(struts) branch feature/wildcard-packages deleted (was 3be56a484)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/wildcard-packages in repository https://gitbox.apache.org/repos/asf/struts.git was 3be56a484 Adds additional test cases to match Struts packages The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch main updated (7c62bfc5a -> e695ac8a4)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from 7c62bfc5a Merge pull request #1160 from ljharb/patch-1 add 3be56a484 Adds additional test cases to match Struts packages new e695ac8a4 Merge pull request #1161 from apache/feature/wildcard-packages The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../apache/struts2/util/WildcardHelperTest.java| 84 ++ 1 file changed, 55 insertions(+), 29 deletions(-)
(struts-site) branch main updated (e7f25fe06 -> 24b0775a8)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts-site.git from e7f25fe06 Merge pull request #258 from apache/feature/ann-struts-7 add c040a70ef commercial-support.md: add HeroDevs new 24b0775a8 Merge pull request #259 from ljharb/patch-1 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: source/commercial-support.md | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-)
(struts) 01/01: Merge pull request #1161 from apache/feature/wildcard-packages
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/struts.git commit e695ac8a4e61928eaef22f086c64bb41ecc33bce Merge: 7c62bfc5a 3be56a484 Author: Lukasz Lenart AuthorDate: Tue Dec 24 07:15:44 2024 +0100 Merge pull request #1161 from apache/feature/wildcard-packages Adds additional test cases to match Struts packages .../apache/struts2/util/WildcardHelperTest.java| 84 ++ 1 file changed, 55 insertions(+), 29 deletions(-)
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
(struts) branch feature/WW-5503-removes-deps updated (5fee44120 -> 0114dff50)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5503-removes-deps in repository https://gitbox.apache.org/repos/asf/struts.git discard 5fee44120 WW-5503 Removes unused dependencies add 0114dff50 WW-5503 Removes unused dependencies This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (5fee44120) \ N -- N -- N refs/heads/feature/WW-5503-removes-deps (0114dff50) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: pom.xml | 12 1 file changed, 12 insertions(+)
(struts) branch fix/strict-branch created (now 44ff04683)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/strict-branch in repository https://gitbox.apache.org/repos/asf/struts.git at 44ff04683 Uses exact branch name instead of wildcard This branch includes the following new commits: new 44ff04683 Uses exact branch name instead of wildcard The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: Uses exact branch name instead of wildcard
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch fix/strict-branch in repository https://gitbox.apache.org/repos/asf/struts.git commit 44ff04683acb03e4be6bea2406933c07df3b2621 Author: Lukasz Lenart AuthorDate: Tue Dec 24 08:32:08 2024 +0100 Uses exact branch name instead of wildcard --- .asf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.asf.yaml b/.asf.yaml index b8148da8d..6bcfc98d7 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -23,7 +23,7 @@ github: # it does not work because our github teams are private/secret, see INFRA-25666 require_code_owner_reviews: false required_approving_review_count: 0 -release/*: +release/struts-6-7-x: # contexts are the names of checks that must pass. contexts: - build
(struts) branch feature/WW-5503-removes-deps deleted (was 0114dff50)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5503-removes-deps in repository https://gitbox.apache.org/repos/asf/struts.git was 0114dff50 WW-5503 Removes unused dependencies The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch main updated (e695ac8a4 -> 2850315cf)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from e695ac8a4 Merge pull request #1161 from apache/feature/wildcard-packages add 0114dff50 WW-5503 Removes unused dependencies add 2850315cf Merge pull request #1159 from apache/feature/WW-5503-removes-deps No new revisions were added by this update. Summary of changes: pom.xml | 102 1 file changed, 102 deletions(-)
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
(struts) branch dependabot/maven/org.apache.tomcat-tomcat-juli-11.0.2 deleted (was 99dd5e2c9)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/maven/org.apache.tomcat-tomcat-juli-11.0.2 in repository https://gitbox.apache.org/repos/asf/struts.git was 99dd5e2c9 Bump org.apache.tomcat:tomcat-juli from 10.1.15 to 11.0.2 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts-site) 01/01: Merge pull request #259 from ljharb/patch-1
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/struts-site.git commit 24b0775a8581e029d9286612c1f9cb89de095907 Merge: e7f25fe06 c040a70ef Author: Lukasz Lenart AuthorDate: Tue Dec 24 07:09:06 2024 +0100 Merge pull request #259 from ljharb/patch-1 commercial-support.md: add HeroDevs source/commercial-support.md | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-)
(struts) 01/01: WW-5501 Exclude malicious names
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/WW-5501-exclude
in repository https://gitbox.apache.org/repos/asf/struts.git
commit c537d2c48dafaf05e8e9c5302c740487c7238335
Author: Lukasz Lenart
AuthorDate: Mon Dec 23 11:00:29 2024 +0100
WW-5501 Exclude malicious names
---
.../security/DefaultExcludedPatternsChecker.java | 1 +
.../multipart/AbstractMultiPartRequest.java| 11
.../multipart/JakartaMultiPartRequest.java | 15 +
.../multipart/JakartaStreamMultiPartRequest.java | 9 +++
.../DefaultExcludedPatternsCheckerTest.java| 2 +-
.../ActionFileUploadInterceptorTest.java | 73 +-
.../interceptor/FileUploadInterceptorTest.java | 73 +-
7 files changed, 177 insertions(+), 7 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
index cf425d67c..fc96bb0f9 100644
---
a/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+++
b/core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -36,6 +36,7 @@ public class DefaultExcludedPatternsChecker implements
ExcludedPatternsChecker {
private static final Logger LOG =
LogManager.getLogger(DefaultExcludedPatternsChecker.class);
public static final String[] EXCLUDED_PATTERNS = {
+"(^|\\%\\{)(#?top\\.)[^\\s]*",
"(^|\\%\\{)((#?)(top(\\.|\\['|\\[\")|\\[\\d\\]\\.)?)(dojo|struts|session|request|response|application|servlet(Request|Response|Context)|parameters|context|_memberAccess)(\\.|\\[).*",
".*(^|\\.|\\[|\\'|\"|get)class(\\(\\.|\\[|\\'|\").*",
"actionErrors|actionMessages|fieldErrors"
diff --git
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
index 23d879ba4..ed013b724 100644
---
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
+++
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
@@ -20,6 +20,7 @@ package org.apache.struts2.dispatcher.multipart;
import com.opensymphony.xwork2.LocaleProviderFactory;
import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.security.NotExcludedAcceptedPatternsChecker;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.StrutsConstants;
@@ -79,6 +80,7 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
* Localization to be used regarding errors.
*/
protected Locale defaultLocale = Locale.ENGLISH;
+private NotExcludedAcceptedPatternsChecker patternsChecker;
/**
* @param bufferSize Sets the buffer size to be used.
@@ -121,6 +123,11 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
defaultLocale =
localeProviderFactory.createLocaleProvider().getLocale();
}
+@Inject
+public void
setNotExcludedAllowedPatternsChecker(NotExcludedAcceptedPatternsChecker
patternsChecker) {
+this.patternsChecker = patternsChecker;
+}
+
/**
* @param request Inspect the servlet request and set the locale if one
wasn't provided by
* the Struts2 framework.
@@ -169,4 +176,8 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
return fileName;
}
+protected boolean isAccepted(String fileName) {
+return patternsChecker.isAllowed(fileName).isAllowed();
+}
+
}
diff --git
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
index c2cc07dbb..eafd332f1 100644
---
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
+++
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
@@ -113,6 +113,16 @@ public class JakartaMultiPartRequest extends
AbstractMultiPartRequest {
protected void processFileField(FileItem item) {
LOG.debug("Item is a file upload");
+if (!isAccepted(item.getName())) {
+LOG.warn("File name [{}] is not accepted", item.getName());
+return;
+}
+
+if (!isAccepted(item.getFieldName())) {
+LOG.warn("Field name [{}] is not accepted", item.getFieldName());
+return;
+}
+
// Skip file uploads that don't have a file name - meaning that no
file was selected.
if (item.getName() == null || item.getName().trim().isEmpty()) {
LOG.debug("No file has been uploaded for the field: {}",
sanitizeN
(struts) branch feature/WW-5501-exclude created (now c537d2c48)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude in repository https://gitbox.apache.org/repos/asf/struts.git at c537d2c48 WW-5501 Exclude malicious names This branch includes the following new commits: new c537d2c48 WW-5501 Exclude malicious names The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch feature/WW-5501-exclude-s7 created (now a10dc21f1)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git at a10dc21f1 WW-5501 Excludes malicious names This branch includes the following new commits: new a10dc21f1 WW-5501 Excludes malicious names The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: WW-5501 Excludes malicious names
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/WW-5501-exclude-s7
in repository https://gitbox.apache.org/repos/asf/struts.git
commit a10dc21f14c04d3a469275d37fc170bbed260978
Author: Lukasz Lenart
AuthorDate: Mon Dec 23 11:43:47 2024 +0100
WW-5501 Excludes malicious names
---
.../multipart/AbstractMultiPartRequest.java| 12
.../multipart/JakartaMultiPartRequest.java | 15 +
.../multipart/JakartaStreamMultiPartRequest.java | 5 ++
.../security/DefaultExcludedPatternsChecker.java | 3 +-
.../multipart/AbstractMultiPartRequestTest.java| 16 +-
.../multipart/JakartaMultiPartRequestTest.java | 6 +-
.../JakartaStreamMultiPartRequestTest.java | 5 +-
.../ActionFileUploadInterceptorTest.java | 66 +-
.../DefaultExcludedPatternsCheckerTest.java| 2 +-
9 files changed, 124 insertions(+), 6 deletions(-)
diff --git
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
index ccb25e053..38852a2f2 100644
---
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
+++
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/AbstractMultiPartRequest.java
@@ -31,6 +31,7 @@ import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.StrutsConstants;
import org.apache.struts2.dispatcher.LocalizedMessage;
+import org.apache.struts2.security.NotExcludedAcceptedPatternsChecker;
import java.io.IOException;
import java.nio.charset.Charset;
@@ -107,6 +108,8 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
*/
protected Map> parameters = new HashMap<>();
+protected NotExcludedAcceptedPatternsChecker patternsChecker;
+
/**
* @param bufferSize Sets the buffer size to be used.
*/
@@ -180,6 +183,11 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
return Charset.forName(charsetStr);
}
+@Inject
+public void
setNotExcludedAllowedPatternsChecker(NotExcludedAcceptedPatternsChecker
patternsChecker) {
+this.patternsChecker = patternsChecker;
+}
+
/**
* Creates an instance of {@link JakartaServletDiskFileUpload} used by the
parser to extract uploaded files
*
@@ -413,4 +421,8 @@ public abstract class AbstractMultiPartRequest implements
MultiPartRequest {
}
}
+protected boolean isAccepted(String fileName) {
+return patternsChecker.isAllowed(fileName).isAllowed();
+}
+
}
diff --git
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
index 3a76adc40..ffb3a48d5 100644
---
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
+++
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaMultiPartRequest.java
@@ -77,6 +77,11 @@ public class JakartaMultiPartRequest extends
AbstractMultiPartRequest {
protected void processNormalFormField(DiskFileItem item, Charset charset)
throws IOException {
LOG.debug("Item: {} is a normal form field", item.getName());
+if (!isAccepted(item.getFieldName())) {
+LOG.warn("Form field name [{}] is not accepted",
item.getFieldName().replaceAll("[\\r\\n]", ""));
+return;
+}
+
List values;
String fieldName = item.getFieldName();
if (parameters.get(fieldName) != null) {
@@ -98,6 +103,16 @@ public class JakartaMultiPartRequest extends
AbstractMultiPartRequest {
}
protected void processFileField(DiskFileItem item) {
+if (!isAccepted(item.getName())) {
+LOG.warn("File name [{}] is not accepted",
item.getName().replaceAll("[\\r\\n]", ""));
+return;
+}
+
+if (!isAccepted(item.getFieldName())) {
+LOG.warn("Field name [{}] is not accepted",
item.getFieldName().replaceAll("[\\r\\n]", ""));
+return;
+}
+
// Skip file uploads that don't have a file name - meaning that no
file was selected.
if (item.getName() == null || item.getName().trim().isEmpty()) {
LOG.debug(() -> "No file has been uploaded for the field: " +
sanitizeNewlines(item.getFieldName()));
diff --git
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java
index cebd60250..2c4ca9266 100644
---
a/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java
+++
b/core/src/main/java/org/apache/struts2/dispatcher/multipart/JakartaStreamMultiPart
(struts) branch feature/WW-5501-exclude updated (c537d2c48 -> 5237a992f)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude in repository https://gitbox.apache.org/repos/asf/struts.git discard c537d2c48 WW-5501 Exclude malicious names add 5237a992f WW-5501 Exclude malicious names This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (c537d2c48) \ N -- N -- N refs/heads/feature/WW-5501-exclude (5237a992f) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../struts2/dispatcher/multipart/JakartaMultiPartRequest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
(struts) branch feature/WW-5501-exclude-s7 updated (a10dc21f1 -> 76cd96ab3)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git discard a10dc21f1 WW-5501 Excludes malicious names add 76cd96ab3 WW-5501 Excludes malicious names This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (a10dc21f1) \ N -- N -- N refs/heads/feature/WW-5501-exclude-s7 (76cd96ab3) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../struts2/dispatcher/multipart/JakartaMultiPartRequest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
(struts) branch feature/WW-5501-exclude updated (5237a992f -> 09993e347)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude in repository https://gitbox.apache.org/repos/asf/struts.git omit 5237a992f WW-5501 Exclude malicious names add 09993e347 WW-5501 Exclude malicious names This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (5237a992f) \ N -- N -- N refs/heads/feature/WW-5501-exclude (09993e347) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../multipart/AbstractMultiPartRequest.java | 4 .../multipart/JakartaMultiPartRequest.java | 7 ++- .../multipart/JakartaStreamMultiPartRequest.java | 20 +++- 3 files changed, 17 insertions(+), 14 deletions(-)
(struts) branch feature/WW-5501-exclude-s7 updated (76cd96ab3 -> 2d22faa44)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git discard 76cd96ab3 WW-5501 Excludes malicious names add 2d22faa44 WW-5501 Excludes malicious names This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (76cd96ab3) \ N -- N -- N refs/heads/feature/WW-5501-exclude-s7 (2d22faa44) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../struts2/dispatcher/multipart/JakartaStreamMultiPartRequest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
(struts) branch release/struts-6-7-x updated (f5688e680 -> c8febc205)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch release/struts-6-7-x in repository https://gitbox.apache.org/repos/asf/struts.git from f5688e680 Merge pull request #1150 from apache/feature/prepare-development add 09993e347 WW-5501 Exclude malicious names add 3ea126388 WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines new c8febc205 Merge pull request #1156 from apache/feature/WW-5501-exclude The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../security/DefaultExcludedPatternsChecker.java | 1 + .../multipart/AbstractMultiPartRequest.java| 11 .../multipart/JakartaMultiPartRequest.java | 28 ++--- .../multipart/JakartaStreamMultiPartRequest.java | 28 ++--- .../DefaultExcludedPatternsCheckerTest.java| 2 +- .../ActionFileUploadInterceptorTest.java | 73 +- .../interceptor/FileUploadInterceptorTest.java | 73 +- 7 files changed, 195 insertions(+), 21 deletions(-)
(struts) branch feature/WW-5501-exclude deleted (was 3ea126388)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude in repository https://gitbox.apache.org/repos/asf/struts.git was 3ea126388 WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: Merge pull request #1156 from apache/feature/WW-5501-exclude
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch release/struts-6-7-x in repository https://gitbox.apache.org/repos/asf/struts.git commit c8febc2050ec9c44ada067d9ab6085dfefe123e2 Merge: f5688e680 3ea126388 Author: Lukasz Lenart AuthorDate: Mon Dec 23 15:08:58 2024 +0100 Merge pull request #1156 from apache/feature/WW-5501-exclude WW-5501 Exclude malicious names .../security/DefaultExcludedPatternsChecker.java | 1 + .../multipart/AbstractMultiPartRequest.java| 11 .../multipart/JakartaMultiPartRequest.java | 28 ++--- .../multipart/JakartaStreamMultiPartRequest.java | 28 ++--- .../DefaultExcludedPatternsCheckerTest.java| 2 +- .../ActionFileUploadInterceptorTest.java | 73 +- .../interceptor/FileUploadInterceptorTest.java | 73 +- 7 files changed, 195 insertions(+), 21 deletions(-)
(struts) 01/01: Merge pull request #1157 from apache/feature/WW-5501-exclude-s7
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/struts.git commit 36ca20d3dcd5af05f0ec1254e13c723069e66c56 Merge: 0bcb6516b bbdb38ded Author: Lukasz Lenart AuthorDate: Mon Dec 23 15:09:05 2024 +0100 Merge pull request #1157 from apache/feature/WW-5501-exclude-s7 WW-5501 Excludes malicious names .../multipart/AbstractMultiPartRequest.java| 16 ++ .../multipart/JakartaMultiPartRequest.java | 25 ++-- .../multipart/JakartaStreamMultiPartRequest.java | 28 ++--- .../security/DefaultExcludedPatternsChecker.java | 3 +- .../multipart/AbstractMultiPartRequestTest.java| 35 +++- .../multipart/JakartaMultiPartRequestTest.java | 6 +- .../JakartaStreamMultiPartRequestTest.java | 5 +- .../ActionFileUploadInterceptorTest.java | 66 +- .../DefaultExcludedPatternsCheckerTest.java| 2 +- 9 files changed, 169 insertions(+), 17 deletions(-)
(struts) branch main updated (0bcb6516b -> 36ca20d3d)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from 0bcb6516b Merge pull request #1151 from apache/feature/homepage add 552f7eba7 WW-5501 Excludes malicious names add bbdb38ded WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines new 36ca20d3d Merge pull request #1157 from apache/feature/WW-5501-exclude-s7 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../multipart/AbstractMultiPartRequest.java| 16 ++ .../multipart/JakartaMultiPartRequest.java | 25 ++-- .../multipart/JakartaStreamMultiPartRequest.java | 28 ++--- .../security/DefaultExcludedPatternsChecker.java | 3 +- .../multipart/AbstractMultiPartRequestTest.java| 35 +++- .../multipart/JakartaMultiPartRequestTest.java | 6 +- .../JakartaStreamMultiPartRequestTest.java | 5 +- .../ActionFileUploadInterceptorTest.java | 66 +- .../DefaultExcludedPatternsCheckerTest.java| 2 +- 9 files changed, 169 insertions(+), 17 deletions(-)
(struts) branch feature/WW-5501-exclude-s7 deleted (was bbdb38ded)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git was bbdb38ded WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
(struts) 01/01: Updates .asf.yaml to match main
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch fix/updates-asf-yaml in repository https://gitbox.apache.org/repos/asf/struts.git commit 4ee8b02262b09e80f19d858ac1c236087ac7c499 Author: Lukasz Lenart AuthorDate: Mon Dec 23 15:24:10 2024 +0100 Updates .asf.yaml to match main --- .asf.yaml | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.asf.yaml b/.asf.yaml index 5e259c710..b8148da8d 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -11,9 +11,19 @@ notifications: jira_options: link label worklog github: + description: "Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications" + homepage: https://struts.apache.org/ del_branch_on_merge: true protected_branches: -master: +main: + # contexts are the names of checks that must pass. + contexts: +- build + required_pull_request_reviews: +# it does not work because our github teams are private/secret, see INFRA-25666 +require_code_owner_reviews: false +required_approving_review_count: 0 +release/*: # contexts are the names of checks that must pass. contexts: - build
(struts) branch fix/updates-asf-yaml created (now 4ee8b0226)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/updates-asf-yaml in repository https://gitbox.apache.org/repos/asf/struts.git at 4ee8b0226 Updates .asf.yaml to match main This branch includes the following new commits: new 4ee8b0226 Updates .asf.yaml to match main The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch feature/WW-5501-exclude-s7 updated (552f7eba7 -> efb50e567)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git from 552f7eba7 WW-5501 Excludes malicious names add efb50e567 WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines No new revisions were added by this update. Summary of changes: .../multipart/AbstractMultiPartRequest.java | 4 .../multipart/JakartaMultiPartRequest.java | 12 ++-- .../multipart/JakartaStreamMultiPartRequest.java | 20 +++- 3 files changed, 21 insertions(+), 15 deletions(-)
(struts) branch feature/WW-5501-exclude updated (09993e347 -> 3ea126388)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude in repository https://gitbox.apache.org/repos/asf/struts.git from 09993e347 WW-5501 Exclude malicious names add 3ea126388 WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines No new revisions were added by this update. Summary of changes: .../multipart/AbstractMultiPartRequest.java | 4 .../dispatcher/multipart/JakartaMultiPartRequest.java | 16 +--- .../multipart/JakartaStreamMultiPartRequest.java | 19 +++ 3 files changed, 20 insertions(+), 19 deletions(-)
(struts) branch feature/WW-5501-exclude-s7 updated (efb50e567 -> bbdb38ded)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git discard efb50e567 WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines add bbdb38ded WW-5501 Uses StringUtils.normalizeSpace instead of sanitizeNewlines This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (efb50e567) \ N -- N -- N refs/heads/feature/WW-5501-exclude-s7 (bbdb38ded) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../dispatcher/multipart/JakartaMultiPartRequest.java| 16 +--- .../multipart/JakartaStreamMultiPartRequest.java | 8 +--- 2 files changed, 14 insertions(+), 10 deletions(-)
(struts) 01/01: WW-5503 Removes unused dependencies
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/WW-5503-removes-deps
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 5fee441209e7eecca3a3653b680c7dc9b737fbee
Author: Lukasz Lenart
AuthorDate: Mon Dec 23 16:46:04 2024 +0100
WW-5503 Removes unused dependencies
---
pom.xml | 114
1 file changed, 114 deletions(-)
diff --git a/pom.xml b/pom.xml
index 91c522c47..e2447f2f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -606,37 +606,6 @@
3.1.8
-
-
-com.google.errorprone
-error_prone_annotations
-2.23.0
-
-
-
-org.apache.felix
-org.apache.felix.framework
-6.0.3
-provided
-
-
-
-
-org.apache.felix
-org.apache.felix.main
-7.0.5
-
-
-org.apache.felix
-org.apache.felix.shell
-1.4.3
-
-
-org.apache.felix
-org.apache.felix.shell.tui
-1.4.1
-
-
org.apache.velocity
@@ -727,40 +696,12 @@
5.0.0-M1
-
-org.glassfish.web
-jakarta.servlet.jsp.jstl
-3.0.1
-test
-
-
-
-jakarta.servlet.jsp.jstl
-jakarta.servlet.jsp.jstl-api
-3.0.0
-test
-
-
jakarta.el
jakarta.el-api
5.0.0
-
-org.apache.tomcat
-tomcat-jasper
-10.1.15
-provided
-
-
-
-org.apache.tomcat
-tomcat-api
-10.1.15
-provided
-
-
jakarta.servlet.jsp
jakarta.servlet.jsp-api
@@ -768,19 +709,6 @@
provided
-
-taglibs
-request
-1.0.1
-test
-
-
-
-org.apache.tomcat
-tomcat-juli
-10.1.15
-
-
commons-logging
@@ -812,11 +740,6 @@
commons-text
1.12.0
-
-commons-el
-commons-el
-1.0
-
org.apache.commons
commons-jci-fam
@@ -908,25 +831,6 @@
${mockito.version}
test
-
-net.bytebuddy
-byte-buddy
-${byte-buddy.version}
-test
-
-
-net.bytebuddy
-byte-buddy-agent
-${byte-buddy.version}
-test
-
-
-
-jmock
-jmock-cglib
-1.2.0
-test
-
org.slf4j
@@ -983,17 +887,6 @@
-
-io.github.x-stream
-mxparser
-1.2.1
-
-
-jakarta.persistence
-jakarta.persistence-api
-3.1.0
-
-
com.fasterxml.jackson.core
jackson-core
@@ -1041,13 +934,6 @@
5.1.2.Final
-
-xerces
-xercesImpl
-2.12.2
-test
-
-
(struts) branch feature/WW-5503-removes-deps created (now 5fee44120)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5503-removes-deps in repository https://gitbox.apache.org/repos/asf/struts.git at 5fee44120 WW-5503 Removes unused dependencies This branch includes the following new commits: new 5fee44120 WW-5503 Removes unused dependencies The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) branch feature/WW-5501-exclude-s7 updated (2d22faa44 -> 552f7eba7)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/WW-5501-exclude-s7 in repository https://gitbox.apache.org/repos/asf/struts.git omit 2d22faa44 WW-5501 Excludes malicious names add 552f7eba7 WW-5501 Excludes malicious names This update added new revisions after undoing existing revisions. That is to say, some revisions that were in the old version of the branch are not in the new version. This situation occurs when a user --force pushes a change and generates a repository containing something like this: * -- * -- B -- O -- O -- O (2d22faa44) \ N -- N -- N refs/heads/feature/WW-5501-exclude-s7 (552f7eba7) You should already have received notification emails for all of the O revisions, and so the following emails describe only the N revisions from the common base, B. Any revisions marked "omit" are not gone; other references still refer to them. Any revisions marked "discard" are gone forever. No new revisions were added by this update. Summary of changes: .../dispatcher/multipart/JakartaMultiPartRequest.java | 2 +- .../multipart/JakartaStreamMultiPartRequest.java | 5 + .../multipart/AbstractMultiPartRequestTest.java | 19 +++ 3 files changed, 25 insertions(+), 1 deletion(-)
(struts) 01/01: Merge pull request #1155 from apache/dependabot/github_actions/actions/upload-artifact-4.5.0
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/struts.git commit 92b2cb9ee17bc026b7235ad006b7b702a6bd9b1d Merge: 36ca20d3d 196aa3f36 Author: Lukasz Lenart AuthorDate: Mon Dec 23 16:12:11 2024 +0100 Merge pull request #1155 from apache/dependabot/github_actions/actions/upload-artifact-4.5.0 Bump actions/upload-artifact from 4.4.3 to 4.5.0 .github/workflows/scorecards-analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) branch fix/updates-asf-yaml deleted (was 4ee8b0226)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch fix/updates-asf-yaml in repository https://gitbox.apache.org/repos/asf/struts.git was 4ee8b0226 Updates .asf.yaml to match main The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch main updated (36ca20d3d -> 92b2cb9ee)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from 36ca20d3d Merge pull request #1157 from apache/feature/WW-5501-exclude-s7 add 196aa3f36 Bump actions/upload-artifact from 4.4.3 to 4.5.0 new 92b2cb9ee Merge pull request #1155 from apache/dependabot/github_actions/actions/upload-artifact-4.5.0 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .github/workflows/scorecards-analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
(struts) branch dependabot/github_actions/actions/upload-artifact-4.5.0 deleted (was 196aa3f36)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/github_actions/actions/upload-artifact-4.5.0 in repository https://gitbox.apache.org/repos/asf/struts.git was 196aa3f36 Bump actions/upload-artifact from 4.4.3 to 4.5.0 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) 01/01: Merge pull request #1154 from apache/dependabot/github_actions/github/codeql-action-3.28.0
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/struts.git commit faa3e723aaa87a3495944523bc9127d558353ede Merge: 92b2cb9ee 0792d0586 Author: Lukasz Lenart AuthorDate: Mon Dec 23 16:12:22 2024 +0100 Merge pull request #1154 from apache/dependabot/github_actions/github/codeql-action-3.28.0 Bump github/codeql-action from 3.27.9 to 3.28.0 .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
(struts) branch release/struts-6-7-x updated (c8febc205 -> 74388dfba)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch release/struts-6-7-x in repository https://gitbox.apache.org/repos/asf/struts.git from c8febc205 Merge pull request #1156 from apache/feature/WW-5501-exclude add 4ee8b0226 Updates .asf.yaml to match main new 74388dfba Merge pull request #1158 from apache/fix/updates-asf-yaml The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .asf.yaml | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-)
(struts) 01/01: Merge pull request #1158 from apache/fix/updates-asf-yaml
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch release/struts-6-7-x in repository https://gitbox.apache.org/repos/asf/struts.git commit 74388dfba771f12dd5a5da5b6a57b56c4b3e156f Merge: c8febc205 4ee8b0226 Author: Lukasz Lenart AuthorDate: Mon Dec 23 16:11:55 2024 +0100 Merge pull request #1158 from apache/fix/updates-asf-yaml Updates .asf.yaml to match main .asf.yaml | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-)
(struts) branch main updated (92b2cb9ee -> faa3e723a)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from 92b2cb9ee Merge pull request #1155 from apache/dependabot/github_actions/actions/upload-artifact-4.5.0 add 0792d0586 Bump github/codeql-action from 3.27.9 to 3.28.0 new faa3e723a Merge pull request #1154 from apache/dependabot/github_actions/github/codeql-action-3.28.0 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards-analysis.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)
(struts) branch dependabot/github_actions/github/codeql-action-3.28.0 deleted (was 0792d0586)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/github_actions/github/codeql-action-3.28.0 in repository https://gitbox.apache.org/repos/asf/struts.git was 0792d0586 Bump github/codeql-action from 3.27.9 to 3.28.0 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
(struts) branch dependabot/maven/org.codehaus.mojo-versions-maven-plugin-2.18.0 deleted (was 6b07ee83e)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch dependabot/maven/org.codehaus.mojo-versions-maven-plugin-2.18.0 in repository https://gitbox.apache.org/repos/asf/struts.git was 6b07ee83e Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(struts) branch main updated (faa3e723a -> 43295b1f4)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from faa3e723a Merge pull request #1154 from apache/dependabot/github_actions/github/codeql-action-3.28.0 add 6b07ee83e Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 add 43295b1f4 Merge pull request #1152 from apache/dependabot/maven/org.codehaus.mojo-versions-maven-plugin-2.18.0 No new revisions were added by this update. Summary of changes: pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(struts) branch main updated (43295b1f4 -> 7c62bfc5a)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/struts.git from 43295b1f4 Merge pull request #1152 from apache/dependabot/maven/org.codehaus.mojo-versions-maven-plugin-2.18.0 add a9662ee58 [readme] add link to struts site commercial support page new 7c62bfc5a Merge pull request #1160 from ljharb/patch-1 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
(struts) 01/01: Merge pull request #1160 from ljharb/patch-1
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/struts.git commit 7c62bfc5a4d0f4a08fc4f0a39cbc780417f96e44 Merge: 43295b1f4 a9662ee58 Author: Lukasz Lenart AuthorDate: Mon Dec 23 20:43:15 2024 +0100 Merge pull request #1160 from ljharb/patch-1 [readme] add link to struts site commercial support page README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Error while running github feature from refs/heads/main:.asf.yaml in struts!
An error occurred while running github feature in .asf.yaml!: [GitHub] Request error with message: "Branch not found". (status code: 404)
(struts) branch feature/wildcard-packages created (now 3be56a484)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch feature/wildcard-packages in repository https://gitbox.apache.org/repos/asf/struts.git at 3be56a484 Adds additional test cases to match Struts packages This branch includes the following new commits: new 3be56a484 Adds additional test cases to match Struts packages The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
(struts) 01/01: Adds additional test cases to match Struts packages
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch feature/wildcard-packages
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 3be56a4840b7c0ad63efb6becd41fe12077bad08
Author: Lukasz Lenart
AuthorDate: Mon Dec 23 19:16:57 2024 +0100
Adds additional test cases to match Struts packages
---
.../apache/struts2/util/WildcardHelperTest.java| 84 ++
1 file changed, 55 insertions(+), 29 deletions(-)
diff --git a/core/src/test/java/org/apache/struts2/util/WildcardHelperTest.java
b/core/src/test/java/org/apache/struts2/util/WildcardHelperTest.java
index be2a0a6b0..e856bfce8 100644
--- a/core/src/test/java/org/apache/struts2/util/WildcardHelperTest.java
+++ b/core/src/test/java/org/apache/struts2/util/WildcardHelperTest.java
@@ -24,34 +24,60 @@ import java.util.HashMap;
public class WildcardHelperTest extends XWorkTestCase {
- public void testMatch() {
-
- WildcardHelper wild = new WildcardHelper();
- HashMap matchedPatterns = new HashMap<>();
- int[] pattern = wild.compilePattern("wes-rules");
- assertEquals(wild.match(matchedPatterns,"wes-rules", pattern),
true);
- assertEquals(wild.match(matchedPatterns, "rules-wes", pattern),
false);
-
- pattern = wild.compilePattern("wes-*");
- assertEquals(wild.match(matchedPatterns,"wes-rules", pattern),
true);
- assertEquals("rules".equals(matchedPatterns.get("1")), true);
- assertEquals(wild.match(matchedPatterns, "rules-wes", pattern),
false);
-
- pattern = wild.compilePattern("path/**/file");
- assertEquals(wild.match(matchedPatterns, "path/to/file",
pattern), true);
- assertEquals("to".equals(matchedPatterns.get("1")), true);
- assertEquals(wild.match(matchedPatterns,
"path/to/another/location/of/file", pattern), true);
-
assertEquals("to/another/location/of".equals(matchedPatterns.get("1")), true);
-
- pattern = wild.compilePattern("path/*/file");
- assertEquals(wild.match(matchedPatterns, "path/to/file",
pattern), true);
- assertEquals("to".equals(matchedPatterns.get("1")), true);
- assertEquals(wild.match(matchedPatterns,
"path/to/another/location/of/file", pattern), false);
-
- pattern = wild.compilePattern("path/*/another/**/file");
- assertEquals(wild.match(matchedPatterns,
"path/to/another/location/of/file", pattern), true);
- assertEquals("to".equals(matchedPatterns.get("1")), true);
- assertEquals("location/of".equals(matchedPatterns.get("2")),
true);
- }
+private WildcardHelper wildcardHelper;
+
+@Override
+public void setUp() throws Exception {
+super.setUp();
+
+wildcardHelper = new WildcardHelper();
+}
+
+public void testMatch() {
+HashMap matchedPatterns = new HashMap<>();
+int[] pattern = wildcardHelper.compilePattern("wes-rules");
+assertEquals(wildcardHelper.match(matchedPatterns, "wes-rules",
pattern), true);
+assertEquals(wildcardHelper.match(matchedPatterns, "rules-wes",
pattern), false);
+
+pattern = wildcardHelper.compilePattern("wes-*");
+assertEquals(wildcardHelper.match(matchedPatterns, "wes-rules",
pattern), true);
+assertEquals("rules".equals(matchedPatterns.get("1")), true);
+assertEquals(wildcardHelper.match(matchedPatterns, "rules-wes",
pattern), false);
+
+pattern = wildcardHelper.compilePattern("path/**/file");
+assertEquals(wildcardHelper.match(matchedPatterns, "path/to/file",
pattern), true);
+assertEquals("to".equals(matchedPatterns.get("1")), true);
+assertEquals(wildcardHelper.match(matchedPatterns,
"path/to/another/location/of/file", pattern), true);
+
assertEquals("to/another/location/of".equals(matchedPatterns.get("1")), true);
+
+pattern = wildcardHelper.compilePattern("path/*/file");
+assertEquals(wildcardHelper.match(matchedPatterns, "path/to/file",
pattern), true);
+assertEquals("to".equals(matchedPatterns.get("1")), true);
+assertEquals(wildcardHelper.match(matchedPatterns,
"path/to/another/location/of/file", pattern), false);
+
+pattern = wildcardHelper.compilePattern("path/*/another/**/file");
+assertEquals(wildcardHelper.match(matchedPatterns,
"path/to/another/location/of/file", pattern), true);
+assertEquals("to".equals(matchedPatterns.get("1")), true);
+assertEquals("location/of".equals(matchedPatterns.get("2")), true);
+}
+
+public void testMatchStrutsPackages() {
+// given
+HashMap matchedPatterns = new HashMap<>();
+int[] pattern = wildcardHelper.compilePattern("org.apache.struts2.*");
+
+// when & then
+assertTrue(wildcardHelp
