(struts) branch deprecated-plugins created (now f0eefea3e)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch deprecated-plugins in repository https://gitbox.apache.org/repos/asf/struts.git at f0eefea3e Delete remaining deprecated plugins This branch includes the following new commits: new be4c2bc7d Delete unused files missed in previous PR new f0eefea3e Delete remaining deprecated plugins The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist
This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 33a5b29273156d0f0d104328333059d217a31fd3
Author: Kusal Kithul-Godage
AuthorDate: Thu Nov 23 21:12:15 2023 +1100
WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist
---
.../providers/XmlDocConfigurationProvider.java | 59 --
1 file changed, 43 insertions(+), 16 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlDocConfigurationProvider.java
b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlDocConfigurationProvider.java
index 0fcdac0ed..4b9a28297 100644
---
a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlDocConfigurationProvider.java
+++
b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlDocConfigurationProvider.java
@@ -45,6 +45,7 @@ import
com.opensymphony.xwork2.util.location.LocatableProperties;
import com.opensymphony.xwork2.util.location.Location;
import com.opensymphony.xwork2.util.location.LocationUtils;
import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -64,6 +65,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
+import java.util.stream.Stream;
import static
com.opensymphony.xwork2.util.TextParseUtil.commaDelimitedStringToSet;
import static java.lang.Boolean.parseBoolean;
@@ -135,6 +137,16 @@ public abstract class XmlDocConfigurationProvider
implements ConfigurationProvid
public void destroy() {
}
+protected Class allowAndLoadClass(String className) throws
ClassNotFoundException {
+Class clazz = loadClass(className);
+List> superClasses = ClassUtils.getAllSuperclasses(clazz);
+List> interfaces = ClassUtils.getAllInterfaces(clazz);
+Stream.concat(superClasses.stream(), interfaces.stream()).forEach(c ->
{
+
+});
+return clazz;
+}
+
protected Class loadClass(String className) throws
ClassNotFoundException {
return objectFactory.getClassInstance(className);
}
@@ -197,7 +209,7 @@ public abstract class XmlDocConfigurationProvider
implements ConfigurationProvid
String name = child.getAttribute("name");
String impl = child.getAttribute("class");
try {
-Class classImpl = loadClass(impl);
+Class classImpl = ClassLoaderUtil.loadClass(impl, getClass());
if (BeanSelectionProvider.class.isAssignableFrom(classImpl)) {
BeanSelectionProvider provider = (BeanSelectionProvider)
classImpl.newInstance();
provider.register(containerBuilder, props);
@@ -442,13 +454,8 @@ public abstract class XmlDocConfigurationProvider
implements ConfigurationProvid
Location location = DomHelper.getLocationObject(actionElement);
-if (location == null) {
-LOG.warn("Location null for {}", className);
-}
-
-if (!className.isEmpty() && !verifyAction(className, name, location)) {
-LOG.error("Unable to verify action [{}] with class [{}], from
[{}]", name, className, location);
-return;
+if (!className.isEmpty()) {
+verifyAction(className, name, location);
}
Map results;
@@ -499,17 +506,18 @@ public abstract class XmlDocConfigurationProvider
implements ConfigurationProvid
*/
@Deprecated
protected boolean verifyAction(String className, String name, Location
loc) {
-return verifyAction(className, loc);
+verifyAction(className, loc);
+return true;
}
-protected boolean verifyAction(String className, Location loc) {
+protected void verifyAction(String className, Location loc) {
if (className.contains("{")) {
LOG.debug("Action class [{}] contains a wildcard replacement
value, so it can't be verified", className);
-return true;
+return;
}
try {
if (objectFactory.isNoArgConstructorRequired()) {
-Class clazz = loadClass(className);
+Class clazz = allowAndLoadClass(className);
if (!Modifier.isPublic(clazz.getModifiers())) {
throw new ConfigurationException("Action class [" +
className + "] is not public", loc);
}
@@ -530,7 +538,6 @@ public abstract class XmlDocConfigurationProvider
implements ConfigurationProvid
LOG.debug("Unable to verify action class [{}]", className, ex);
throw new ConfigurationException(ex, loc);
}
-return true;
}
protected void addResultTypes(PackageConfig.Builder packageContext,
El
(struts) branch WW-5364-populate-allowlist created (now 33a5b2927)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch WW-5364-populate-allowlist in repository https://gitbox.apache.org/repos/asf/struts.git at 33a5b2927 WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist This branch includes the following new commits: new 33a5b2927 WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch master updated (63b0da3a7 -> d1bdc83f1)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from 63b0da3a7 Merge pull request #793 from apache/WW-5363-velocity-order-2 add 3674d49ab Bump jackson.version from 2.15.3 to 2.16.0 add d1bdc83f1 Merge pull request #796 from apache/dependabot/maven/jackson.version-2.16.0 No new revisions were added by this update. Summary of changes: pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) branch dependabot/maven/jackson.version-2.16.0 deleted (was 3674d49ab)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch dependabot/maven/jackson.version-2.16.0 in repository https://gitbox.apache.org/repos/asf/struts.git was 3674d49ab Bump jackson.version from 2.15.3 to 2.16.0 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch deprecated-plugins deleted (was f0eefea3e)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch deprecated-plugins in repository https://gitbox.apache.org/repos/asf/struts.git was f0eefea3e Delete remaining deprecated plugins The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch release/struts-7-0-x updated (bf2d85ebe -> 3013d9b95)
This is an automated email from the ASF dual-hosted git repository. kusal pushed a change to branch release/struts-7-0-x in repository https://gitbox.apache.org/repos/asf/struts.git from bf2d85ebe [WW-5141] Removes deprecated plugins (#798) add be4c2bc7d Delete unused files missed in previous PR add f0eefea3e Delete remaining deprecated plugins add 3013d9b95 Merge pull request #799 from apache/deprecated-plugins No new revisions were added by this update. Summary of changes: assembly/pom.xml | 31 - assembly/src/main/assembly/all.xml | 44 +- bundles/admin/pom.xml | 62 - .../struts2/osgi/admin/actions/BundlesAction.java | 215 - .../struts2/osgi/admin/actions/ShellAction.java| 144 - .../admin/src/main/resources/JQUERY-LICENSE.txt| 43 - bundles/admin/src/main/resources/LICENSE.txt | 174 - bundles/admin/src/main/resources/NOTICE.txt|9 - .../main/resources/osgi/admin/commandResult.ftl| 21 - .../admin/src/main/resources/osgi/admin/shell.ftl | 60 - .../src/main/resources/osgi/admin/viewBundle.ftl | 170 - .../src/main/resources/osgi/admin/viewBundles.ftl | 97 - .../admin/src/main/resources/static/css/main.css | 103 - .../redmond/images/ui-bg_flat_0_aa_40x100.png | Bin 180 -> 0 bytes .../redmond/images/ui-bg_flat_55_fbec88_40x100.png | Bin 182 -> 0 bytes .../redmond/images/ui-bg_glass_75_d0e5f5_1x400.png | Bin 124 -> 0 bytes .../redmond/images/ui-bg_glass_85_dfeffc_1x400.png | Bin 123 -> 0 bytes .../redmond/images/ui-bg_glass_95_fef1ec_1x400.png | Bin 119 -> 0 bytes .../images/ui-bg_gloss-wave_55_5c9ccc_500x100.png | Bin 4033 -> 0 bytes .../images/ui-bg_inset-hard_100_f5f8f9_1x100.png | Bin 130 -> 0 bytes .../images/ui-bg_inset-hard_100_fcfdfd_1x100.png | Bin 88 -> 0 bytes .../css/redmond/images/ui-icons_217bc0_256x240.png | Bin 5399 -> 0 bytes .../css/redmond/images/ui-icons_2e83ff_256x240.png | Bin 4379 -> 0 bytes .../css/redmond/images/ui-icons_469bdd_256x240.png | Bin 4379 -> 0 bytes .../css/redmond/images/ui-icons_6da8d5_256x240.png | Bin 4379 -> 0 bytes .../css/redmond/images/ui-icons_cd0a0a_256x240.png | Bin 4379 -> 0 bytes .../css/redmond/images/ui-icons_d8e7f3_256x240.png | Bin 5399 -> 0 bytes .../css/redmond/images/ui-icons_f9bd01_256x240.png | Bin 5399 -> 0 bytes .../css/redmond/jquery-ui-1.12.1.redmond.css | 1311 -- .../admin/src/main/resources/static/css/shell.css | 43 - .../main/resources/static/js/jquery-1.12.4.min.js |5 - .../resources/static/js/jquery-ui-1.12.1.min.js| 13 - .../admin/src/main/resources/static/js/shell.js| 83 - bundles/admin/src/main/resources/struts.xml| 50 - bundles/demo/pom.xml | 78 - .../src/main/java/actions/osgi/BundlesAction.java | 43 - .../main/java/actions/osgi/HelloWorldAction.java | 63 - .../demo/src/main/java/actions/osgi/Message.java | 37 - .../META-INF/spring/applicationContext.xml | 33 - .../src/main/resources/content/osgi/bundles.ftl| 38 - .../resources/content/osgi/hello-convention.ftl| 30 - .../demo/src/main/resources/content/osgi/hello.ftl | 30 - .../demo/src/main/resources/content/osgi/hello.vm | 28 - .../demo/src/main/resources/content/osgi/home.ftl | 34 - bundles/demo/src/main/resources/struts.xml | 55 - bundles/pom.xml| 83 - plugins/embeddedjsp/README.md |2 - plugins/embeddedjsp/pom.xml| 102 - .../java/org/apache/struts2/EmbeddedJSPResult.java | 32 - .../main/java/org/apache/struts2/JSPLoader.java| 271 -- .../main/java/org/apache/struts2/JSPRuntime.java | 79 - .../java/org/apache/struts2/JSPServletConfig.java | 53 - .../main/java/org/apache/struts2/ServletCache.java | 74 - .../apache/struts2/compiler/MemoryClassLoader.java | 52 - .../struts2/compiler/MemoryJavaFileObject.java | 59 - .../apache/struts2/el/ExpressionFactoryImpl.java | 79 - .../apache/struts2/el/MethodExpressionImpl.java| 315 -- .../apache/struts2/el/MethodExpressionLiteral.java | 96 - .../org/apache/struts2/el/ValueExpressionImpl.java | 267 -- .../apache/struts2/el/ValueExpressionLiteral.java | 113 - .../org/apache/struts2/el/lang/ELArithmetic.java | 378 -- .../java/org/apache/struts2/el/lang/ELSupport.java | 474 --- .../apache/struts2/el/lang/EvaluationContext.java | 82 - .../apache/struts2/el/lang/ExpressionBuilder.java | 211 - .../struts2/el/lang/FunctionMapperFactory.java | 60 - .../apache/struts2/el/lang/FunctionMapperImpl.java | 190 - .../struts2/el/lang/VariableMapperFactory.java | 54 - .../apache/struts2/el/lang/VariableMapperImpl.java | 57 - .../apache/struts2/el/parser/ArithmeticNode.java | 43 - .../java/org/apache/struts2/el/parser/AstAnd.java | 46 - .../apache
