.acceptedPatterns";
+
}
http://git-wip-us.apache.org/repos/asf/struts/blob/89cbe138/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index a671133..06b7302 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -407,6 +407,8 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES,
XWorkConstants.OGNL_EXCLUDED_CLASSES);
convertIfExist(props,
StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS,
XWorkConstants.OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS);
+convertIfExist(props,
StrutsConstants.STRUTS_ADDITIONAL_EXCLUDED_PATTERNS,
XWorkConstants.ADDITIONAL_EXCLUDED_PATTERNS);
+convertIfExist(props,
StrutsConstants.STRUTS_ADDITIONAL_ACCEPTED_PATTERNS,
XWorkConstants.ADDITIONAL_ACCEPTED_PATTERNS);
convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_EXCLUDED_PATTERNS,
XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS);
convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_ACCEPTED_PATTERNS,
XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS);
http://git-wip-us.apache.org/repos/asf/struts/blob/89cbe138/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
index 830df78..433b005 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
@@ -21,6 +21,9 @@ public final class XWorkConstants {
public static final String OGNL_EXCLUDED_CLASSES = "ognlExcludedClasses";
public static final String OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS =
"ognlExcludedPackageNamePatterns";
+public static final String ADDITIONAL_EXCLUDED_PATTERNS =
"additionalExcludedPatterns";
+public static final String ADDITIONAL_ACCEPTED_PATTERNS =
"additionalAcceptedPatterns";
+
public static final String OVERRIDE_EXCLUDED_PATTERNS =
"overrideExcludedPatterns";
public static final String OVERRIDE_ACCEPTED_PATTERNS =
"overrideAcceptedPatterns";
http://git-wip-us.apache.org/repos/asf/struts/blob/89cbe138/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
-
[22/50] git commit: Removes override which isn't used anymore
Removes override which isn't used anymore
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7857b869
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7857b869
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7857b869
Branch: refs/heads/develop
Commit: 7857b869a05b12779e35bfe8751828dfbf328fff
Parents: 62ee6b1
Author: Lukasz Lenart
Authored: Mon May 5 21:33:44 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 5 21:33:44 2014 +0200
--
.../xwork2/interceptor/ParametersInterceptorTest.java | 14 --
1 file changed, 14 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/7857b869/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index 6ffb3ff..359618f 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -187,10 +187,6 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
return result;
}
-@Override
-protected void initializeHardCodedExcludePatterns() {
-excludeParams = new HashSet();
-}
};
container.inject(pi);
@@ -307,11 +303,6 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
ParametersInterceptor pi = new ParametersInterceptor() {
@Override
-protected void initializeHardCodedExcludePatterns() {
-this.excludeParams = new HashSet();
-}
-
-@Override
protected boolean isExcluded(String paramName) {
boolean result = super.isExcluded(paramName);
excluded.put(paramName, result);
@@ -744,11 +735,6 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
assertEquals(expected, actual);
}
-public void testExcludedPatternsGetInitialized() throws Exception {
-ParametersInterceptor parametersInterceptor = new
ParametersInterceptor();
-assertEquals(ExcludedPatterns.EXCLUDED_PATTERNS.length,
parametersInterceptor.excludeParams.size());
-}
-
private ValueStack injectValueStack(Map actual) {
ValueStack stack = createStubValueStack(actual);
container.inject(stack);
[21/50] git commit: Adds logging of excluded classes
Adds logging of excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/62ee6b10
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/62ee6b10
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/62ee6b10
Branch: refs/heads/develop
Commit: 62ee6b104ae871807ff073eb206b5f3ec549a302
Parents: a5946d0
Author: Lukasz Lenart
Authored: Mon May 5 21:33:16 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 5 21:33:16 2014 +0200
--
.../com/opensymphony/xwork2/ognl/SecurityMemberAccess.java | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/62ee6b10/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index a35f68b..c14d8b9 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -15,13 +15,14 @@
*/
package com.opensymphony.xwork2.ognl;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
import ognl.DefaultMemberAccess;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collections;
-import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
@@ -33,6 +34,8 @@ import java.util.regex.Pattern;
*/
public class SecurityMemberAccess extends DefaultMemberAccess {
+private static final Logger LOG =
LoggerFactory.getLogger(SecurityMemberAccess.class);
+
private final boolean allowStaticMethodAccess;
private Set excludeProperties = Collections.emptySet();
private Set acceptProperties = Collections.emptySet();
@@ -50,6 +53,9 @@ public class SecurityMemberAccess extends DefaultMemberAccess
{
@Override
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("Target class [#0] and member type [#1] are
excluded!", target, member);
+}
return false;
}
[37/50] git commit: Cleans up after moving to package
Cleans up after moving to package
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ec98c8a9
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ec98c8a9
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ec98c8a9
Branch: refs/heads/develop
Commit: ec98c8a95beb58fface26371b5ae3829493259f5
Parents: 7faf91a
Author: Lukasz Lenart
Authored: Mon May 19 10:08:30 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 19 10:08:30 2014 +0200
--
.../xwork2/ExcludedPatternsChecker.java | 82
.../DefaultExcludedPatternsChecker.java | 2 +-
2 files changed, 1 insertion(+), 83 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/ec98c8a9/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
deleted file mode 100644
index ac0ff6e..000
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package com.opensymphony.xwork2;
-
-import java.util.Set;
-import java.util.regex.Pattern;
-
-/**
- * Used across different interceptors to check if given string matches one of
the excluded patterns.
- */
-public interface ExcludedPatternsChecker {
-
-/**
- * Checks if value matches any of patterns on exclude list
- *
- * @param value to check
- * @return object containing result of matched pattern and pattern itself
- */
-public IsExcluded isExcluded(String value);
-
-/**
- * Allows add additional excluded patterns during runtime
- *
- * @param commaDelimitedPatterns comma delimited string with patterns
- */
-public void addExcludedPatterns(String commaDelimitedPatterns);
-
-/**
- * Allows add additional excluded patterns during runtime
- *
- * @param additionalPatterns array of additional excluded patterns
- */
-public void addExcludedPatterns(String[] additionalPatterns);
-
-/**
- * Allows add additional excluded patterns during runtime
- *
- * @param additionalPatterns set of additional patterns
- */
-public void addExcludedPatterns(Set additionalPatterns);
-
-/**
- * Allow access list of all defined excluded patterns
- *
- * @return set of excluded patterns
- */
-public Set getExcludedPatterns();
-
-public final static class IsExcluded {
-
-private final boolean excluded;
-private final Pattern excludedPattern;
-
-public static IsExcluded yes(Pattern excludedPattern) {
-return new IsExcluded(true, excludedPattern);
-}
-
-public static IsExcluded no() {
-return new IsExcluded(false, null);
-}
-
-private IsExcluded(boolean excluded, Pattern excludedPattern) {
-this.excluded = excluded;
-this.excludedPattern = excludedPattern;
-}
-
-public boolean isExcluded() {
-return excluded;
-}
-
-public Pattern getExcludedPattern() {
-return excludedPattern;
-}
-
-@Override
-public String toString() {
-return "IsExcluded { " +
-"excluded=" + excluded +
-", excludedPattern=" + excludedPattern +
-" }";
-}
-}
-
-}
http://git-wip-us.apache.org/repos/asf/struts/blob/ec98c8a9/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index f2abed6..53854d3 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -11,7 +11,7 @@ import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
-public class DefaultExcludedPatternsChecker implements
com.opensymphony.xwork2.ExcludedPatternsChecker {
+public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker
{
private static final Logger LOG =
LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class);
[26/50] git commit: Cleans up imports
Cleans up imports Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/9884c49f Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/9884c49f Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/9884c49f Branch: refs/heads/develop Commit: 9884c49fd0d4683d3376070bc75d88a4afcb6a25 Parents: 4577e5e Author: Lukasz Lenart Authored: Mon May 12 08:26:50 2014 +0200 Committer: Lukasz Lenart Committed: Mon May 12 08:26:50 2014 +0200 -- .../xwork2/interceptor/ParametersInterceptorTest.java | 3 --- 1 file changed, 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/9884c49f/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java -- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java index 359618f..a2aa92b 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java @@ -18,7 +18,6 @@ package com.opensymphony.xwork2.interceptor; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionProxy; -import com.opensymphony.xwork2.ExcludedPatterns; import com.opensymphony.xwork2.ModelDrivenAction; import com.opensymphony.xwork2.SimpleAction; import com.opensymphony.xwork2.TestBean; @@ -47,12 +46,10 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; import java.util.LinkedHashMap; import java.util.LinkedList; import java.util.List; import java.util.Map; -import java.util.regex.Pattern; /**
[23/50] git commit: Merge branch 'develop' into feature/exclude-object-class
Merge branch 'develop' into feature/exclude-object-class Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/08b44fda Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/08b44fda Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/08b44fda Branch: refs/heads/develop Commit: 08b44fdad666c78e4a7a96c57bbe896eff896829 Parents: 7857b86 63897e8 Author: Lukasz Lenart Authored: Thu May 8 22:07:22 2014 +0200 Committer: Lukasz Lenart Committed: Thu May 8 22:07:22 2014 +0200 -- .../struts2/interceptor/CookieInterceptor.java | 45 +++-- .../interceptor/CookieInterceptorTest.java | 53 2 files changed, 82 insertions(+), 16 deletions(-) --
[25/50] git commit: Defines new extension point
Defines new extension point
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/4577e5ee
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/4577e5ee
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/4577e5ee
Branch: refs/heads/develop
Commit: 4577e5eefb057e80bbdd740b0c56120c15469827
Parents: 65c023b
Author: Lukasz Lenart
Authored: Mon May 12 08:26:33 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 12 08:26:33 2014 +0200
--
core/src/main/java/org/apache/struts2/StrutsConstants.java| 6 ++
.../apache/struts2/config/DefaultBeanSelectionProvider.java | 7 ++-
.../src/main/java/com/opensymphony/xwork2/XWorkConstants.java | 1 +
3 files changed, 13 insertions(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/4577e5ee/core/src/main/java/org/apache/struts2/StrutsConstants.java
--
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index d508373..d173add 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -285,4 +285,10 @@ public final class StrutsConstants {
/** Comma delimited set of excluded classes which cannot be accessed via
expressions **/
public static final String STRUTS_EXCLUDED_CLASSES =
"struts.excludedClasses";
+/** Dedicated service to check if passed string is excluded or not **/
+public static final String STRUTS_EXCLUDED_PATTERNS_CHECKER =
"struts.excludedPatterns.checker";
+
+/** Constant is used to override framework's default excluded patterns **/
+public static final String STRUTS_OVERRIDE_EXCLUDED_PATTERNS =
"struts.override.excludedPatterns";
+
}
http://git-wip-us.apache.org/repos/asf/struts/blob/4577e5ee/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index dedbce5..5304910 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -22,6 +22,7 @@
package org.apache.struts2.config;
import com.opensymphony.xwork2.ActionProxyFactory;
+import com.opensymphony.xwork2.ExcludedPatternsChecker;
import com.opensymphony.xwork2.FileManager;
import com.opensymphony.xwork2.FileManagerFactory;
import com.opensymphony.xwork2.LocaleProvider;
@@ -343,7 +344,7 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
alias(ResultFactory.class,
StrutsConstants.STRUTS_OBJECTFACTORY_RESULTFACTORY, builder, props);
alias(ConverterFactory.class,
StrutsConstants.STRUTS_OBJECTFACTORY_CONVERTERFACTORY, builder, props);
alias(InterceptorFactory.class,
StrutsConstants.STRUTS_OBJECTFACTORY_INTERCEPTORFACTORY, builder, props);
-alias(ValidatorFactory.class,
StrutsConstants.STRUTS_OBJECTFACTORY_INTERCEPTORFACTORY, builder, props);
+alias(ValidatorFactory.class,
StrutsConstants.STRUTS_OBJECTFACTORY_VALIDATORFACTORY, builder, props);
alias(FileManagerFactory.class,
StrutsConstants.STRUTS_FILE_MANAGER_FACTORY, builder, props, Scope.SINGLETON);
@@ -383,6 +384,9 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
alias(DispatcherErrorHandler.class,
StrutsConstants.STRUTS_DISPATCHER_ERROR_HANDLER, builder, props);
+/** Checker is used mostly in interceptors, so there be one instance
of checker per interceptor with Scope.REQUEST **/
+alias(ExcludedPatternsChecker.class,
StrutsConstants.STRUTS_EXCLUDED_PATTERNS_CHECKER, builder, props,
Scope.REQUEST);
+
switchDevMode(props);
// Convert Struts properties into XWork properties
@@ -392,6 +396,7 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
convertIfExist(props,
StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS,
XWorkConstants.ALLOW_STATIC_METHOD_ACCESS);
convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD,
XWorkConstants.RELOAD_XML_CONFIGURATION);
convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES,
XWorkConstants.OGNL_EXCLUDED_CLASSES);
+convertIfExist(props,
StrutsConstants.STRUTS_OVERRIDE_EXCLUDED_PATTERNS,
XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS);
LocalizedTextUtil.addDefaultResourceBundle("org/apache/struts2/struts-messages");
loadCustomResourceBund
[39/50] git commit: Defines new service to check accepted patterns
Defines new service to check accepted patterns
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/b140faad
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/b140faad
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/b140faad
Branch: refs/heads/develop
Commit: b140faad2813809c132ef75e4459f6dbbee664b8
Parents: 97ef7b5
Author: Lukasz Lenart
Authored: Wed May 21 09:03:30 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 21 09:03:30 2014 +0200
--
.../security/AcceptedPatternsChecker.java | 82 ++
.../DefaultAcceptedPatternsChecker.java | 88
2 files changed, 170 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/b140faad/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java
new file mode 100644
index 000..6ea9ec9
--- /dev/null
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java
@@ -0,0 +1,82 @@
+package com.opensymphony.xwork2.security;
+
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Used across different interceptors to check if given string matches one of
the excluded patterns.
+ */
+public interface AcceptedPatternsChecker {
+
+/**
+ * Checks if value matches any of patterns on exclude list
+ *
+ * @param value to check
+ * @return object containing result of matched pattern and pattern itself
+ */
+public IsAccepted isAccepted(String value);
+
+/**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param commaDelimitedPatterns comma delimited string with patterns
+ */
+public void addAcceptedPatterns(String commaDelimitedPatterns);
+
+/**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param additionalPatterns array of additional excluded patterns
+ */
+public void addAcceptedPatterns(String[] additionalPatterns);
+
+/**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param additionalPatterns set of additional patterns
+ */
+public void addAcceptedPatterns(Set additionalPatterns);
+
+/**
+ * Allow access list of all defined excluded patterns
+ *
+ * @return set of excluded patterns
+ */
+public Set getAcceptedPatterns();
+
+public final static class IsAccepted {
+
+private final boolean accepted;
+private final Pattern acceptedPattern;
+
+public static IsAccepted yes(Pattern acceptedPattern) {
+return new IsAccepted(true, acceptedPattern);
+}
+
+public static IsAccepted no() {
+return new IsAccepted(false, null);
+}
+
+private IsAccepted(boolean accepted, Pattern acceptedPattern) {
+this.accepted = accepted;
+this.acceptedPattern = acceptedPattern;
+}
+
+public boolean isAccepted() {
+return accepted;
+}
+
+public Pattern getAcceptedPattern() {
+return acceptedPattern;
+}
+
+@Override
+public String toString() {
+return "IsAccepted {" +
+"accepted=" + accepted +
+", acceptedPattern=" + acceptedPattern +
+" }";
+}
+}
+
+}
http://git-wip-us.apache.org/repos/asf/struts/blob/b140faad/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
new file mode 100644
index 000..fa1b8e1
--- /dev/null
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
@@ -0,0 +1,88 @@
+package com.opensymphony.xwork2.security;
+
+import com.opensymphony.xwork2.XWorkConstants;
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+public class DefaultAcceptedPatternsChecker implements AcceptedPatternsChecker
{
+
+private static final Logger LOG =
LoggerFactory.getLogger(DefaultAcceptedPatternsChecker.class)
[44/50] git commit: Adds javax.* to excluded packages
Adds javax.* to excluded packages Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/2df72b94 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/2df72b94 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/2df72b94 Branch: refs/heads/develop Commit: 2df72b941186b9c0a2a7fdc84cbf6d3001ec30e9 Parents: 5a5af1b Author: Lukasz Lenart Authored: Fri May 23 17:36:45 2014 +0200 Committer: Lukasz Lenart Committed: Fri May 23 17:36:45 2014 +0200 -- core/src/main/resources/struts-default.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/2df72b94/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 0275a48..0fe8e68 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -40,7 +40,7 @@ - +
[10/50] git commit: Renames excluded properties to excluded classes
Renames excluded properties to excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/d5bd607c
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/d5bd607c
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/d5bd607c
Branch: refs/heads/develop
Commit: d5bd607c6fd0cbbf12e75492e7333439758446ea
Parents: c778297
Author: Lukasz Lenart
Authored: Sat May 3 20:13:10 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:13:10 2014 +0200
--
.../src/main/java/com/opensymphony/xwork2/XWorkConstants.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/d5bd607c/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
index 1894372..dfbf6d5 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
@@ -17,6 +17,6 @@ public final class XWorkConstants {
public static final String RELOAD_XML_CONFIGURATION =
"reloadXmlConfiguration";
public static final String ALLOW_STATIC_METHOD_ACCESS =
"allowStaticMethodAccess";
public static final String XWORK_LOGGER_FACTORY = "xwork.loggerFactory";
-public static final String OGNL_EXCLUDED_PROPERTIES =
"ognlExcludedProperties";
+public static final String OGNL_EXCLUDED_CLASSES = "ognlExcludedClasses";
}
[14/50] git commit: Uses excluded classes to
Uses excluded classes to
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/afb5af1c
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/afb5af1c
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/afb5af1c
Branch: refs/heads/develop
Commit: afb5af1cc45aed1ee0404541279cb7f7853fc98b
Parents: f0799fd
Author: Lukasz Lenart
Authored: Sat May 3 20:17:05 2014 +0200
Committer: Lukasz Lenart
Committed: Sat May 3 20:17:05 2014 +0200
--
core/src/main/java/org/apache/struts2/StrutsConstants.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/afb5af1c/core/src/main/java/org/apache/struts2/StrutsConstants.java
--
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index 6be58ad..d508373 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -282,7 +282,7 @@ public final class StrutsConstants {
/** Allows override default DispatcherErrorHandler **/
public static final String STRUTS_DISPATCHER_ERROR_HANDLER =
"struts.dispatcher.errorHandler";
-/** Comma delimited set of excluded properties which cannot be accessed
via expressions **/
-public static final String STRUTS_EXCLUDED_PROPERTIES =
"struts.excludedProperties";
+/** Comma delimited set of excluded classes which cannot be accessed via
expressions **/
+public static final String STRUTS_EXCLUDED_CLASSES =
"struts.excludedClasses";
}
[38/50] git commit: Cleans up after moving to package
Cleans up after moving to package Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/97ef7b50 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/97ef7b50 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/97ef7b50 Branch: refs/heads/develop Commit: 97ef7b50bbf12dcc3e4127c71487ec37f5b7132d Parents: ec98c8a Author: Lukasz Lenart Authored: Mon May 19 10:58:45 2014 +0200 Committer: Lukasz Lenart Committed: Mon May 19 10:58:45 2014 +0200 -- .../org/apache/struts2/config/DefaultBeanSelectionProvider.java | 2 +- .../java/org/apache/struts2/interceptor/CookieInterceptor.java| 3 +-- core/src/main/resources/struts-default.xml| 2 +- .../test/java/org/apache/struts2/TestConfigurationProvider.java | 2 +- .../src/main/java/com/opensymphony/xwork2/XWorkConstants.java | 2 ++ .../xwork2/config/providers/XWorkConfigurationProvider.java | 2 +- .../opensymphony/xwork2/interceptor/ParametersInterceptor.java| 2 +- 7 files changed, 8 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/97ef7b50/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java -- diff --git a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java index 5c29e78..be4fa82 100644 --- a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java +++ b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java @@ -22,7 +22,7 @@ package org.apache.struts2.config; import com.opensymphony.xwork2.ActionProxyFactory; -import com.opensymphony.xwork2.ExcludedPatternsChecker; +import com.opensymphony.xwork2.security.ExcludedPatternsChecker; import com.opensymphony.xwork2.FileManager; import com.opensymphony.xwork2.FileManagerFactory; import com.opensymphony.xwork2.LocaleProvider; http://git-wip-us.apache.org/repos/asf/struts/blob/97ef7b50/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java -- diff --git a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java index dbe47ce..ca195fa 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java @@ -25,13 +25,12 @@ import com.opensymphony.xwork2.ActionContext; import com.opensymphony.xwork2.ActionInvocation; import com.opensymphony.xwork2.inject.Inject; import com.opensymphony.xwork2.interceptor.AbstractInterceptor; -import com.opensymphony.xwork2.ExcludedPatternsChecker; +import com.opensymphony.xwork2.security.ExcludedPatternsChecker; import com.opensymphony.xwork2.util.TextParseUtil; import com.opensymphony.xwork2.util.ValueStack; import com.opensymphony.xwork2.util.logging.Logger; import com.opensymphony.xwork2.util.logging.LoggerFactory; import org.apache.struts2.ServletActionContext; -import org.apache.struts2.StrutsConstants; import javax.servlet.http.Cookie; import java.util.Collections; http://git-wip-us.apache.org/repos/asf/struts/blob/97ef7b50/core/src/main/resources/struts-default.xml -- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index ecfa5cf..2fc16c9 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -144,7 +144,7 @@ - + http://git-wip-us.apache.org/repos/asf/struts/blob/97ef7b50/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java -- diff --git a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java index d9da6c4..f9eb4c7 100644 --- a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java +++ b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java @@ -25,7 +25,7 @@ import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionProxyFactory; import com.opensymphony.xwork2.DefaultActionProxyFactory; import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker; -import com.opensymphony.xwork2.ExcludedPatternsChecker; +import com.opensymphony.xwork2.security.ExcludedPatternsChecker; import com.opensymphony.xwork2.ObjectFactory; import com.opensymphony.xwork2.config.Configuration; import com.opensymphony.xwork2.config.Config
[43/50] git commit: Uses WARN to report if package or class is excluded
Uses WARN to report if package or class is excluded
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5a5af1b5
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5a5af1b5
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5a5af1b5
Branch: refs/heads/develop
Commit: 5a5af1b5879a9865aca03c70ae5bd6f7a3473f7b
Parents: 4ee18f9
Author: Lukasz Lenart
Authored: Fri May 23 09:58:52 2014 +0200
Committer: Lukasz Lenart
Committed: Fri May 23 09:58:52 2014 +0200
--
.../com/opensymphony/xwork2/ognl/SecurityMemberAccess.java | 8
1 file changed, 4 insertions(+), 4 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/5a5af1b5/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 39f882a..d0862e7 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -54,15 +54,15 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
@Override
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
if (isPackageExcluded(target.getClass().getPackage(),
member.getDeclaringClass().getPackage())) {
-if (LOG.isDebugEnabled()) {
-LOG.debug("Target package [#0] and member package [#1] are
excluded!", target, member);
+if (LOG.isWarnEnabled()) {
+LOG.warn("Package of target [#0] or package of member [#1] are
excluded!", target, member);
}
return false;
}
if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
-if (LOG.isDebugEnabled()) {
-LOG.debug("Target class [#0] and member type [#1] are
excluded!", target, member);
+if (LOG.isWarnEnabled()) {
+LOG.warn("Target class [#0] or declaring class of member type
[#1] are excluded!", target, member);
}
return false;
}
[31/50] git commit: Cleans up new extension point
Cleans up new extension point
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/e8e5b51b
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/e8e5b51b
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/e8e5b51b
Branch: refs/heads/develop
Commit: e8e5b51bc64e71cc7645c1083b33e1942bf4a03d
Parents: 833a07e
Author: Lukasz Lenart
Authored: Wed May 14 08:25:00 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 14 08:25:00 2014 +0200
--
.../org/apache/struts2/config/DefaultBeanSelectionProvider.java | 4 ++--
.../java/org/apache/struts2/interceptor/CookieInterceptor.java | 2 +-
core/src/main/resources/struts-default.xml | 4 +---
3 files changed, 4 insertions(+), 6 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/e8e5b51b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
--
diff --git
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index 5296b41..5c29e78 100644
---
a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++
b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -390,8 +390,8 @@ public class DefaultBeanSelectionProvider extends
AbstractBeanSelectionProvider
alias(DispatcherErrorHandler.class,
StrutsConstants.STRUTS_DISPATCHER_ERROR_HANDLER, builder, props);
-/** Checker is used mostly in interceptors, so there be one instance
of checker per interceptor with Scope.REQUEST **/
-alias(ExcludedPatternsChecker.class,
StrutsConstants.STRUTS_EXCLUDED_PATTERNS_CHECKER, builder, props,
Scope.REQUEST);
+/** Checker is used mostly in interceptors, so there be one instance
of checker per interceptor with Scope.DEFAULT **/
+alias(ExcludedPatternsChecker.class,
StrutsConstants.STRUTS_EXCLUDED_PATTERNS_CHECKER, builder, props,
Scope.DEFAULT);
switchDevMode(props);
http://git-wip-us.apache.org/repos/asf/struts/blob/e8e5b51b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
--
diff --git
a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
index 8998c5c..dbe47ce 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/CookieInterceptor.java
@@ -180,7 +180,7 @@ public class CookieInterceptor extends AbstractInterceptor {
private ExcludedPatternsChecker excludedPatternsChecker;
-@Inject(StrutsConstants.STRUTS_EXCLUDED_PATTERNS_CHECKER)
+@Inject
public void setExcludedPatternsChecker(ExcludedPatternsChecker
excludedPatternsChecker) {
this.excludedPatternsChecker = excludedPatternsChecker;
}
http://git-wip-us.apache.org/repos/asf/struts/blob/e8e5b51b/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index f2fb922..2d74b4f 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,9 +144,7 @@
-
-
-
+
[24/50] git commit: Converts class with patterns into Struts bean
Converts class with patterns into Struts bean
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/65c023b6
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/65c023b6
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/65c023b6
Branch: refs/heads/develop
Commit: 65c023b6f3e848fae13135ee90c101a0d0e2f262
Parents: 08b44fd
Author: Lukasz Lenart
Authored: Mon May 12 08:26:12 2014 +0200
Committer: Lukasz Lenart
Committed: Mon May 12 08:26:12 2014 +0200
--
core/src/main/resources/struts-default.xml | 4 +
.../opensymphony/xwork2/ExcludedPatterns.java | 22 ---
.../xwork2/ExcludedPatternsChecker.java | 135 +++
3 files changed, 139 insertions(+), 22 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 1f37ea2..554a8ba 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,6 +144,10 @@
+
+
+
+
http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
deleted file mode 100644
index b618a52..000
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package com.opensymphony.xwork2;
-
-/**
- * ExcludedPatterns contains hard-coded patterns that must be rejected by
{@link com.opensymphony.xwork2.interceptor.ParametersInterceptor}
- * and partially in CookInterceptor
- */
-public class ExcludedPatterns {
-
-public static final String CLASS_ACCESS_PATTERN =
"(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*";
-
-public static final String[] EXCLUDED_PATTERNS = {
-CLASS_ACCESS_PATTERN,
-"^dojo\\..*",
-"^struts\\..*",
-"^session\\..*",
-"^request\\..*",
-"^application\\..*",
-"^servlet(Request|Response)\\..*",
-"^parameters\\..*"
-};
-
-}
http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
new file mode 100644
index 000..ee3eea6
--- /dev/null
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
@@ -0,0 +1,135 @@
+package com.opensymphony.xwork2;
+
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Used across different interceptors to check if given string matches one of
the excluded patterns.
+ * User has two options to change its behaviour:
+ * - define new set of patterns with
+ * - override this class and use then extension point
+ * to inject it in appropriated places
+ */
+public class ExcludedPatternsChecker {
+
+private static final Logger LOG =
LoggerFactory.getLogger(ExcludedPatternsChecker.class);
+
+public static final String[] EXCLUDED_PATTERNS = {
+"(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
+"^dojo\\..*",
+"^struts\\..*",
+"^session\\..*",
+"^request\\..*",
+"^application\\..*",
+"^servlet(Request|Response)\\..*",
+"^parameters\\..*"
+};
+
+private Set excludedPatterns;
+
+public ExcludedPatternsChecker() {
+excludedPatterns = new HashSet();
+for (String pattern : EXCLUDED_PATTERNS) {
+excludedPatterns.add(Pattern.compile(pattern));
+}
+}
+
+@Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required =
false)
+public void setOverrideExcludePatterns(String excludePatterns) {
+if (LOG.isWarnEnabled()) {
+LOG.warn("Overriding [#0] with [#1], be aware that this can affect
safety of your application!",
+XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS,
excludePatterns);
+}
+excludedP
[02/50] git commit: Extends tests to check if excluded properties works on higher level
Extends tests to check if excluded properties works on higher level
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/14ad0ab0
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/14ad0ab0
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/14ad0ab0
Branch: refs/heads/develop
Commit: 14ad0ab00662e847b7959022d0106adfaf3219ea
Parents: bbcee42
Author: Lukasz Lenart
Authored: Fri Apr 25 14:58:40 2014 +0200
Committer: Lukasz Lenart
Committed: Fri Apr 25 14:58:40 2014 +0200
--
.../xwork2/interceptor/ParametersInterceptorTest.java| 11 ---
xwork-core/src/test/resources/xwork-param-test.xml | 1 +
2 files changed, 9 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/14ad0ab0/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index 5a4485d..f0adf02 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -161,12 +161,14 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
// given
final String pollution1 = "class.classLoader.jarPath";
final String pollution2 = "model.class.classLoader.jarPath";
+final String pollution3 = "class.classLoader.defaultAssertionStatus";
loadConfigurationProviders(new XWorkConfigurationProvider(), new
XmlConfigurationProvider("xwork-param-test.xml"));
final Map params = new HashMap() {
{
put(pollution1, "bad");
put(pollution2, "very bad");
+put(pollution3, true);
}
};
@@ -190,16 +192,19 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
pi.setParameters(action, vs, params);
// then
-assertEquals(2, action.getActionMessages().size());
+assertEquals(3, action.getActionMessages().size());
String msg1 = action.getActionMessage(0);
String msg2 = action.getActionMessage(1);
+String msg3 = action.getActionMessage(2);
-assertEquals("Error setting expression 'class.classLoader.jarPath'
with value 'bad'", msg1);
-assertEquals("Error setting expression
'model.class.classLoader.jarPath' with value 'very bad'", msg2);
+assertEquals("Error setting expression
'class.classLoader.defaultAssertionStatus' with value 'true'", msg1);
+assertEquals("Error setting expression 'class.classLoader.jarPath'
with value 'bad'", msg2);
+assertEquals("Error setting expression
'model.class.classLoader.jarPath' with value 'very bad'", msg3);
assertFalse(excluded.get(pollution1));
assertFalse(excluded.get(pollution2));
+assertFalse(excluded.get(pollution3));
}
public void testDoesNotAllowMethodInvocations() throws Exception {
http://git-wip-us.apache.org/repos/asf/struts/blob/14ad0ab0/xwork-core/src/test/resources/xwork-param-test.xml
--
diff --git a/xwork-core/src/test/resources/xwork-param-test.xml
b/xwork-core/src/test/resources/xwork-param-test.xml
index fa081c4..3ca616a 100644
--- a/xwork-core/src/test/resources/xwork-param-test.xml
+++ b/xwork-core/src/test/resources/xwork-param-test.xml
@@ -4,4 +4,5 @@
+
\ No newline at end of file
[29/50] git commit: Extracts interface to simplify implementation by users
Extracts interface to simplify implementation by users
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bfbc4c04
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bfbc4c04
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bfbc4c04
Branch: refs/heads/develop
Commit: bfbc4c04e007393986f374a02dfb7ded23bc9a05
Parents: ba1850a
Author: Lukasz Lenart
Authored: Tue May 13 20:29:21 2014 +0200
Committer: Lukasz Lenart
Committed: Tue May 13 20:29:21 2014 +0200
--
core/src/main/resources/struts-default.xml | 2 +-
.../interceptor/CookieInterceptorTest.java | 20 ++---
.../xwork2/DefaultExcludedPatternsChecker.java | 93
.../xwork2/ExcludedPatternsChecker.java | 92 +--
4 files changed, 106 insertions(+), 101 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/bfbc4c04/core/src/main/resources/struts-default.xml
--
diff --git a/core/src/main/resources/struts-default.xml
b/core/src/main/resources/struts-default.xml
index 554a8ba..f2fb922 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,7 +144,7 @@
-
+
http://git-wip-us.apache.org/repos/asf/struts/blob/bfbc4c04/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
--
diff --git
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
index 2bbaef9..1f642f5 100644
---
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
+++
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
@@ -27,7 +27,7 @@ import java.util.Map;
import javax.servlet.http.Cookie;
-import com.opensymphony.xwork2.ExcludedPatternsChecker;
+import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
import com.opensymphony.xwork2.mock.MockActionInvocation;
import org.easymock.MockControl;
import org.springframework.mock.web.MockHttpServletRequest;
@@ -66,7 +66,7 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
// by default the interceptor doesn't accept any cookies
CookieInterceptor interceptor = new CookieInterceptor();
-interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker());
+interceptor.setExcludedPatternsChecker(new
DefaultExcludedPatternsChecker());
interceptor.intercept(invocation);
@@ -102,7 +102,7 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
actionInvocationControl.replay();
CookieInterceptor interceptor = new CookieInterceptor();
-interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker());
+interceptor.setExcludedPatternsChecker(new
DefaultExcludedPatternsChecker());
interceptor.setCookiesName("*");
interceptor.setCookiesValue("*");
interceptor.intercept(invocation);
@@ -144,7 +144,7 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
actionInvocationControl.replay();
CookieInterceptor interceptor = new CookieInterceptor();
-interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker());
+interceptor.setExcludedPatternsChecker(new
DefaultExcludedPatternsChecker());
interceptor.setCookiesName("cookie1, cookie2, cookie3");
interceptor.setCookiesValue("cookie1value, cookie2value,
cookie3value");
interceptor.intercept(invocation);
@@ -185,7 +185,7 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
actionInvocationControl.replay();
CookieInterceptor interceptor = new CookieInterceptor();
-interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker());
+interceptor.setExcludedPatternsChecker(new
DefaultExcludedPatternsChecker());
interceptor.setCookiesName("cookie1, cookie3");
interceptor.setCookiesValue("cookie1value, cookie2value,
cookie3value");
interceptor.intercept(invocation);
@@ -226,7 +226,7 @@ public class CookieInterceptorTest extends
StrutsInternalTestCase {
actionInvocationControl.replay();
CookieInterceptor interceptor = new CookieInterceptor();
-interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker());
+interceptor.setExcludedPatternsChecker(new
DefaultExcludedPatternsChecker());
interceptor.setCookiesName("cookie1, cookie3");
interceptor.setCookiesValue("*");
interceptor.intercept(invocation);
@@ -267,7 +267,7 @@ public class Cooki
[41/50] git commit: Adds ability to exclude whole packages based on regex
Adds ability to exclude whole packages based on regex
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/dba9da3a
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/dba9da3a
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/dba9da3a
Branch: refs/heads/develop
Commit: dba9da3abf1b5e6f59251b5a6d948c5bc502c9af
Parents: 8a93df1
Author: Lukasz Lenart
Authored: Fri May 23 09:20:07 2014 +0200
Committer: Lukasz Lenart
Committed: Fri May 23 09:20:07 2014 +0200
--
.../xwork2/ognl/SecurityMemberAccess.java | 20
.../xwork2/ognl/SecurityMemberAccessTest.java | 19 +++
2 files changed, 39 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/dba9da3a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index c14d8b9..39f882a 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -40,6 +40,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess
{
private Set excludeProperties = Collections.emptySet();
private Set acceptProperties = Collections.emptySet();
private Set> excludedClasses = Collections.emptySet();
+private Set excludedPackageNamePatterns = Collections.emptySet();
public SecurityMemberAccess(boolean method) {
super(false);
@@ -52,6 +53,13 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
@Override
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
+if (isPackageExcluded(target.getClass().getPackage(),
member.getDeclaringClass().getPackage())) {
+if (LOG.isDebugEnabled()) {
+LOG.debug("Target package [#0] and member package [#1] are
excluded!", target, member);
+}
+return false;
+}
+
if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
if (LOG.isDebugEnabled()) {
LOG.debug("Target class [#0] and member type [#1] are
excluded!", target, member);
@@ -84,6 +92,15 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
return isAcceptableProperty(propertyName);
}
+protected boolean isPackageExcluded(Package targetPackage, Package
memberPackage) {
+for (Pattern pattern : excludedPackageNamePatterns) {
+if (pattern.matcher(targetPackage.getName()).matches() ||
pattern.matcher(memberPackage.getName()).matches()) {
+return true;
+}
+}
+return false;
+}
+
protected boolean isClassExcluded(Class targetClass, Class
declaringClass) {
if (targetClass == Object.class || declaringClass == Object.class) {
return true;
@@ -141,4 +158,7 @@ public class SecurityMemberAccess extends
DefaultMemberAccess {
this.excludedClasses = excludedClasses;
}
+public void setExcludedPackageNamePatterns(Set
excludedPackageNamePatterns) {
+this.excludedPackageNamePatterns = excludedPackageNamePatterns;
+}
}
http://git-wip-us.apache.org/repos/asf/struts/blob/dba9da3a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index 1c14cb2..748d5a9 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -7,6 +7,7 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
+import java.util.regex.Pattern;
public class SecurityMemberAccessTest extends TestCase {
@@ -171,6 +172,24 @@ public class SecurityMemberAccessTest extends TestCase {
assertFalse("barLogic() from BarInterface is accessible!!!",
accessible);
}
+public void testPackageExclusion() throws Exception {
+// given
+SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+Set excluded = new HashSet();
+excluded.add(Pattern.compile("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", ".") + ".*"));
+sma.setExcludedPackageNamePatterns(excluded);
+
+String property
[33/50] git commit: Uses checker instead set of patterns to check if param is excluded
Uses checker instead set of patterns to check if param is excluded
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/5ec47b1e
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/5ec47b1e
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/5ec47b1e
Branch: refs/heads/develop
Commit: 5ec47b1e6df6c59ff3fa466d20f28fda46b60254
Parents: 3d77c34
Author: Lukasz Lenart
Authored: Wed May 14 08:25:50 2014 +0200
Committer: Lukasz Lenart
Committed: Wed May 14 08:25:50 2014 +0200
--
.../interceptor/ParametersInterceptor.java | 43 +++-
.../interceptor/ParametersInterceptorTest.java | 4 +-
2 files changed, 16 insertions(+), 31 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/5ec47b1e/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
index 6de6aad..460aae2 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
@@ -17,6 +17,7 @@ package com.opensymphony.xwork2.interceptor;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
+import com.opensymphony.xwork2.ExcludedPatternsChecker;
import com.opensymphony.xwork2.ValidationAware;
import com.opensymphony.xwork2.XWorkConstants;
import com.opensymphony.xwork2.conversion.impl.InstantiatingNullHandler;
@@ -143,12 +144,13 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
protected static final int PARAM_NAME_MAX_LENGTH = 100;
+private ExcludedPatternsChecker excludedPatterns;
+
private int paramNameMaxLength = PARAM_NAME_MAX_LENGTH;
private boolean devMode = false;
protected boolean ordered = false;
-protected Set excludeParams = Collections.emptySet();
protected Set acceptParams = Collections.emptySet();
private ValueStackFactory valueStackFactory;
@@ -163,7 +165,12 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
devMode = "true".equalsIgnoreCase(mode);
}
- /**
+@Inject
+public void setExcludedPatterns(ExcludedPatternsChecker excludedPatterns) {
+this.excludedPatterns = excludedPatterns;
+}
+
+/**
* Sets a comma-delimited list of regular expressions to match
* parameters that are allowed in the parameter map (aka whitelist).
*
@@ -306,7 +313,7 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
//see WW-2761 for more details
MemberAccessValueStack accessValueStack = (MemberAccessValueStack)
newStack;
accessValueStack.setAcceptProperties(acceptParams);
-accessValueStack.setExcludeProperties(excludeParams);
+
accessValueStack.setExcludeProperties(excludedPatterns.getExcludedPatterns());
}
for (Map.Entry entry :
acceptableParameters.entrySet()) {
@@ -426,14 +433,10 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
}
protected boolean isExcluded(String paramName) {
-if (!this.excludeParams.isEmpty()) {
-for (Pattern pattern : excludeParams) {
-Matcher matcher = pattern.matcher(paramName);
-if (matcher.matches()) {
-notifyDeveloper("Parameter [#0] is on the excludeParams
list of patterns!", paramName);
-return true;
-}
-}
+ExcludedPatternsChecker.IsExcluded result =
excludedPatterns.isExcluded(paramName);
+if (result.isExcluded()) {
+notifyDeveloper("Parameter [#0] is on the excludeParams list of
patterns!", paramName);
+return true;
}
return false;
}
@@ -467,29 +470,13 @@ public class ParametersInterceptor extends
MethodFilterInterceptor {
}
/**
- * Gets a set of regular expressions of parameters to remove
- * from the parameter map
- *
- * @return A set of compiled regular expression patterns
- */
-protected Set getExcludeParamsSet() {
-return excludeParams;
-}
-
-/**
* Sets a comma-delimited list of regular expressions to match
* parameters that should be removed from the parameter map.
*
* @param commaDelim A comma-delimited list of regular expressions
*/
public void setExcludeParams(String commaDelim) {
-Collection excludePatterns =
ArrayUtils.asColl
