(struts) branch WW-5343-sec-extend updated (de16218cb -> 62988f783)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5343-sec-extend in repository https://gitbox.apache.org/repos/asf/struts.git discard de16218cb WW-5343 Delete unused code and consolidate constructors add 891598545 WW-5334 Fix empty chained context name add 03e232344 Merge pull request #744 from apache/WW-5334-fix-chained-contexts add 20e211061 Reverts version to 6.3.0-SNAPSHOT add 1a88f78a7 [maven-release-plugin] prepare release STRUTS_6_3_0 add a0185f248 [maven-release-plugin] prepare for next development iteration add 85fe68071 Moves all CI notifications to commits@ list add 74e5aad4f Update .asf.yaml add f70feb11e Merge pull request #748 from apache/feature/notify-builds add 50b36695e Bump actions/checkout from 3 to 4 add badb3f457 Merge pull request #751 from apache/dependabot/github_actions/actions/checkout-4 add f0e3cec5c Bump actions/upload-artifact from 3.1.2 to 3.1.3 add 59e9c18ca Merge pull request #752 from apache/dependabot/github_actions/actions/upload-artifact-3.1.3 add 0ba2d69af [maven-release-plugin] prepare release STRUTS_6_3_0_1 add f4253ff8f [maven-release-plugin] prepare for next development iteration add 4c044f125 Always delete uploaded file add 236ae15c6 [maven-release-plugin] prepare release STRUTS_6_3_0_1 add b7f73715d [maven-release-plugin] prepare for next development iteration add 4f5c4ff00 Bump actions/cache from 3.3.1 to 3.3.2 add 142bb9efe Merge pull request #753 from apache/dependabot/github_actions/actions/cache-3.3.2 add bc85d35a2 WW-5341 Make validation more efficient add 501d395b9 Merge pull request #741 from apache/WW-5341-classloaders add bb83a6014 Merge pull request #742 from apache/WW-5342-default-package add 7bd31cf31 WW-5339 Clean up OgnlValueStackTest add 2b70b024b WW-5339 Misc clean up in CompoundRootAccessor add fde2b70fa Merge pull request #745 from apache/WW-5339-cleanup add 452cb774a WW-5340 Refactor OgnlUtil, specifically calls to Ognl#getValue,setValue,parseExpression add 13f0591ca WW-5340 Remove redundant check on #setValue add 65ff2422e WW-5340 Rename functional interface add 90adbfb3c WW-5340 Fix OgnlReflectionProvider bypassing OgnlUtil add 19d26b29a Merge pull request #746 from apache/WW-5340-ognlutil-refactor add 49a27d1b2 replace BeanManager::createInjectionTarget add 61ca68f4a indent CdiObjectFactory with 4 spaces everywhere add 3da11a29a Merge pull request #754 from hepptho/replace-deprecated-beanmanager-method add 684c61560 Split SonarCloud into separate action add 9540ba6a0 Merge pull request #755 from apache/gh-actions-sonar add 8551a09a6 WW-5340 Introducing OGNL Guard add 25585617f WW-5340 Fix tests add f542fde45 WW-5340 Make OgnlGuard a configurable bean add 91d58d31d WW-5340 Cache OgnlGuard result add 2bca0147c WW-5340 Add validation to excluded node configuration add 4ff700e9a WW-5340 Add unit tests add a4a0d70aa WW-5340 Refactor OgnlGuard to do the parsing add 11e4dce71 WW-5340 Correct optimisation add f69364bf6 WW-5340 Rename DefaultOgnlGuard to StrutsOgnlGuard add a75a87364 WW-5340 Repackage OgnlGuard add 4c4ec52b3 WW-5340 Rename blocked by OgnlGuard string add ed5974689 WW-5340 Make excludedNodeTypes protected for subclassing versatility add 6f8844eac Merge pull request #747 from apache/WW-5340-ognl-guard add ebaec639c WW-5348 Introduce protected #logPatternChange method add b8f95bdcc Merge pull request #757 from apache/WW-5348-patterns-logging add 85843b26f WW-5347 Upgrades to commons-digester3 ver 3.2 add 248bc7214 Merge pull request #756 from apache/feature/WW-5347-digester add debcb541e WW-5338 Removes deprecated OgnTool add 3b41e6bcb WW-5338 Removes also deprecated constant in ContextUtil add ff9ecbe08 Merge pull request #758 from apache/feature/WW-5338-remove-ognltool add 529b61115 WW-5344 Un-deprecates Sitemesh plugin and upgrades Sitmesh to ver 2.5.0 add 46c29ae33 Merge pull request #759 from apache/feature/WW-5344-undeprecate add 20eafb632 WW-5340 Mild refactor StrutsOgnlGuard for easier subclassing add 276ede4c8 WW-5340 Add debug logging for rejected form fields add f4029f8fd WW-5340 Sanitize field names before logging add fc03a2b69 Merge pull request #760 from apache/WW-5340-subclassable add 8a95a3f48 Bump ossf/scorecard-action from 2.2.0 to 2.3.0 add a165c02ef Merge pull request #762 from apache/dependabot/github_actions/ossf/scorecard-action-2.3.0 add 8ff8e42e7 Bump org.jfree:jfreechart from 1.5.1 to 1.5.4 add 23feab685 Merge pull request #740 from apache/dependabot/maven/org.jfree-jfreechart-1.5.4 add 4155263e6 WW-5349 Remove Struts core dependency on OGNL VarRefs add 6995eaf2f WW-5349 Remove corresponding unit tests add 9
(struts) 05/10: WW-5343 Make SecurityMemberAccess a prototype bean
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 90344b38108852d0f27c8eb2c52a3c2b8881b0dd
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:22:36 2023 +1100
WW-5343 Make SecurityMemberAccess a prototype bean
---
.../com/opensymphony/xwork2/config/impl/DefaultConfiguration.java| 4 +++-
.../xwork2/config/providers/StrutsDefaultConfigurationProvider.java | 2 ++
.../main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java | 5 +
core/src/main/java/org/apache/struts2/StrutsConstants.java | 2 ++
.../java/org/apache/struts2/config/StrutsBeanSelectionProvider.java | 2 ++
core/src/main/resources/struts-beans.xml | 3 ++-
6 files changed, 16 insertions(+), 2 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
b/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
index b25484222..d0cbcef1c 100644
---
a/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
+++
b/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
@@ -85,6 +85,7 @@ import com.opensymphony.xwork2.ognl.OgnlCacheFactory;
import com.opensymphony.xwork2.ognl.OgnlReflectionProvider;
import com.opensymphony.xwork2.ognl.OgnlUtil;
import com.opensymphony.xwork2.ognl.OgnlValueStackFactory;
+import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.OgnlTextParser;
@@ -133,7 +134,6 @@ public class DefaultConfiguration implements Configuration {
Map constants = new HashMap<>();
constants.put(StrutsConstants.STRUTS_DEVMODE, Boolean.FALSE);
constants.put(StrutsConstants.STRUTS_OGNL_LOG_MISSING_PROPERTIES,
Boolean.FALSE);
-constants.put(StrutsConstants.STRUTS_OGNL_ENABLE_EVAL_EXPRESSION,
Boolean.FALSE);
constants.put(StrutsConstants.STRUTS_OGNL_ENABLE_EXPRESSION_CACHE,
Boolean.TRUE);
constants.put(StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD,
Boolean.FALSE);
constants.put(StrutsConstants.STRUTS_I18N_RELOAD, Boolean.FALSE);
@@ -142,6 +142,7 @@ public class DefaultConfiguration implements Configuration {
constants.put(StrutsConstants.STRUTS_OGNL_EXPRESSION_CACHE_MAXSIZE,
1);
constants.put(StrutsConstants.STRUTS_OGNL_BEANINFO_CACHE_TYPE,
OgnlCacheFactory.CacheType.BASIC);
constants.put(StrutsConstants.STRUTS_OGNL_BEANINFO_CACHE_MAXSIZE,
1);
+constants.put(StrutsConstants.STRUTS_ALLOW_STATIC_FIELD_ACCESS,
Boolean.TRUE);
BOOTSTRAP_CONSTANTS = Collections.unmodifiableMap(constants);
}
@@ -385,6 +386,7 @@ public class DefaultConfiguration implements Configuration {
builder.factory(ExpressionCacheFactory.class,
DefaultOgnlExpressionCacheFactory.class, Scope.SINGLETON);
builder.factory(BeanInfoCacheFactory.class,
DefaultOgnlBeanInfoCacheFactory.class, Scope.SINGLETON);
builder.factory(OgnlUtil.class, Scope.SINGLETON);
+builder.factory(SecurityMemberAccess.class, Scope.PROTOTYPE);
builder.factory(OgnlGuard.class, StrutsOgnlGuard.class,
Scope.SINGLETON);
builder.factory(ValueSubstitutor.class, EnvsValueSubstitutor.class,
Scope.SINGLETON);
diff --git
a/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
b/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
index 625a4fb17..09eeb7c85 100644
---
a/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
+++
b/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
@@ -75,6 +75,7 @@ import
com.opensymphony.xwork2.ognl.OgnlReflectionContextFactory;
import com.opensymphony.xwork2.ognl.OgnlReflectionProvider;
import com.opensymphony.xwork2.ognl.OgnlUtil;
import com.opensymphony.xwork2.ognl.OgnlValueStackFactory;
+import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.ognl.accessor.HttpParametersPropertyAccessor;
import com.opensymphony.xwork2.ognl.accessor.ObjectAccessor;
@@ -230,6 +231,7 @@ public class StrutsDefaultConfigurationProvider implements
ConfigurationProvider
.factory(ExpressionCacheFactory.class,
DefaultOgnlExpressionCacheFactory.class, Scope.SINGLETON)
.factory(BeanInfoCacheFactory.class,
DefaultOgnlBeanInfoCacheFactory.class, Scope.SINGLETON)
.factory(OgnlUtil.class, Scope.SINGLETON)
+.factory(SecurityMemberAccess.class, Scope.PROTOTYPE)
.factory(OgnlGuard.class, StrutsOg
(struts) 09/10: WW-5343 Fix OgnlUtilTest#testBeanMapExpressions
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 8bf47b3679d6b66984a237eb435feaaab8d0b042
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:28:46 2023 +1100
WW-5343 Fix OgnlUtilTest#testBeanMapExpressions
---
.../src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index 8db142ba6..b1ed266a0 100644
--- a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -889,11 +889,11 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testBeanMapExpressions() throws OgnlException,
NoSuchMethodException {
Foo foo = new Foo();
-ognlUtil.setExcludedPackageNames(
-"com.opensymphony.xwork2.ognl."
-);
Map context = ognlUtil.createDefaultContext(foo);
+SecurityMemberAccess sma = (SecurityMemberAccess) ((OgnlContext)
context).getMemberAccess();
+
+sma.useExcludedPackageNames("com.opensymphony.xwork2.ognl");
String expression = "%{\n" +
"(#request.a=#@org.apache.commons.collections.BeanMap@{}) +\n" +
@@ -910,8 +910,7 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(foo.getTitle(), expression);
-SecurityMemberAccess sma = (SecurityMemberAccess) ((OgnlContext)
context).getMemberAccess();
-assertFalse(sma.isAccessible(context, sma,
sma.getClass().getDeclaredMethod("useExcludedClasses", Set.class),
"excludedClasses"));
+assertFalse(sma.isAccessible(context, sma,
sma.getClass().getDeclaredMethod("useExcludedClasses", String.class),
"excludedClasses"));
}
public void testNullProperties() {
(struts) 04/10: WW-5343 Deprecate unnecessary setter
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 9e556e9ed4a49f358c692ea955e2150842a10f3e
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:20:58 2023 +1100
WW-5343 Deprecate unnecessary setter
---
.../main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java| 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index 90846f5fe..a003972d5 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -115,6 +115,7 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
this.root = compoundRoot;
this.securityMemberAccess = new
SecurityMemberAccess(allowStaticFieldAccess);
this.context = Ognl.createDefaultContext(this.root,
securityMemberAccess, accessor, new OgnlTypeConverterWrapper(xworkConverter));
+this.converter = xworkConverter;
context.put(VALUE_STACK, this);
((OgnlContext) context).setTraceEvaluations(false);
((OgnlContext) context).setKeepLastEvaluation(false);
@@ -490,8 +491,11 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
securityMemberAccess.useExcludeProperties(excludeProperties);
}
-@Inject
+/**
+ * @deprecated since 6.4.0, no replacement.
+ */
+@Deprecated
protected void setXWorkConverter(final XWorkConverter converter) {
-this.converter = converter;
+// no-op
}
}
(struts) 03/10: WW-5343 Extract deprecated methods as default interface methods
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit b0b80bac77fac56a019f3c4f5b8bad9e9bf42c01
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:19:47 2023 +1100
WW-5343 Extract deprecated methods as default interface methods
---
.../main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java | 10 --
.../com/opensymphony/xwork2/util/MemberAccessValueStack.java | 8 ++--
2 files changed, 6 insertions(+), 12 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index 69802c5c2..90846f5fe 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -482,20 +482,10 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
((OgnlContext) context).getValues().clear();
}
-@Deprecated
-public void setAcceptProperties(Set acceptedProperties) {
-securityMemberAccess.useAcceptProperties(acceptedProperties);
-}
-
public void useAcceptProperties(Set acceptedProperties) {
securityMemberAccess.useAcceptProperties(acceptedProperties);
}
-@Deprecated
-public void setExcludeProperties(Set excludeProperties) {
-securityMemberAccess.useExcludeProperties(excludeProperties);
-}
-
public void useExcludeProperties(Set excludeProperties) {
securityMemberAccess.useExcludeProperties(excludeProperties);
}
diff --git
a/core/src/main/java/com/opensymphony/xwork2/util/MemberAccessValueStack.java
b/core/src/main/java/com/opensymphony/xwork2/util/MemberAccessValueStack.java
index 86b39f480..de222be97 100644
---
a/core/src/main/java/com/opensymphony/xwork2/util/MemberAccessValueStack.java
+++
b/core/src/main/java/com/opensymphony/xwork2/util/MemberAccessValueStack.java
@@ -31,7 +31,9 @@ public interface MemberAccessValueStack {
* @deprecated please use {@link #useExcludeProperties(Set)}
*/
@Deprecated
-void setExcludeProperties(Set excludeProperties);
+default void setExcludeProperties(Set excludeProperties) {
+useExcludeProperties(excludeProperties);
+}
void useExcludeProperties(Set excludeProperties);
@@ -39,7 +41,9 @@ public interface MemberAccessValueStack {
* @deprecated please use {@link #useAcceptProperties(Set)}
*/
@Deprecated
-void setAcceptProperties(Set acceptedProperties);
+default void setAcceptProperties(Set acceptedProperties) {
+useAcceptProperties(acceptedProperties);
+}
void useAcceptProperties(Set acceptedProperties);
(struts) 01/10: WW-5343 Delete unused code and consolidate constructors
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 79ffc86b68c94cdf8e2f7b4526d415ab1f2ec9c7
Author: Kusal Kithul-Godage
AuthorDate: Thu Aug 31 23:56:02 2023 +1000
WW-5343 Delete unused code and consolidate constructors
---
.../opensymphony/xwork2/ognl/OgnlValueStack.java | 36 -
.../xwork2/util/location/LocationImpl.java | 47 +-
2 files changed, 35 insertions(+), 48 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index 01b6af81d..69802c5c2 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -21,7 +21,6 @@ package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.TextProvider;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
-import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.ClearableValueStack;
@@ -34,7 +33,6 @@ import ognl.NoSuchPropertyException;
import ognl.Ognl;
import ognl.OgnlContext;
import ognl.OgnlException;
-import ognl.PropertyAccessor;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -77,13 +75,26 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
private boolean devMode;
private boolean logMissingProperties;
+protected OgnlValueStack(ValueStack vs,
+ XWorkConverter xworkConverter,
+ CompoundRootAccessor accessor,
+ TextProvider prov,
+ boolean allowStaticFieldAccess) {
+setRoot(xworkConverter,
+accessor,
+vs != null ? new CompoundRoot(vs.getRoot()) : new
CompoundRoot(),
+allowStaticFieldAccess);
+if (prov != null) {
+push(prov);
+}
+}
+
protected OgnlValueStack(XWorkConverter xworkConverter,
CompoundRootAccessor accessor, TextProvider prov, boolean
allowStaticFieldAccess) {
-setRoot(xworkConverter, accessor, new CompoundRoot(),
allowStaticFieldAccess);
-push(prov);
+this(null, xworkConverter, accessor, prov, allowStaticFieldAccess);
}
protected OgnlValueStack(ValueStack vs, XWorkConverter xworkConverter,
CompoundRootAccessor accessor, boolean allowStaticFieldAccess) {
-setRoot(xworkConverter, accessor, new CompoundRoot(vs.getRoot()),
allowStaticFieldAccess);
+this(vs, xworkConverter, accessor, null, allowStaticFieldAccess);
}
@Inject
@@ -464,21 +475,6 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
return root.size();
}
-private Object readResolve() {
-// TODO: this should be done better
-ActionContext ac = ActionContext.getContext();
-Container cont = ac.getContainer();
-XWorkConverter xworkConverter = cont.getInstance(XWorkConverter.class);
-CompoundRootAccessor accessor = (CompoundRootAccessor)
cont.getInstance(PropertyAccessor.class, CompoundRoot.class.getName());
-TextProvider prov = cont.getInstance(TextProvider.class, "system");
-final boolean allowStaticField =
BooleanUtils.toBoolean(cont.getInstance(String.class,
StrutsConstants.STRUTS_ALLOW_STATIC_FIELD_ACCESS));
-OgnlValueStack aStack = new OgnlValueStack(xworkConverter, accessor,
prov, allowStaticField);
-aStack.setOgnlUtil(cont.getInstance(OgnlUtil.class));
-aStack.setRoot(xworkConverter, accessor, this.root, allowStaticField);
-
-return aStack;
-}
-
public void clearContextValues() {
//this is an OGNL ValueStack so the context will be an OgnlContext
diff --git
a/core/src/main/java/com/opensymphony/xwork2/util/location/LocationImpl.java
b/core/src/main/java/com/opensymphony/xwork2/util/location/LocationImpl.java
index 298b34b3f..26b3072df 100644
--- a/core/src/main/java/com/opensymphony/xwork2/util/location/LocationImpl.java
+++ b/core/src/main/java/com/opensymphony/xwork2/util/location/LocationImpl.java
@@ -37,7 +37,7 @@ public class LocationImpl implements Location, Serializable {
private final int line;
private final int column;
private final String description;
-
+
// Package private: outside this package, use Location.UNKNOWN.
static final LocationImpl UNKNOWN = new LocationImpl(null, null, -1, -1);
@@ -71,16 +71,16 @@ public class LocationImpl implements Location, Serializable
{
}
(struts) 10/10: WW-5343 Fix unit test compilation errors
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 62988f783fd6ce78aefb876ac5d84fb314bc5db8
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:30:12 2023 +1100
WW-5343 Fix unit test compilation errors
---
.../xwork2/ognl/OgnlValueStackTest.java| 2 -
.../xwork2/ognl/SecurityMemberAccessTest.java | 155 -
.../util/SecurityMemberAccessInServletsTest.java | 11 +-
.../xwork2/ognl/SecurityMemberAccessProxyTest.java | 2 +-
.../com/test/SecurityMemberAccessProxyTest.java| 49 +--
5 files changed, 60 insertions(+), 159 deletions(-)
diff --git
a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
index 5f0ac5b26..210f7ea8b 100644
--- a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
@@ -48,7 +48,6 @@ import
org.apache.logging.log4j.core.appender.AbstractAppender;
import org.apache.struts2.StrutsConstants;
import org.apache.struts2.StrutsException;
import org.apache.struts2.config.DefaultPropertiesProvider;
-import org.apache.struts2.config.StrutsXmlConfigurationProvider;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -100,7 +99,6 @@ public class OgnlValueStackTest extends XWorkTestCase {
(CompoundRootAccessor)
container.getInstance(PropertyAccessor.class, CompoundRoot.class.getName()),
container.getInstance(TextProvider.class, "system"),
allowStaticFieldAccess);
container.inject(stack);
-
ognlUtil.setAllowStaticFieldAccess(Boolean.toString(allowStaticFieldAccess));
return stack;
}
diff --git
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index 08a3b919e..f25ecd30b 100644
---
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -20,23 +20,19 @@ package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.TestBean;
import com.opensymphony.xwork2.test.TestBean2;
-import com.opensymphony.xwork2.util.TextParseUtil;
+import ognl.MemberAccess;
import org.junit.Before;
import org.junit.Test;
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
-import java.util.regex.Pattern;
-import static java.util.Arrays.asList;
-import static java.util.Collections.singletonList;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -77,9 +73,7 @@ public class SecurityMemberAccessTest {
String propertyName = "stringField";
Member member =
FooBar.class.getDeclaredMethod(formGetterName(propertyName));
-Set excluded = new HashSet<>();
-excluded.add(FooBar.class.getName());
-sma.useExcludedClasses(excluded);
+sma.useExcludedClasses(FooBar.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -120,9 +114,7 @@ public class SecurityMemberAccessTest {
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
-Set excluded = new HashSet<>();
-excluded.add(BarInterface.class.getName());
-sma.useExcludedClasses(excluded);
+sma.useExcludedClasses(BarInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -137,9 +129,7 @@ public class SecurityMemberAccessTest {
String propertyName = "fooLogic";
Member member = FooBar.class.getMethod(propertyName);
-Set excluded = new HashSet<>();
-excluded.add(BarInterface.class.getName());
-sma.useExcludedClasses(excluded);
+sma.useExcludedClasses(BarInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -154,9 +144,7 @@ public class SecurityMemberAccessTest {
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
-Set excluded = new HashSet<>();
-excluded.add(BarInterface.class.getName());
-sma.useExcludedClasses(excluded);
+sma.useExcludedClasses(BarInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -171,9
(struts) 06/10: WW-5343 Refactor OgnlValueStackFactory to utilise SecurityMemberAccess bean
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 7e92a8d7b4c2f06a174fb9330786174abbf23b0a
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:23:51 2023 +1100
WW-5343 Refactor OgnlValueStackFactory to utilise SecurityMemberAccess bean
---
.../opensymphony/xwork2/ognl/OgnlValueStack.java | 74 +-
.../xwork2/ognl/OgnlValueStackFactory.java | 23 +++
2 files changed, 67 insertions(+), 30 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index a003972d5..63802717a 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -75,45 +75,76 @@ public class OgnlValueStack implements Serializable,
ValueStack, ClearableValueS
private boolean devMode;
private boolean logMissingProperties;
+/**
+ * @since 6.4.0
+ */
protected OgnlValueStack(ValueStack vs,
XWorkConverter xworkConverter,
CompoundRootAccessor accessor,
TextProvider prov,
- boolean allowStaticFieldAccess) {
+ SecurityMemberAccess securityMemberAccess) {
setRoot(xworkConverter,
accessor,
vs != null ? new CompoundRoot(vs.getRoot()) : new
CompoundRoot(),
-allowStaticFieldAccess);
+securityMemberAccess);
if (prov != null) {
push(prov);
}
}
+/**
+ * @since 6.4.0
+ */
+protected OgnlValueStack(XWorkConverter xworkConverter,
CompoundRootAccessor accessor, TextProvider prov, SecurityMemberAccess
securityMemberAccess) {
+this(null, xworkConverter, accessor, prov, securityMemberAccess);
+}
+
+/**
+ * @since 6.4.0
+ */
+protected OgnlValueStack(ValueStack vs, XWorkConverter xworkConverter,
CompoundRootAccessor accessor, SecurityMemberAccess securityMemberAccess) {
+this(vs, xworkConverter, accessor, null, securityMemberAccess);
+}
+
+/**
+ * @deprecated since 6.4.0, use {@link #OgnlValueStack(ValueStack,
XWorkConverter, CompoundRootAccessor, TextProvider, SecurityMemberAccess)}
instead.
+ */
+@Deprecated
+protected OgnlValueStack(ValueStack vs,
+ XWorkConverter xworkConverter,
+ CompoundRootAccessor accessor,
+ TextProvider prov,
+ boolean allowStaticFieldAccess) {
+this(vs, xworkConverter, accessor, prov, new
SecurityMemberAccess(allowStaticFieldAccess));
+}
+
+/**
+ * @deprecated since 6.4.0, use {@link #OgnlValueStack(XWorkConverter,
CompoundRootAccessor, TextProvider, SecurityMemberAccess)} instead.
+ */
+@Deprecated
protected OgnlValueStack(XWorkConverter xworkConverter,
CompoundRootAccessor accessor, TextProvider prov, boolean
allowStaticFieldAccess) {
-this(null, xworkConverter, accessor, prov, allowStaticFieldAccess);
+this(xworkConverter, accessor, prov, new
SecurityMemberAccess(allowStaticFieldAccess));
}
+/**
+ * @deprecated since 6.4.0, use {@link #OgnlValueStack(ValueStack,
XWorkConverter, CompoundRootAccessor, SecurityMemberAccess)} instead.
+ */
+@Deprecated
protected OgnlValueStack(ValueStack vs, XWorkConverter xworkConverter,
CompoundRootAccessor accessor, boolean allowStaticFieldAccess) {
-this(vs, xworkConverter, accessor, null, allowStaticFieldAccess);
+this(vs, xworkConverter, accessor, new
SecurityMemberAccess(allowStaticFieldAccess));
}
@Inject
protected void setOgnlUtil(OgnlUtil ognlUtil) {
this.ognlUtil = ognlUtil;
-securityMemberAccess.useExcludedClasses(ognlUtil.getExcludedClasses());
-
securityMemberAccess.useExcludedPackageNamePatterns(ognlUtil.getExcludedPackageNamePatterns());
-
securityMemberAccess.useExcludedPackageNames(ognlUtil.getExcludedPackageNames());
-
securityMemberAccess.useExcludedPackageExemptClasses(ognlUtil.getExcludedPackageExemptClasses());
-
securityMemberAccess.useEnforceAllowlistEnabled(ognlUtil.isEnforceAllowlistEnabled());
-
securityMemberAccess.useAllowlistClasses(ognlUtil.getAllowlistClasses());
-
securityMemberAccess.useAllowlistPackageNames(ognlUtil.getAllowlistPackageNames());
-
securityMemberAccess.disallowProxyMemberAccess(ognlUtil.isDisallowProxyMemberAccess());
-
securityMemberAccess.disallowDefaultPackageAccess(ognlUtil.isDisallowDefaultPackageAccess());
}
-protected void setRoot(XWorkConverter xworkConverter, CompoundRootAccessor
acc
(struts) 08/10: WW-5343 Move configuration injection from OgnlUtil to SecurityMemberAccess
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 4490d9d7727d4915fd6a8e899bc03eded2ee2afc
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:25:29 2023 +1100
WW-5343 Move configuration injection from OgnlUtil to SecurityMemberAccess
---
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 148 ++---
.../xwork2/ognl/SecurityMemberAccess.java | 114 +---
2 files changed, 106 insertions(+), 156 deletions(-)
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 55b27b0e2..62e635fbc 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -18,7 +18,6 @@
*/
package com.opensymphony.xwork2.ognl;
-import com.opensymphony.xwork2.config.ConfigurationException;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.Inject;
@@ -46,22 +45,16 @@ import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-import static
com.opensymphony.xwork2.util.TextParseUtil.commaDelimitedStringToSet;
+import static com.opensymphony.xwork2.util.ConfigParseUtil.toClassesSet;
+import static com.opensymphony.xwork2.util.ConfigParseUtil.toNewPatternsSet;
+import static com.opensymphony.xwork2.util.ConfigParseUtil.toPackageNamesSet;
import static java.util.Collections.emptySet;
-import static java.util.Collections.unmodifiableSet;
import static java.util.Objects.requireNonNull;
-import static java.util.stream.Collectors.toSet;
-import static org.apache.commons.lang3.StringUtils.strip;
-import static org.apache.struts2.StrutsConstants.STRUTS_ALLOWLIST_CLASSES;
-import static org.apache.struts2.StrutsConstants.STRUTS_ALLOWLIST_ENABLE;
-import static
org.apache.struts2.StrutsConstants.STRUTS_ALLOWLIST_PACKAGE_NAMES;
import static org.apache.struts2.ognl.OgnlGuard.EXPR_BLOCKED;
@@ -84,27 +77,15 @@ public class OgnlUtil {
private final OgnlGuard ognlGuard;
private boolean devMode;
-private boolean enableExpressionCache = true;
+private boolean enableExpressionCache;
private boolean enableEvalExpression;
-private Set excludedClasses = emptySet();
-private Set excludedPackageNamePatterns = emptySet();
-private Set excludedPackageNames = emptySet();
-private Set excludedPackageExemptClasses = emptySet();
-
-private boolean enforceAllowlistEnabled = false;
-private Set allowlistClasses = emptySet();
-private Set allowlistPackageNames = emptySet();
-
-private Set devModeExcludedClasses = emptySet();
-private Set devModeExcludedPackageNamePatterns = emptySet();
-private Set devModeExcludedPackageNames = emptySet();
-private Set devModeExcludedPackageExemptClasses = emptySet();
+private String devModeExcludedClasses = "";
+private String devModeExcludedPackageNamePatterns = "";
+private String devModeExcludedPackageNames = "";
+private String devModeExcludedPackageExemptClasses = "";
private Container container;
-private boolean allowStaticFieldAccess = true;
-private boolean disallowProxyMemberAccess = false;
-private boolean disallowDefaultPackageAccess = false;
/**
* Construct a new OgnlUtil instance for use with the framework
@@ -175,87 +156,84 @@ public class OgnlUtil {
}
}
-@Inject(value = StrutsConstants.STRUTS_EXCLUDED_CLASSES, required = false)
+/**
+ * @deprecated since 6.4.0, no replacement.
+ */
+@Deprecated
protected void setExcludedClasses(String commaDelimitedClasses) {
-excludedClasses = toNewClassesSet(excludedClasses,
commaDelimitedClasses);
}
@Inject(value = StrutsConstants.STRUTS_DEV_MODE_EXCLUDED_CLASSES, required
= false)
protected void setDevModeExcludedClasses(String commaDelimitedClasses) {
-devModeExcludedClasses = toNewClassesSet(devModeExcludedClasses,
commaDelimitedClasses);
+this.devModeExcludedClasses = commaDelimitedClasses;
}
-@Inject(value = StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS,
required = false)
+/**
+ * @deprecated since 6.4.0, no replacement.
+ */
+@Deprecated
protected void setExcludedPackageNamePatterns(String
commaDelimitedPackagePatterns) {
-excludedPackageNamePatterns =
toNewPatternsSet(excludedPackageNamePatterns, commaDelimitedPackagePatterns);
}
@Inject(value =
StrutsConstants.STRUTS_DEV_MODE
(struts) 02/10: WW-5343 Extract ConfigParseUtil
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 08253299599394c15111bf0f48ce04bd4eced89d
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:18:48 2023 +1100
WW-5343 Extract ConfigParseUtil
---
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 59 -
.../opensymphony/xwork2/util/ConfigParseUtil.java | 77 ++
2 files changed, 77 insertions(+), 59 deletions(-)
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 1f019f64a..bbcf3bdff 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -185,30 +185,6 @@ public class OgnlUtil {
devModeExcludedClasses = toNewClassesSet(devModeExcludedClasses,
commaDelimitedClasses);
}
-private static Set toClassesSet(String newDelimitedClasses) throws
ConfigurationException {
-Set classNames =
commaDelimitedStringToSet(newDelimitedClasses);
-validateClasses(classNames, OgnlUtil.class.getClassLoader());
-return unmodifiableSet(classNames);
-}
-
-private static Set toNewClassesSet(Set oldClasses, String
newDelimitedClasses) throws ConfigurationException {
-Set classNames =
commaDelimitedStringToSet(newDelimitedClasses);
-validateClasses(classNames, OgnlUtil.class.getClassLoader());
-Set excludedClasses = new HashSet<>(oldClasses);
-excludedClasses.addAll(classNames);
-return unmodifiableSet(excludedClasses);
-}
-
-private static void validateClasses(Set classNames, ClassLoader
validatingClassLoader) throws ConfigurationException {
-for (String className : classNames) {
-try {
-validatingClassLoader.loadClass(className);
-} catch (ClassNotFoundException e) {
-throw new ConfigurationException("Cannot load class for
exclusion/exemption configuration: " + className, e);
-}
-}
-}
-
@Inject(value = StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS,
required = false)
protected void setExcludedPackageNamePatterns(String
commaDelimitedPackagePatterns) {
excludedPackageNamePatterns =
toNewPatternsSet(excludedPackageNamePatterns, commaDelimitedPackagePatterns);
@@ -219,19 +195,6 @@ public class OgnlUtil {
devModeExcludedPackageNamePatterns =
toNewPatternsSet(devModeExcludedPackageNamePatterns,
commaDelimitedPackagePatterns);
}
-private static Set toNewPatternsSet(Set oldPatterns,
String newDelimitedPatterns) throws ConfigurationException {
-Set patterns = commaDelimitedStringToSet(newDelimitedPatterns);
-Set newPatterns = new HashSet<>(oldPatterns);
-for (String pattern: patterns) {
-try {
-newPatterns.add(Pattern.compile(pattern));
-} catch (PatternSyntaxException e) {
-throw new ConfigurationException("Excluded package name
patterns could not be parsed due to invalid regex: " + pattern, e);
-}
-}
-return unmodifiableSet(newPatterns);
-}
-
@Inject(value = StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAMES, required =
false)
protected void setExcludedPackageNames(String commaDelimitedPackageNames) {
excludedPackageNames = toNewPackageNamesSet(excludedPackageNames,
commaDelimitedPackageNames);
@@ -242,28 +205,6 @@ public class OgnlUtil {
devModeExcludedPackageNames =
toNewPackageNamesSet(devModeExcludedPackageNames, commaDelimitedPackageNames);
}
-private static Set toPackageNamesSet(String
newDelimitedPackageNames) throws ConfigurationException {
-Set packageNames =
commaDelimitedStringToSet(newDelimitedPackageNames)
-.stream().map(s -> strip(s, ".")).collect(toSet());
-validatePackageNames(packageNames);
-return unmodifiableSet(packageNames);
-}
-
-private static Set toNewPackageNamesSet(Collection
oldPackageNames, String newDelimitedPackageNames) throws ConfigurationException
{
-Set packageNames =
commaDelimitedStringToSet(newDelimitedPackageNames)
-.stream().map(s -> strip(s, ".")).collect(toSet());
-validatePackageNames(packageNames);
-Set newPackageNames = new HashSet<>(oldPackageNames);
-newPackageNames.addAll(packageNames);
-return unmodifiableSet(newPackageNames);
-}
-
-private static void validatePackageNames(Collection packageNames) {
-if (packageNames.stream().anyMatch(s ->
Pattern.compile("\\s").matcher(s).find())) {
-throw new ConfigurationException("Excluded package names could not
be parsed due to erroneous whitespace characters: " + packageNames);
-}
-}
-
@Inject(val
(struts) 07/10: WW-5343 Update OgnlUtil#createDefaultContext to utilise SecurityMemberAccess bean
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit b518635e2e7b1f56d1b837611f85938fff138dbb
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 00:24:39 2023 +1100
WW-5343 Update OgnlUtil#createDefaultContext to utilise
SecurityMemberAccess bean
---
core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 11 +--
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index bbcf3bdff..55b27b0e2 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -863,8 +863,7 @@ public class OgnlUtil {
resolver = container.getInstance(CompoundRootAccessor.class);
}
-SecurityMemberAccess memberAccess = new
SecurityMemberAccess(allowStaticFieldAccess);
-memberAccess.disallowProxyMemberAccess(disallowProxyMemberAccess);
+SecurityMemberAccess memberAccess =
container.getInstance(SecurityMemberAccess.class);
if (devMode) {
if (!warnReported.get()) {
@@ -875,14 +874,6 @@ public class OgnlUtil {
memberAccess.useExcludedPackageNamePatterns(devModeExcludedPackageNamePatterns);
memberAccess.useExcludedPackageNames(devModeExcludedPackageNames);
memberAccess.useExcludedPackageExemptClasses(devModeExcludedPackageExemptClasses);
-} else {
-memberAccess.useExcludedClasses(getExcludedClasses());
-
memberAccess.useExcludedPackageNamePatterns(getExcludedPackageNamePatterns());
-memberAccess.useExcludedPackageNames(getExcludedPackageNames());
-
memberAccess.useExcludedPackageExemptClasses(getExcludedPackageExemptClasses());
-
memberAccess.useEnforceAllowlistEnabled(isEnforceAllowlistEnabled());
-memberAccess.useAllowlistClasses(getAllowlistClasses());
-memberAccess.useAllowlistPackageNames(getAllowlistPackageNames());
}
return Ognl.createDefaultContext(root, memberAccess, resolver,
defaultConverter);
(struts) 01/01: Merge pull request #789 from apache/issue/WW-5363-velocity-order
This is an automated email from the ASF dual-hosted git repository. kusal pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit f989f370bb2f8dee8cc595cfc3b05daa1edd6864 Merge: ea856e0d4 29d471e2d Author: Kusal Kithul-Godage AuthorDate: Wed Nov 15 00:37:02 2023 +1100 Merge pull request #789 from apache/issue/WW-5363-velocity-order WW-5363 Velocity: read chained contexts before ValueStack .../views/velocity/StrutsVelocityContext.java | 54 +++ .../views/velocity/StrutsVelocityContextTest.java | 105 + 2 files changed, 143 insertions(+), 16 deletions(-)
(struts) branch master updated (ea856e0d4 -> f989f370b)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from ea856e0d4 Merge pull request #790 from apache/feature/jenkins-notifications-list add a2b4744c3 WW-5363 Velocity: read chained contexts before ValueStack add cf9e53573 WW-5363 Add test coverage add 6c98663f8 WW-5363 Fix super#internalGet add 29d471e2d WW-5363 Improve code coverage new f989f370b Merge pull request #789 from apache/issue/WW-5363-velocity-order The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../views/velocity/StrutsVelocityContext.java | 54 +++ .../views/velocity/StrutsVelocityContextTest.java | 105 + 2 files changed, 143 insertions(+), 16 deletions(-) create mode 100644 plugins/velocity/src/test/java/org/apache/struts2/views/velocity/StrutsVelocityContextTest.java
(struts) branch issue/WW-5363-velocity-order deleted (was 29d471e2d)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch issue/WW-5363-velocity-order in repository https://gitbox.apache.org/repos/asf/struts.git was 29d471e2d WW-5363 Improve code coverage The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
Jenkins job Struts/Struts Core/PR-791#1 failed
There is a build failure in Struts/Struts Core/PR-791. Build: https://ci-builds.apache.org/job/Struts/job/Struts%20Core/job/PR-791/1/ Logs: https://ci-builds.apache.org/job/Struts/job/Struts%20Core/job/PR-791/1/console Changes: https://ci-builds.apache.org/job/Struts/job/Struts%20Core/job/PR-791/1/changes -- Mr. Jenkins Director of Continuous Integration
(struts) branch master updated (f989f370b -> 9f45983da)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from f989f370b Merge pull request #789 from apache/issue/WW-5363-velocity-order add bef976917 WW-5350 Implement OGNL Allowlist capability add b4fbc0f0d Merge branch 'master' into WW-5350-allowlist-2 add 9f45983da Merge pull request #781 from apache/WW-5350-allowlist-2 No new revisions were added by this update. Summary of changes: .../com/opensymphony/xwork2/ognl/OgnlUtil.java | 78 ++ .../opensymphony/xwork2/ognl/OgnlValueStack.java | 3 + .../xwork2/ognl/SecurityMemberAccess.java | 56 ++-- .../java/org/apache/struts2/StrutsConstants.java | 6 ++ .../xwork2/ognl/SecurityMemberAccessTest.java | 77 + 5 files changed, 203 insertions(+), 17 deletions(-)
(struts) branch WW-5350-allowlist-2 deleted (was b4fbc0f0d)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5350-allowlist-2 in repository https://gitbox.apache.org/repos/asf/struts.git was b4fbc0f0d Merge branch 'master' into WW-5350-allowlist-2 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch release/struts-7-0-x updated (4a206d83f -> 321cf4634)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch release/struts-7-0-x in repository https://gitbox.apache.org/repos/asf/struts.git from 4a206d83f Merge pull request #779 from apache/feature/WW-5333-attribute-map add dc13abaf8 WW-5335 Prepares for Java 17 & Struts 7.x new 321cf4634 Merge pull request #785 from apache/feature/prepares-for-7 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .github/workflows/codeql.yml | 10 ++- .github/workflows/maven.yml| 3 +- .github/workflows/scorecards-analysis.yaml | 4 +- .github/workflows/sonar.yml| 1 + Jenkinsfile| 113 ++--- apps/pom.xml | 2 +- apps/rest-showcase/pom.xml | 4 +- apps/showcase/pom.xml | 2 +- assembly/pom.xml | 2 +- bom/pom.xml| 4 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml | 2 +- bundles/pom.xml| 2 +- core/pom.xml | 2 +- plugins/async/pom.xml | 2 +- plugins/bean-validation/pom.xml| 2 +- plugins/cdi/pom.xml| 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dwr/pom.xml| 2 +- plugins/embeddedjsp/pom.xml| 2 +- plugins/gxp/pom.xml| 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/json/pom.xml | 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml | 2 +- plugins/oval/pom.xml | 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml| 2 +- plugins/portlet-junit/pom.xml | 2 +- plugins/portlet-mocks/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml| 2 +- plugins/rest/pom.xml | 2 +- plugins/sitemesh/pom.xml | 2 +- plugins/spring/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/velocity/pom.xml | 2 +- plugins/xslt/pom.xml | 2 +- pom.xml| 25 ++- 44 files changed, 100 insertions(+), 136 deletions(-)
(struts) 01/01: Merge pull request #785 from apache/feature/prepares-for-7
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch release/struts-7-0-x in repository https://gitbox.apache.org/repos/asf/struts.git commit 321cf4634959833f2f33a5bbfe82cad18d74a1ea Merge: 4a206d83f dc13abaf8 Author: Lukasz Lenart AuthorDate: Wed Nov 15 06:06:24 2023 +0100 Merge pull request #785 from apache/feature/prepares-for-7 [WW-5335] Prepares for Java 17 & Struts 7.x .github/workflows/codeql.yml | 10 ++- .github/workflows/maven.yml| 3 +- .github/workflows/scorecards-analysis.yaml | 4 +- .github/workflows/sonar.yml| 1 + Jenkinsfile| 113 ++--- apps/pom.xml | 2 +- apps/rest-showcase/pom.xml | 4 +- apps/showcase/pom.xml | 2 +- assembly/pom.xml | 2 +- bom/pom.xml| 4 +- bundles/admin/pom.xml | 2 +- bundles/demo/pom.xml | 2 +- bundles/pom.xml| 2 +- core/pom.xml | 2 +- plugins/async/pom.xml | 2 +- plugins/bean-validation/pom.xml| 2 +- plugins/cdi/pom.xml| 2 +- plugins/config-browser/pom.xml | 2 +- plugins/convention/pom.xml | 2 +- plugins/dwr/pom.xml| 2 +- plugins/embeddedjsp/pom.xml| 2 +- plugins/gxp/pom.xml| 2 +- plugins/jasperreports/pom.xml | 2 +- plugins/javatemplates/pom.xml | 2 +- plugins/jfreechart/pom.xml | 2 +- plugins/json/pom.xml | 2 +- plugins/junit/pom.xml | 2 +- plugins/osgi/pom.xml | 2 +- plugins/oval/pom.xml | 2 +- plugins/pell-multipart/pom.xml | 2 +- plugins/plexus/pom.xml | 2 +- plugins/pom.xml| 2 +- plugins/portlet-junit/pom.xml | 2 +- plugins/portlet-mocks/pom.xml | 2 +- plugins/portlet-tiles/pom.xml | 2 +- plugins/portlet/pom.xml| 2 +- plugins/rest/pom.xml | 2 +- plugins/sitemesh/pom.xml | 2 +- plugins/spring/pom.xml | 2 +- plugins/testng/pom.xml | 2 +- plugins/tiles/pom.xml | 2 +- plugins/velocity/pom.xml | 2 +- plugins/xslt/pom.xml | 2 +- pom.xml| 25 ++- 44 files changed, 100 insertions(+), 136 deletions(-)
(struts) branch feature/prepares-for-7 deleted (was dc13abaf8)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/prepares-for-7 in repository https://gitbox.apache.org/repos/asf/struts.git was dc13abaf8 WW-5335 Prepares for Java 17 & Struts 7.x The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: WW-5363 Remove redundant method from VelocityManager
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5363-velocity-order-2
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 75b72e592e19ad1e5c55a6eeb18ecdd95695fe34
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 16:06:24 2023 +1100
WW-5363 Remove redundant method from VelocityManager
---
.../org/apache/struts2/views/velocity/StrutsVelocityContext.java | 9 +
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git
a/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
b/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
index 99be98b15..4241f6ead 100644
---
a/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
+++
b/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
@@ -77,7 +77,7 @@ public class StrutsVelocityContext extends VelocityContext {
}
protected List> contextGetterList() {
-return Arrays.asList(this::superGet, this::chainedContextGet,
this::stackGet, this::stackContextGet);
+return Arrays.asList(this::superGet, this::chainedContextGet,
this::stackGet);
}
protected Object superGet(String key) {
@@ -91,13 +91,6 @@ public class StrutsVelocityContext extends VelocityContext {
return stack.findValue(key);
}
-protected Object stackContextGet(String key) {
-if (stack == null) {
-return null;
-}
-return stack.getContext().get(key);
-}
-
protected Object chainedContextGet(String key) {
if (chainedContexts == null) {
return null;
(struts) branch WW-5363-velocity-order-2 created (now 75b72e592)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5363-velocity-order-2 in repository https://gitbox.apache.org/repos/asf/struts.git at 75b72e592 WW-5363 Remove redundant method from VelocityManager This branch includes the following new commits: new 75b72e592 WW-5363 Remove redundant method from VelocityManager The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5363 Remove redundant method from VelocityManager
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5363-velocity-order-2
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 0504e7076c3a94945e168d72e06ef3d15a98a0dc
Author: Kusal Kithul-Godage
AuthorDate: Wed Nov 15 16:06:24 2023 +1100
WW-5363 Remove redundant method from VelocityManager
---
.../struts2/views/velocity/StrutsVelocityContext.java | 9 +
.../struts2/views/velocity/StrutsVelocityContextTest.java | 15 ---
2 files changed, 1 insertion(+), 23 deletions(-)
diff --git
a/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
b/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
index 99be98b15..4241f6ead 100644
---
a/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
+++
b/plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java
@@ -77,7 +77,7 @@ public class StrutsVelocityContext extends VelocityContext {
}
protected List> contextGetterList() {
-return Arrays.asList(this::superGet, this::chainedContextGet,
this::stackGet, this::stackContextGet);
+return Arrays.asList(this::superGet, this::chainedContextGet,
this::stackGet);
}
protected Object superGet(String key) {
@@ -91,13 +91,6 @@ public class StrutsVelocityContext extends VelocityContext {
return stack.findValue(key);
}
-protected Object stackContextGet(String key) {
-if (stack == null) {
-return null;
-}
-return stack.getContext().get(key);
-}
-
protected Object chainedContextGet(String key) {
if (chainedContexts == null) {
return null;
diff --git
a/plugins/velocity/src/test/java/org/apache/struts2/views/velocity/StrutsVelocityContextTest.java
b/plugins/velocity/src/test/java/org/apache/struts2/views/velocity/StrutsVelocityContextTest.java
index 1405637b3..6cd38c8aa 100644
---
a/plugins/velocity/src/test/java/org/apache/struts2/views/velocity/StrutsVelocityContextTest.java
+++
b/plugins/velocity/src/test/java/org/apache/struts2/views/velocity/StrutsVelocityContextTest.java
@@ -27,9 +27,7 @@ import org.mockito.Mock;
import org.mockito.junit.MockitoJUnit;
import org.mockito.junit.MockitoRule;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import static java.util.Collections.singletonList;
import static org.junit.Assert.assertEquals;
@@ -49,12 +47,8 @@ public class StrutsVelocityContextTest {
@Mock
private ValueStack stack;
-private Map stackContext;
-
@Before
public void setUp() throws Exception {
-stackContext = new HashMap<>();
-when(stack.getContext()).thenReturn(stackContext);
strutsVelocityContext = new
StrutsVelocityContext(singletonList(chainedContext), stack);
}
@@ -70,12 +64,6 @@ public class StrutsVelocityContextTest {
assertEquals("bar", strutsVelocityContext.internalGet("foo"));
}
-@Test
-public void getStackContextValue() {
-stackContext.put("foo", "bar");
-assertEquals("bar", strutsVelocityContext.internalGet("foo"));
-}
-
@Test
public void getSuperValue() {
strutsVelocityContext.put("foo", "bar");
@@ -84,9 +72,6 @@ public class StrutsVelocityContextTest {
@Test
public void getValuePrecedence() {
-stackContext.put("foo", "quux");
-assertEquals("quux", strutsVelocityContext.internalGet("foo"));
-
when(stack.findValue("foo")).thenReturn("qux");
assertEquals("qux", strutsVelocityContext.internalGet("foo"));
(struts) branch WW-5363-velocity-order-2 updated (75b72e592 -> 0504e7076)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5363-velocity-order-2 in repository https://gitbox.apache.org/repos/asf/struts.git discard 75b72e592 WW-5363 Remove redundant method from VelocityManager new 0504e7076 WW-5363 Remove redundant method from VelocityManager This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (75b72e592) \ N -- N -- N refs/heads/WW-5363-velocity-order-2 (0504e7076) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../struts2/views/velocity/StrutsVelocityContextTest.java | 15 --- 1 file changed, 15 deletions(-)
(struts) branch fix/WW-5335-scorecards created (now 55a304bf0)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5335-scorecards in repository https://gitbox.apache.org/repos/asf/struts.git at 55a304bf0 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action This branch includes the following new commits: new 55a304bf0 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch fix/WW-5335-scorecards in repository https://gitbox.apache.org/repos/asf/struts.git commit 55a304bf032bbcfbb2724b1edc5265f6f5fca35e Author: Lukasz Lenart AuthorDate: Wed Nov 15 06:14:59 2023 +0100 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action --- .github/workflows/scorecards-analysis.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index fa941f659..d6992e44a 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -22,7 +22,6 @@ on: push: branches: - master - - release/struts-7-0-x permissions: read-all
(struts) branch release/struts-7-0-x updated (321cf4634 -> ed04c009c)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch release/struts-7-0-x in repository https://gitbox.apache.org/repos/asf/struts.git from 321cf4634 Merge pull request #785 from apache/feature/prepares-for-7 add 55a304bf0 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action add ed04c009c Merge pull request #794 from apache/fix/WW-5335-scorecards No new revisions were added by this update. Summary of changes: .github/workflows/scorecards-analysis.yaml | 1 - 1 file changed, 1 deletion(-)
(struts) branch fix/WW-5335-scorecards deleted (was 55a304bf0)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/WW-5335-scorecards in repository https://gitbox.apache.org/repos/asf/struts.git was 55a304bf0 WW-5335 Reverts adding release/struts-7-0-x branch to scorecards analysis Only the main branch is supported by this action The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: Merge pull request #793 from apache/WW-5363-velocity-order-2
This is an automated email from the ASF dual-hosted git repository. kusal pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit 63b0da3a7f6eb3cdd8e6a11c753b0dbd7418dc43 Merge: 9f45983da 0504e7076 Author: Kusal Kithul-Godage AuthorDate: Wed Nov 15 16:42:44 2023 +1100 Merge pull request #793 from apache/WW-5363-velocity-order-2 WW-5363 Remove redundant method from VelocityManager .../struts2/views/velocity/StrutsVelocityContext.java | 9 + .../struts2/views/velocity/StrutsVelocityContextTest.java | 15 --- 2 files changed, 1 insertion(+), 23 deletions(-)
(struts) branch master updated (9f45983da -> 63b0da3a7)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 9f45983da Merge pull request #781 from apache/WW-5350-allowlist-2 add 0504e7076 WW-5363 Remove redundant method from VelocityManager new 63b0da3a7 Merge pull request #793 from apache/WW-5363-velocity-order-2 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../struts2/views/velocity/StrutsVelocityContext.java | 9 + .../struts2/views/velocity/StrutsVelocityContextTest.java | 15 --- 2 files changed, 1 insertion(+), 23 deletions(-)
(struts) branch WW-5363-velocity-order-2 deleted (was 0504e7076)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5363-velocity-order-2 in repository https://gitbox.apache.org/repos/asf/struts.git was 0504e7076 WW-5363 Remove redundant method from VelocityManager The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
