You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/05/02 14:50:51 UTC
[2/3] git commit: Additional use cases to check method access
Additional use cases to check method access
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ee3c8d56
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ee3c8d56
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ee3c8d56
Branch: refs/heads/feature/exclude-object-class
Commit: ee3c8d5630b077e2f2708bc4cbeeb933150a71fe
Parents: 53fb5ba
Author: Lukasz Lenart <lu...@apache.org>
Authored: Thu May 1 09:40:33 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Thu May 1 09:40:33 2014 +0200
----------------------------------------------------------------------
.../opensymphony/xwork2/ognl/OgnlUtilTest.java | 54 ++++++++++++++++++++
1 file changed, 54 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/ee3c8d56/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index d471183..98ff671 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -685,6 +685,24 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
}
+ public void testAvoidCallingMethodsOnObjectClassAsMap2() throws Exception {
+ Foo foo = new Foo();
+ OgnlUtil util = new OgnlUtil();
+ util.setEnableExpressionCache("false");
+ util.setExcludedProperties("class");
+
+ Exception expected = null;
+ try {
+ util.setValue("model['class']['classLoader']['defaultAssertionStatus']", ActionContext.getContext().getContextMap(), foo, true);
+ fail();
+ } catch (OgnlException e) {
+ expected = e;
+ }
+ assertNotNull(expected);
+ assertSame(expected.getClass(), OgnlException.class);
+ assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
+ }
+
public void testAvoidCallingMethodsOnObjectClassAsMapWithQuotes() throws Exception {
Foo foo = new Foo();
OgnlUtil util = new OgnlUtil();
@@ -721,6 +739,42 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(expected.getMessage(), "Tree [toString] trying access excluded pattern [toString]");
}
+ public void testAvoidCallingMethodsWithBraces() throws Exception {
+ Foo foo = new Foo();
+ OgnlUtil util = new OgnlUtil();
+ util.setEnableExpressionCache("false");
+ util.setExcludedProperties("toString");
+
+ Exception expected = null;
+ try {
+ util.setValue("toString()", ActionContext.getContext().getContextMap(), foo, true);
+ fail();
+ } catch (OgnlException e) {
+ expected = e;
+ }
+ assertNotNull(expected);
+ assertSame(expected.getClass(), OgnlException.class);
+ assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]");
+ }
+
+ public void testAvoidCallingSomeClasses() throws Exception {
+ Foo foo = new Foo();
+ OgnlUtil util = new OgnlUtil();
+ util.setEnableExpressionCache("false");
+ util.setExcludedProperties("Runtime");
+
+ Exception expected = null;
+ try {
+ util.setValue("@java.lang.Runtime@getRuntime().exec('mate')", ActionContext.getContext().getContextMap(), foo, true);
+ fail();
+ } catch (OgnlException e) {
+ expected = e;
+ }
+ assertNotNull(expected);
+ assertSame(expected.getClass(), OgnlException.class);
+ assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]");
+ }
+
public static class Email {
String address;