-
Notifications
You must be signed in to change notification settings - Fork 813
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WW-5350 Refactor SecurityMemberAccess #780
Conversation
final int memberModifiers = member.getModifiers(); | ||
final Class<?> memberClass = member.getDeclaringClass(); | ||
// target can be null in case of accessing static fields, since OGNL 3.2.8 | ||
final Class<?> targetClass = Modifier.isStatic(memberModifiers) ? memberClass : target.getClass(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wanted to be a bit more deliberate about how we handle the arguments in case OGNL behaviour changes
} | ||
|
||
if (disallowProxyMemberAccess && ProxyUtil.isProxyMember(member, target)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extract this into its own protected method for consistency
LOG.warn("Access to non-public [{}] is blocked!", member); | ||
return false; | ||
} | ||
|
||
if (!checkStaticFieldAccess(member, memberModifiers)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed redundant argument
return false; | ||
} | ||
|
||
if (!checkPublicMemberAccess(memberModifiers)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tried to standardise around just passing the object and/or member to these protected methods
/** | ||
* @return {@code true} if member access is allowed | ||
*/ | ||
protected boolean checkExclusionList(Object target, Member member) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extracted all the exclusion list checks into this method
return false; | ||
} | ||
|
||
if (disallowDefaultPackageAccess) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extracted this into its own method
LOG.warn("Access to static field [{}] is blocked!", member); | ||
return false; | ||
} | ||
|
||
// it needs to be before calling #checkStaticMethodAccess() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is essentially an exemption to checkStaticMethodAccess
so I moved it within that method - we shouldn't be relying on method call order here
&& isStatic(member) | ||
&& member instanceof Method | ||
&& member.getName().equals("values") | ||
&& ((Method) member).getParameterCount() == 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Closed a minor hole where another static values
method could also be exempted
return allowStaticFieldAccess; | ||
} else { | ||
protected boolean checkStaticFieldAccess(Member member) { | ||
if (allowStaticFieldAccess) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bypass computation if static field access is permitted
de5d341
to
c85d7eb
Compare
throw new IllegalArgumentException("Target does not match member!"); | ||
if (target != null) { | ||
// Special case: Target is a Class object but not Class.class | ||
if (Class.class.equals(target.getClass()) && !Class.class.equals(target)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Validate and throw exceptions if arguments are not what we expect as the following logic depends on these assumptions to be accurate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good, thanks for all the changes! And as you said SecurityMemberAccess
shouldn't be used by users directly so maybe marking it final
would be a good idea?
@lukaszlenart I'm going to make it extensible as part of WW-5343 so that applications can add even stronger checks if they so desire - so will leave it not |
SonarCloud Quality Gate failed. 0 Bugs 76.2% Coverage Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
WW-5350
See comments.
I didn't deprecate methods for which I've changed the signature as from what I can tell
SecurityMemberAccess
is not considered public API (no reasonable situation in which a Struts applications would need to override or instantiate the class themselves, nor is it a defined extensible bean) (WW-5343 aims to make it a configurable bean and thus public API).