You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@struts.apache.org by lu...@apache.org on 2014/05/02 14:50:50 UTC

[1/3] git commit: Extends patterns with parenthesis during initialisation

Repository: struts
Updated Branches:
  refs/heads/develop dddb273b1 -> 519aefdc8
  refs/heads/feature/exclude-object-class 5d8aa8a80 -> ee3c8d563


Extends patterns with parenthesis during initialisation


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/53fb5ba5
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/53fb5ba5
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/53fb5ba5

Branch: refs/heads/feature/exclude-object-class
Commit: 53fb5ba5f89c641a92a4f7bee7584e7764741572
Parents: 5d8aa8a
Author: Lukasz Lenart <lu...@apache.org>
Authored: Thu May 1 09:39:55 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Thu May 1 09:39:55 2014 +0200

----------------------------------------------------------------------
 .../main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java    | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/53fb5ba5/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 81f9700..5e06977 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -89,7 +89,11 @@ public class OgnlUtil {
 
     @Inject(value = XWorkConstants.OGNL_EXCLUDED_PROPERTIES, required = false)
     public void setExcludedProperties(String commaDelimitedProperties) {
-        excludedProperties = TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
+        Set<String> props = TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
+        for (String prop : props) {
+            excludedProperties.add(prop);
+            excludedProperties.add(prop + "()");
+        }
     }
 
     /**
@@ -309,8 +313,7 @@ public class OgnlUtil {
         if (tree instanceof SimpleNode) {
             SimpleNode node = (SimpleNode) tree;
             for (String excludedPattern : excludedProperties) {
-                // TODO lukaszlenart: need a better way to check 'toString' and 'toString()' call
-                if (excludedPattern.equalsIgnoreCase(node.toString()) || (excludedPattern + "()").equalsIgnoreCase(node.toString())) {
+                if (excludedPattern.equalsIgnoreCase(node.toString())) {
                     throw new OgnlException("Tree [" + (parent != null ? parent : tree) + "] trying access excluded pattern [" + excludedPattern + "]");
                 }
                for (int i = 0; i < node.jjtGetNumChildren(); i++) {

[2/3] git commit: Additional use cases to check method access

Posted by lu...@apache.org.

Additional use cases to check method access


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ee3c8d56
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ee3c8d56
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ee3c8d56

Branch: refs/heads/feature/exclude-object-class
Commit: ee3c8d5630b077e2f2708bc4cbeeb933150a71fe
Parents: 53fb5ba
Author: Lukasz Lenart <lu...@apache.org>
Authored: Thu May 1 09:40:33 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Thu May 1 09:40:33 2014 +0200

----------------------------------------------------------------------
 .../opensymphony/xwork2/ognl/OgnlUtilTest.java  | 54 ++++++++++++++++++++
 1 file changed, 54 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/ee3c8d56/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index d471183..98ff671 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -685,6 +685,24 @@ public class OgnlUtilTest extends XWorkTestCase {
         assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
     }
 
+    public void testAvoidCallingMethodsOnObjectClassAsMap2() throws Exception {
+        Foo foo = new Foo();
+        OgnlUtil util = new OgnlUtil();
+        util.setEnableExpressionCache("false");
+        util.setExcludedProperties("class");
+
+        Exception expected = null;
+        try {
+            util.setValue("model['class']['classLoader']['defaultAssertionStatus']", ActionContext.getContext().getContextMap(), foo, true);
+            fail();
+        } catch (OgnlException e) {
+            expected = e;
+        }
+        assertNotNull(expected);
+        assertSame(expected.getClass(), OgnlException.class);
+        assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
+    }
+
     public void testAvoidCallingMethodsOnObjectClassAsMapWithQuotes() throws Exception {
         Foo foo = new Foo();
         OgnlUtil util = new OgnlUtil();
@@ -721,6 +739,42 @@ public class OgnlUtilTest extends XWorkTestCase {
         assertEquals(expected.getMessage(), "Tree [toString] trying access excluded pattern [toString]");
     }
 
+    public void testAvoidCallingMethodsWithBraces() throws Exception {
+        Foo foo = new Foo();
+        OgnlUtil util = new OgnlUtil();
+        util.setEnableExpressionCache("false");
+        util.setExcludedProperties("toString");
+
+        Exception expected = null;
+        try {
+            util.setValue("toString()", ActionContext.getContext().getContextMap(), foo, true);
+            fail();
+        } catch (OgnlException e) {
+            expected = e;
+        }
+        assertNotNull(expected);
+        assertSame(expected.getClass(), OgnlException.class);
+        assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]");
+    }
+
+    public void testAvoidCallingSomeClasses() throws Exception {
+        Foo foo = new Foo();
+        OgnlUtil util = new OgnlUtil();
+        util.setEnableExpressionCache("false");
+        util.setExcludedProperties("Runtime");
+
+        Exception expected = null;
+        try {
+            util.setValue("@java.lang.Runtime@getRuntime().exec('mate')", ActionContext.getContext().getContextMap(), foo, true);
+            fail();
+        } catch (OgnlException e) {
+            expected = e;
+        }
+        assertNotNull(expected);
+        assertSame(expected.getClass(), OgnlException.class);
+        assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]");
+    }
+
     public static class Email {
         String address;

[3/3] git commit: Overrides pattern exclusion initialisation to allow test to pass

Posted by lu...@apache.org.

Overrides pattern exclusion initialisation to allow test to pass


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/519aefdc
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/519aefdc
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/519aefdc

Branch: refs/heads/develop
Commit: 519aefdc86add277a16e46d235328791d910177c
Parents: dddb273
Author: Lukasz Lenart <lu...@apache.org>
Authored: Fri May 2 14:50:34 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Fri May 2 14:50:34 2014 +0200

----------------------------------------------------------------------
 .../xwork2/interceptor/ParametersInterceptorTest.java            | 4 ++++
 1 file changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/519aefdc/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
index 4414666..7084924 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/interceptor/ParametersInterceptorTest.java
@@ -183,6 +183,10 @@ public class ParametersInterceptorTest extends XWorkTestCase {
                 return result;
             }
 
+            @Override
+            protected void initializeHardCodedExcludePatterns() {
+                excludeParams = new HashSet<Pattern>();
+            }
         };
 
         container.inject(pi);