[struts] 01/01: WW-5179 Set default value of struts.ognl.expressionMaxLength to 256

2022-05-17 Thread lukaszlenart 
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5179-max-length
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 3f2518afa802d7ef57597b75c70ffb61de1d011a
Author: Lukasz Lenart 
AuthorDate: Tue May 17 20:59:51 2022 +0200

WW-5179 Set default value of struts.ognl.expressionMaxLength to 256
---
 .../main/resources/org/apache/struts2/default.properties| 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/core/src/main/resources/org/apache/struts2/default.properties 
b/core/src/main/resources/org/apache/struts2/default.properties
index b42a64aa2..6c6e06497 100644
--- a/core/src/main/resources/org/apache/struts2/default.properties
+++ b/core/src/main/resources/org/apache/struts2/default.properties
@@ -266,13 +266,12 @@ struts.handle.exception=true
 
 ### Applies maximum length allowed on OGNL expressions for security 
enhancement (optional)
 ###
-### **WARNING**: If developers enable this option (by configuration) they 
should make sure that they understand the implications of setting
-###   struts.ognl.expressionMaxLength.  They must choose a value large enough 
to permit ALL valid OGNL expressions used within the application.
-###   Values larger than the 200-400 range have diminishing security value (at 
which point it is really only a "style guard" for long OGNL
-###   expressions in an application.  Setting a value of null or "" will also 
disable the feature.
-###
-### NOTE: The sample line below is *INTENTIONALLY* commented out, as this 
feature is disabled by default.
-# struts.ognl.expressionMaxLength=256
+### **WARNING**: If developers change this option (by configuration) they 
should make sure that they understand
+###   the implications of setting 'struts.ognl.expressionMaxLength'. They must 
choose a value large enough to permit
+###   ALL valid OGNL expressions used within the application. Values larger 
than the 200-400 range have diminishing
+###   security value (at which point it is really only a "style guard" for 
long OGNL expressions in an application.
+###   Setting a value of null or "" will also disable the feature.
+struts.ognl.expressionMaxLength=256
 
 ### Defines which named instance of DateFormatter to use, there are two 
instances:
 ### - simpleDateFormatter (based on SimpleDateFormat)

[struts] branch WW-5179-max-length created (now 3f2518afa)

2022-05-17 Thread lukaszlenart 
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5179-max-length
in repository https://gitbox.apache.org/repos/asf/struts.git


  at 3f2518afa WW-5179 Set default value of struts.ognl.expressionMaxLength 
to 256

This branch includes the following new commits:

 new 3f2518afa WW-5179 Set default value of struts.ognl.expressionMaxLength 
to 256

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] branch WW-5179-max-length updated: WW-5179 Adjusts test to match new default value

2022-05-17 Thread lukaszlenart 
This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5179-max-length
in repository https://gitbox.apache.org/repos/asf/struts.git


The following commit(s) were added to refs/heads/WW-5179-max-length by this 
push:
 new 123711065 WW-5179 Adjusts test to match new default value
123711065 is described below

commit 1237110652523c16b21eec65f95ea0fc6de57a2e
Author: Lukasz Lenart 
AuthorDate: Tue May 17 21:17:56 2022 +0200

WW-5179 Adjusts test to match new default value
---
 .../xwork2/ognl/OgnlValueStackTest.java| 127 +
 1 file changed, 55 insertions(+), 72 deletions(-)

diff --git 
a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java 
b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
index 37ef14be4..f8e22dbf9 100644
--- a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
@@ -18,7 +18,10 @@
  */
 package com.opensymphony.xwork2.ognl;
 
-import com.opensymphony.xwork2.*;
+import com.opensymphony.xwork2.SimpleAction;
+import com.opensymphony.xwork2.TestBean;
+import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.XWorkTestCase;
 import com.opensymphony.xwork2.config.ConfigurationException;
 import com.opensymphony.xwork2.conversion.impl.ConversionData;
 import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
@@ -26,22 +29,17 @@ import com.opensymphony.xwork2.inject.ContainerBuilder;
 import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
 import com.opensymphony.xwork2.test.StubConfigurationProvider;
 import com.opensymphony.xwork2.test.TestBean2;
-import com.opensymphony.xwork2.util.*;
+import com.opensymphony.xwork2.util.Bar;
+import com.opensymphony.xwork2.util.BarJunior;
+import com.opensymphony.xwork2.util.Cat;
+import com.opensymphony.xwork2.util.CompoundRoot;
+import com.opensymphony.xwork2.util.Dog;
 import com.opensymphony.xwork2.util.Foo;
+import com.opensymphony.xwork2.util.ValueStackFactory;
 import com.opensymphony.xwork2.util.location.LocatableProperties;
 import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
 import ognl.OgnlException;
 import ognl.PropertyAccessor;
-
-import java.io.*;
-import java.math.BigDecimal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import ognl.ParseException;
-
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.core.LogEvent;
@@ -51,10 +49,18 @@ import org.apache.struts2.StrutsConstants;
 import org.apache.struts2.StrutsException;
 import org.apache.struts2.config.DefaultPropertiesProvider;
 
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
 
-/**
- * Unit test for OgnlValueStack.
- */
 public class OgnlValueStackTest extends XWorkTestCase {
 
 // Fields for static field access test
@@ -90,9 +96,9 @@ public class OgnlValueStackTest extends XWorkTestCase {
 
 private OgnlValueStack createValueStack(boolean allowStaticFieldAccess) {
 OgnlValueStack stack = new OgnlValueStack(
-container.getInstance(XWorkConverter.class),
-(CompoundRootAccessor) 
container.getInstance(PropertyAccessor.class, CompoundRoot.class.getName()),
-container.getInstance(TextProvider.class, "system"), 
allowStaticFieldAccess);
+container.getInstance(XWorkConverter.class),
+(CompoundRootAccessor) 
container.getInstance(PropertyAccessor.class, CompoundRoot.class.getName()),
+container.getInstance(TextProvider.class, "system"), 
allowStaticFieldAccess);
 container.inject(stack);
 
ognlUtil.setAllowStaticFieldAccess(Boolean.toString(allowStaticFieldAccess));
 return stack;
@@ -117,8 +123,7 @@ public class OgnlValueStackTest extends XWorkTestCase {
 private OgnlValueStackFactory reloadValueStackFactory(Boolean 
allowStaticField) {
 try {
 reloadTestContainerConfiguration(allowStaticField);
-}
-catch (Exception ex) {
+} catch (Exception ex) {
 fail("Unable to reload container configuration and configure 
ognlValueStackFactory - exception: " + ex);
 }
 
@@ -208,7 +213,7 @@ public class OgnlValueStackTest extends XWorkTestCase {
 vs.findValue("barJunior.title", true);
 }
 
- public void testSuccessFailOnErrorOnInheritedPropertiesWithMethods() {
+public void testSuccessFailOnErrorOnInheritedPropertiesWithMethods() {
 //this shuld not fail as th