You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by st...@spamgourmet.com on 2012/03/15 17:09:14 UTC

Fuzz testing and ognl.MethodFailedException - Freemarker results can't use integer types in compare operations?

I've got accessor/mutators on my action for an integer ID parameter like this:
      NewUserAction {
      int _userGroupId = -1;
      // execute, validate,  other methods
      setUserGroupId( int id ) { this._userGroupId = id; }
      getUserGroupId() { return _userGroupId; }
      }

But when I access this action with invalid / fuzz-test parameters like "/newuser.action?userGroupId=ASDF" I get this warning:

    2012-03-15 10:34:34,741 WARN  [com.opensymphony.xwork2.ognl.OgnlValueStack] (http-0.0.0.0-8080-1) Error setting expression 'userGroupId' with value '[Ljava.lang.String;@1ed15b50'
    ognl.MethodFailedException: Method "setUserGroupId" failed for object com.example.rgm.NewUser@4eeec90c [java.lang.NoSuchMethodException: com.example.rgm.NewUser.setUserGroupId([Ljava.lang.String;)]
	at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1292)
	at ognl.OgnlRuntime.setMethodValue(OgnlRuntime.java:1481)

This would be OK, provided that my result saw the parameter's initial value of -1, however it seems that the FreeMarker Result that I'm using actually gets the "userGroupId" parameter as this invalid value.  I expect that it would call NewUser.getUserGroupId() instead of using a temporary (invalid!) value from the ValueStack.  Is there an XWork configuration parameter that avoids polluting the ValueStack after this type of exception, or do I have to write all my templates in such a way that I can't rely on integer types?

When returning the ERROR result, Freemarker template processing is choking on this line:

view-usergroup-error.ftl:
        <#-- A user group was specified,  show information about the chosen group if it's valid. -->
	<#if  (userGroupId >= -1)>  .... 

    freemarker.template.TemplateException: The only legal comparisons are between two numbers, two strings, or two dates.
    Left  hand operand is a freemarker.ext.beans.StringModel
    Right hand operand is a freemarker.template.SimpleNumber



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Fuzz testing and ognl.MethodFailedException - Freemarker results can't use integer types in compare operations?

Posted by st...@spamgourmet.com.

Replying to my own post after reading some source code.  If you have additional advice to add, I'd love to hear it.

I have now learned about the ConversionErrorInterceptor:
	http://struts.apache.org/2.0.14/docs/conversion-error-interceptor.html
	http://struts.apache.org/2.3.1.2/xwork-core/apidocs/com/opensymphony/xwork2/interceptor/ConversionErrorInterceptor.html
	http://struts.apache.org/2.3.1.2/struts2-core/apidocs/org/apache/struts2/interceptor/StrutsConversionErrorInterceptor.html
	
To get better control of this behavior, it seems I need to implement a FieldValidator.  Then I can use the "repopulateField" property, as described here:
	http://struts.apache.org/2.2.3/docs/conversion-validator.html

In addition, I believe my result templates should be checking "hasError" with something like:

   <#if  !( action.hasErrors() && fieldErrors?keys?seq_contains("userGroupId")) >
    ... do something with userGroupId as an integer ...

Sincerely,
rgm

On Mar 15, 2012, at 11:09 AM, struts.rgm@spamgourmet.com wrote:

> I've got accessor/mutators on my action for an integer ID parameter like this:
>      NewUserAction {
>      int _userGroupId = -1;
>      // execute, validate,  other methods
>      setUserGroupId( int id ) { this._userGroupId = id; }
>      getUserGroupId() { return _userGroupId; }
>      }
> 
> But when I access this action with invalid / fuzz-test parameters like "/newuser.action?userGroupId=ASDF" I get this warning:
> 
>    2012-03-15 10:34:34,741 WARN  [com.opensymphony.xwork2.ognl.OgnlValueStack] (http-0.0.0.0-8080-1) Error setting expression 'userGroupId' with value '[Ljava.lang.String;@1ed15b50'
>    ognl.MethodFailedException: Method "setUserGroupId" failed for object com.example.rgm.NewUser@4eeec90c [java.lang.NoSuchMethodException: com.example.rgm.NewUser.setUserGroupId([Ljava.lang.String;)]
> 	at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1292)
> 	at ognl.OgnlRuntime.setMethodValue(OgnlRuntime.java:1481)
> 
> This would be OK, provided that my result saw the parameter's initial value of -1, however it seems that the FreeMarker Result that I'm using actually gets the "userGroupId" parameter as this invalid value.  I expect that it would call NewUser.getUserGroupId() instead of using a temporary (invalid!) value from the ValueStack.  Is there an XWork configuration parameter that avoids polluting the ValueStack after this type of exception, or do I have to write all my templates in such a way that I can't rely on integer types?
> 
> When returning the ERROR result, Freemarker template processing is choking on this line:
> 
> view-usergroup-error.ftl:
>        <#-- A user group was specified,  show information about the chosen group if it's valid. -->
> 	<#if  (userGroupId >= -1)>  .... 
> 
>    freemarker.template.TemplateException: The only legal comparisons are between two numbers, two strings, or two dates.
>    Left  hand operand is a freemarker.ext.beans.StringModel
>    Right hand operand is a freemarker.template.SimpleNumber
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org