Skip to content

Commit

Permalink
Merge pull request #726 from atlassian/WW-5332-package-validation
Browse files Browse the repository at this point in the history
WW-5332 Add validation for package name parsing
  • Loading branch information
lukaszlenart authored Aug 17, 2023
2 parents 570b38f + 9780e70 commit 9bbf9c5
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 17 deletions.
10 changes: 7 additions & 3 deletions core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,8 @@ public class OgnlUtil {
@Deprecated
public OgnlUtil() {
// Instantiate default Expression and BeanInfo caches (factories must be non-null).
this(new DefaultOgnlExpressionCacheFactory<String, Object>(),
new DefaultOgnlBeanInfoCacheFactory<Class<?>, BeanInfo>());
this(new DefaultOgnlExpressionCacheFactory<>(),
new DefaultOgnlBeanInfoCacheFactory<>());
}

/**
Expand Down Expand Up @@ -261,7 +261,11 @@ public void setDevModeExcludedPackageExemptClasses(String commaDelimitedClasses)
}

private Set<String> parseExcludedPackageNames(String commaDelimitedPackageNames) {
return TextParseUtil.commaDelimitedStringToSet(commaDelimitedPackageNames);
Set<String> parsedSet = TextParseUtil.commaDelimitedStringToSet(commaDelimitedPackageNames);
if (parsedSet.stream().anyMatch(s -> s.matches("(.*?)\\s(.*?)"))) {
throw new ConfigurationException("Excluded package names could not be parsed due to erroneous whitespace characters: " + commaDelimitedPackageNames);
}
return parsedSet;
}

public Set<Class<?>> getExcludedClasses() {
Expand Down
22 changes: 9 additions & 13 deletions core/src/main/java/com/opensymphony/xwork2/util/TextParseUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,12 @@

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.inject.Container;

import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Set;
import java.util.stream.Collectors;


/**
Expand Down Expand Up @@ -241,13 +244,13 @@ public Object evaluate(String parsedValue) {
/**
* Tests if given string is not null and not empty when excluding of empty
* elements is requested.
*
*
* @param str String to check.
* @param excludeEmptyElements Whether empty elements shall be excluded.
* @return True if given string can be included in collection.
*/
private static boolean shallBeIncluded(String str, boolean excludeEmptyElements) {
return !excludeEmptyElements || ((str != null) && (str.length() > 0));
return !excludeEmptyElements || str != null && !str.isEmpty();
}

/**
Expand All @@ -256,14 +259,7 @@ private static boolean shallBeIncluded(String str, boolean excludeEmptyElements)
* @return A set from comma delimited Strings.
*/
public static Set<String> commaDelimitedStringToSet(String s) {
Set<String> set = new HashSet<>();
String[] split = s.split(",");
for (String aSplit : split) {
String trimmed = aSplit.trim();
if (trimmed.length() > 0)
set.add(trimmed);
}
return set;
return Arrays.stream(s.split(",")).map(String::trim).filter(s1 -> !s1.isEmpty()).collect(Collectors.toSet());
}


Expand All @@ -287,7 +283,7 @@ public static Set<String> commaDelimitedStringToSet(String s) {
*
* @author tm_jee
*/
public static interface ParsedValueEvaluator {
public interface ParsedValueEvaluator {

/**
* Evaluated the value parsed by Ognl value stack.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@
import java.util.Set;
import java.util.regex.Pattern;

import static org.junit.Assert.assertThrows;

public class OgnlUtilTest extends XWorkTestCase {

// Fields for static field access test
Expand Down Expand Up @@ -1712,6 +1714,13 @@ public void testAccessContext() throws Exception {
assertSame(that, root);
}

public void testSetExcludedPackageNames() {
assertThrows(ConfigurationException.class, () -> ognlUtil.setExcludedPackageNames("java.lang\njava.awt"));
assertThrows(ConfigurationException.class, () -> ognlUtil.setExcludedPackageNames("java.lang\tjava.awt"));
ConfigurationException e = assertThrows(ConfigurationException.class, () -> ognlUtil.setExcludedPackageNames("java.lang java.awt"));
assertTrue(e.getMessage().contains("erroneous whitespace characters"));
}

public void testGetExcludedPackageNames() {
// Getter should return an immutable collection
OgnlUtil util = new OgnlUtil();
Expand All @@ -1728,7 +1737,7 @@ public void testGetExcludedPackageNames() {

public void testGetExcludedPackageNamesAlternateConstructorPopulated() {
// Getter should return an immutable collection
OgnlUtil util = new OgnlUtil(new DefaultOgnlExpressionCacheFactory<String, Object>(), new DefaultOgnlBeanInfoCacheFactory<Class<?>, BeanInfo>());
OgnlUtil util = new OgnlUtil(new DefaultOgnlExpressionCacheFactory<>(), new DefaultOgnlBeanInfoCacheFactory<>());
util.setExcludedPackageNames("java.lang,java.awt");
assertEquals(util.getExcludedPackageNames().size(), 2);
try {
Expand Down

0 comments on commit 9bbf9c5

Please sign in to comment.