[1/4] struts git commit: Solves issue with vulnerable parameters
Repository: struts
Updated Branches:
refs/heads/release-2-3-24-1 [created] 7a9863169
Solves issue with vulnerable parameters
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f420f284
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f420f284
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f420f284
Branch: refs/heads/release-2-3-24-1
Commit: f420f28466cb82915defc4e12466b298c275abaf
Parents: 925741a
Author: Lukasz Lenart
Authored: Tue Sep 22 07:24:49 2015 +0200
Committer: Lukasz Lenart
Committed: Tue Sep 22 07:24:49 2015 +0200
--
.../DefaultExcludedPatternsChecker.java | 2 +-
.../interceptor/ParametersInterceptorTest.java | 6 ++--
.../DefaultExcludedPatternsCheckerTest.java | 35
3 files changed, 40 insertions(+), 3 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/struts/blob/f420f284/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
--
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index d96b67a..93d72ca 100644
---
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -16,7 +16,7 @@ public class DefaultExcludedPatternsChecker implements
ExcludedPatternsChecker {
private static final Logger LOG =
LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class);
public static final String[] EXCLUDED_PATTERNS = {
-
"(^|.*#)(dojo|struts|session|request|application|servlet(Request|Response)|parameters|context|_memberAccess)(\\.|\\[).*",
+
"(^|\\%\\{)((#?)(top(\\.|\\['|\\[\")|\\[\\d\\]\\.)?)(dojo|struts|session|request|response|application|servlet(Request|Response|Context)|parameters|context|_memberAccess)(\\.|\\[).*",
"^(action|method):.*"
};
http://git-wip-us.apache.org/repos/asf/struts/blob/f420f284/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index f20e178..5dcc3e0 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -110,11 +110,13 @@ public class ParametersInterceptorTest extends
XWorkTestCase {
pi.setParameters(action, vs, params);
// then
-assertEquals(1, action.getActionMessages().size());
+assertEquals(2, action.getActionMessages().size());
String msg1 = action.getActionMessage(0);
+String msg2 = action.getActionMessage(1);
-assertTrue(msg1.contains("Error setting expression 'top['name'](0)'
with value 'true'"));
+assertEquals("Error setting expression 'name' with value
'(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new
java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true), @java.lang.Runtime@getRuntime().exec('mkdir
/tmp/PWNAGE'))(meh)'", msg1);
+assertEquals("Error setting expression 'top['name'](0)' with value
'true'", msg2);
assertNull(action.getName());
}
http://git-wip-us.apache.org/repos/asf/struts/blob/f420f284/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
--
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
index 22e4a73..d917808 100644
---
a/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
+++
b/xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
@@ -3,6 +3,7 @@ package com.opensymphony.xwork2.security;
import com.opensymphony.xwork2.XWorkTestCase;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
public class DefaultExcludedPatternsCheckerTest extends XWorkTestCase {
@@ -35,6 +36,10 @@ public class DefaultExcludedPatternsCheckerTest extends
XWorkTestCase {
add("%{#servletResponse.test}");
add("%{#S
[3/4] struts git commit: Updates bom
Updates bom Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/27f451d9 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/27f451d9 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/27f451d9 Branch: refs/heads/release-2-3-24-1 Commit: 27f451d99a110907968c438fd0237b06088fb9dd Parents: 0cefe50 Author: Lukasz Lenart Authored: Tue Sep 22 07:41:42 2015 +0200 Committer: Lukasz Lenart Committed: Tue Sep 22 07:41:42 2015 +0200 -- bom/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/27f451d9/bom/pom.xml -- diff --git a/bom/pom.xml b/bom/pom.xml index cee1958..21863bb 100644 --- a/bom/pom.xml +++ b/bom/pom.xml @@ -10,7 +10,7 @@ struts2-bom -2.3.24 +2.3.24.1-SNAPSHOT pom Struts 2 Bill of Materials @@ -25,7 +25,7 @@ -2.3.24 +2.3.24.1
Git Push Summary
Repository: struts Updated Tags: refs/tags/STRUTS_2_3_24_1 [created] cde489b43
[4/4] struts git commit: [maven-release-plugin] prepare release STRUTS_2_3_24_1
[maven-release-plugin] prepare release STRUTS_2_3_24_1 Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7a986316 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7a986316 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7a986316 Branch: refs/heads/release-2-3-24-1 Commit: 7a9863169f7d981be0d2d57437974ae2cc0c8bd3 Parents: 27f451d Author: Lukasz Lenart Authored: Tue Sep 22 07:49:22 2015 +0200 Committer: Lukasz Lenart Committed: Tue Sep 22 07:49:22 2015 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bom/pom.xml | 4 ++-- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/java8-support/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 2 +- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 4 ++-- xwork-core/pom.xml | 2 +- 53 files changed, 56 insertions(+), 56 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/7a986316/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 369de8d..85ff76f 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.24.1-SNAPSHOT +2.3.24.1 struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/7a986316/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index a12e542..3f29927 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.24.1-SNAPSHOT +2.3.24.1 struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/7a986316/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index 92a74aa..3b7e5cf 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -
struts git commit: [maven-release-plugin] prepare for next development iteration
Repository: struts Updated Branches: refs/heads/release-2-3-24-1 7a9863169 -> bfe51fcb7 [maven-release-plugin] prepare for next development iteration Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bfe51fcb Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bfe51fcb Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bfe51fcb Branch: refs/heads/release-2-3-24-1 Commit: bfe51fcb7f536feae4ad24671fe319d9c5d9a38d Parents: 7a98631 Author: Lukasz Lenart Authored: Tue Sep 22 07:49:39 2015 +0200 Committer: Lukasz Lenart Committed: Tue Sep 22 07:49:39 2015 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bom/pom.xml | 6 +++--- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/java8-support/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 2 +- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 4 ++-- xwork-core/pom.xml | 2 +- 53 files changed, 57 insertions(+), 57 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/bfe51fcb/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 85ff76f..33395d2 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.24.1 +2.3-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/bfe51fcb/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 3f29927..626c588 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.24.1 +2.3-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/bfe51fcb/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index 3b7e5cf..972d17c 100644 --- a/apps/mailreader/pom.xml +++ b/apps
[2/4] struts git commit: Sets SNAPSHOT version
Sets SNAPSHOT version Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/0cefe507 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/0cefe507 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/0cefe507 Branch: refs/heads/release-2-3-24-1 Commit: 0cefe507fb757cc2f53ae87c54fbbec271a265c4 Parents: f420f28 Author: Lukasz Lenart Authored: Tue Sep 22 07:39:39 2015 +0200 Committer: Lukasz Lenart Committed: Tue Sep 22 07:39:39 2015 +0200 -- apps/blank/pom.xml | 2 +- apps/jboss-blank/pom.xml| 2 +- apps/mailreader/pom.xml | 2 +- apps/pom.xml| 2 +- apps/portlet/pom.xml| 2 +- apps/rest-showcase/pom.xml | 4 ++-- apps/showcase/pom.xml | 2 +- archetypes/pom.xml | 2 +- archetypes/struts2-archetype-angularjs/pom.xml | 2 +- archetypes/struts2-archetype-blank/pom.xml | 2 +- archetypes/struts2-archetype-convention/pom.xml | 2 +- archetypes/struts2-archetype-dbportlet/pom.xml | 2 +- archetypes/struts2-archetype-plugin/pom.xml | 2 +- archetypes/struts2-archetype-portlet/pom.xml| 2 +- archetypes/struts2-archetype-starter/pom.xml| 2 +- assembly/pom.xml| 2 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml| 2 +- bundles/pom.xml | 2 +- core/pom.xml| 2 +- plugins/cdi/pom.xml | 2 +- plugins/codebehind/pom.xml | 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dojo/pom.xml| 2 +- plugins/dwr/pom.xml | 2 +- plugins/embeddedjsp/pom.xml | 2 +- plugins/gxp/pom.xml | 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/java8-support/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/jsf/pom.xml | 2 +- plugins/json/pom.xml| 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml| 2 +- plugins/oval/pom.xml| 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml | 2 +- plugins/rest/pom.xml| 2 +- plugins/sitegraph/pom.xml | 2 +- plugins/sitemesh/pom.xml| 2 +- plugins/spring/pom.xml | 2 +- plugins/struts1/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/tiles3/pom.xml | 2 +- pom.xml | 2 +- xwork-core/pom.xml | 2 +- 52 files changed, 53 insertions(+), 53 deletions(-) -- http://git-wip-us.apache.org/repos/asf/struts/blob/0cefe507/apps/blank/pom.xml -- diff --git a/apps/blank/pom.xml b/apps/blank/pom.xml index 530283b..369de8d 100644 --- a/apps/blank/pom.xml +++ b/apps/blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.24 +2.3.24.1-SNAPSHOT struts2-blank http://git-wip-us.apache.org/repos/asf/struts/blob/0cefe507/apps/jboss-blank/pom.xml -- diff --git a/apps/jboss-blank/pom.xml b/apps/jboss-blank/pom.xml index 6877f52..a12e542 100644 --- a/apps/jboss-blank/pom.xml +++ b/apps/jboss-blank/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps -2.3.24 +2.3.24.1-SNAPSHOT struts2-jboss-blank http://git-wip-us.apache.org/repos/asf/struts/blob/0cefe507/apps/mailreader/pom.xml -- diff --git a/apps/mailreader/pom.xml b/apps/mailreader/pom.xml index b7b9631..92a74aa 100644 --- a/apps/mailreader/pom.xml +++ b/apps/mailreader/pom.xml @@ -26,7 +26,7 @@ org.apache.struts struts2-apps - 2.3.24 + 2.3.24.1-SNAPSHOT struts2-mailreader http://git-wip-us.apache.or
