From 8a245e865bae044181af4a1901b558fcf17e200a Mon Sep 17 00:00:00 2001 From: Kusal Kithul-Godage Date: Wed, 3 Jan 2024 20:54:55 +1100 Subject: [PATCH 1/3] WW-5352 Refactor ParametersInterceptor --- .../security/AcceptedPatternsChecker.java | 12 +- .../security/ExcludedPatternsChecker.java | 12 +- .../apache/struts2/dispatcher/Parameter.java | 8 +- .../ActionMappingParametersInterceptor.java | 6 +- .../parameter/ParametersInterceptor.java | 250 +++++++++--------- .../parameter/ParametersInterceptorTest.java | 2 +- 6 files changed, 148 insertions(+), 142 deletions(-) diff --git a/core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java index f5a329459f..4af56ff9e1 100644 --- a/core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java +++ b/core/src/main/java/com/opensymphony/xwork2/security/AcceptedPatternsChecker.java @@ -32,37 +32,37 @@ public interface AcceptedPatternsChecker { * @param value to check * @return object containing result of matched pattern and pattern itself */ - public IsAccepted isAccepted(String value); + IsAccepted isAccepted(String value); /** * Sets excluded patterns during runtime * * @param commaDelimitedPatterns comma delimited string with patterns */ - public void setAcceptedPatterns(String commaDelimitedPatterns); + void setAcceptedPatterns(String commaDelimitedPatterns); /** * Set excluded patterns during runtime * * @param patterns array of additional excluded patterns */ - public void setAcceptedPatterns(String[] patterns); + void setAcceptedPatterns(String[] patterns); /** * Sets excluded patterns during runtime * * @param patterns set of additional patterns */ - public void setAcceptedPatterns(Set patterns); + void setAcceptedPatterns(Set patterns); /** * Allow access list of all defined excluded patterns * * @return set of excluded patterns */ - public Set getAcceptedPatterns(); + Set getAcceptedPatterns(); - public final static class IsAccepted { + final class IsAccepted { private final boolean accepted; private final String acceptedPattern; diff --git a/core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java b/core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java index 6fa54d0d43..086c75d0b6 100644 --- a/core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java +++ b/core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java @@ -32,37 +32,37 @@ public interface ExcludedPatternsChecker { * @param value to check * @return object containing result of matched pattern and pattern itself */ - public IsExcluded isExcluded(String value); + IsExcluded isExcluded(String value); /** * Sets excluded patterns during runtime * * @param commaDelimitedPatterns comma delimited string with patterns */ - public void setExcludedPatterns(String commaDelimitedPatterns); + void setExcludedPatterns(String commaDelimitedPatterns); /** * Sets excluded patterns during runtime * * @param patterns array of additional excluded patterns */ - public void setExcludedPatterns(String[] patterns); + void setExcludedPatterns(String[] patterns); /** * Sets excluded patterns during runtime * * @param patterns set of additional patterns */ - public void setExcludedPatterns(Set patterns); + void setExcludedPatterns(Set patterns); /** * Allow access list of all defined excluded patterns * * @return set of excluded patterns */ - public Set getExcludedPatterns(); + Set getExcludedPatterns(); - public final static class IsExcluded { + final class IsExcluded { private final boolean excluded; private final String excludedPattern; diff --git a/core/src/main/java/org/apache/struts2/dispatcher/Parameter.java b/core/src/main/java/org/apache/struts2/dispatcher/Parameter.java index edae6c3a17..06aa6783fc 100644 --- a/core/src/main/java/org/apache/struts2/dispatcher/Parameter.java +++ b/core/src/main/java/org/apache/struts2/dispatcher/Parameter.java @@ -18,12 +18,12 @@ */ package org.apache.struts2.dispatcher; -import java.util.Objects; - import org.apache.commons.text.StringEscapeUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import java.util.Objects; + public interface Parameter { String getName(); @@ -58,7 +58,7 @@ public String getName() { @Override public String getValue() { String[] values = toStringArray(); - return (values != null && values.length > 0) ? values[0] : null; + return values.length > 0 ? values[0] : null; } private String[] toStringArray() { @@ -124,7 +124,7 @@ public String toString() { class Empty implements Parameter { - private String name; + private final String name; public Empty(String name) { this.name = name; diff --git a/core/src/main/java/org/apache/struts2/interceptor/ActionMappingParametersInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/ActionMappingParametersInterceptor.java index ac9d41708d..ecb1f7f9f1 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/ActionMappingParametersInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/ActionMappingParametersInterceptor.java @@ -76,12 +76,12 @@ public class ActionMappingParametersInterceptor extends ParametersInterceptor { /** * Get the parameter map from ActionMapping associated with the provided ActionContext. * - * @param ac The action context + * @param actionContext The action context * @return the parameters from the action mapping in the context. If none found, returns an empty map. */ @Override - protected HttpParameters retrieveParameters(ActionContext ac) { - ActionMapping mapping = ac.getActionMapping(); + protected HttpParameters retrieveParameters(ActionContext actionContext) { + ActionMapping mapping = actionContext.getActionMapping(); if (mapping != null) { return HttpParameters.create(mapping.getParams()).buildNoNestedWrapping(); } else { diff --git a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java index c55f97a6a8..4887232551 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java @@ -43,7 +43,6 @@ import org.apache.struts2.dispatcher.Parameter; import java.util.Collection; -import java.util.Collections; import java.util.Comparator; import java.util.HashSet; import java.util.Map; @@ -51,6 +50,8 @@ import java.util.TreeMap; import java.util.regex.Pattern; +import static java.util.Collections.unmodifiableSet; +import static java.util.stream.Collectors.joining; import static org.apache.commons.lang3.StringUtils.normalizeSpace; /** @@ -132,138 +133,149 @@ static private int countOGNLCharacters(String s) { @Override public String doIntercept(ActionInvocation invocation) throws Exception { Object action = invocation.getAction(); - if (!(action instanceof NoParameters)) { - ActionContext ac = invocation.getInvocationContext(); - HttpParameters parameters = retrieveParameters(ac); + if (action instanceof NoParameters) { + return invocation.invoke(); + } - if (LOG.isDebugEnabled()) { - LOG.debug("Setting params {}", normalizeSpace(getParameterLogMap(parameters))); - } + ActionContext actionContext = invocation.getInvocationContext(); + HttpParameters parameters = retrieveParameters(actionContext); - if (parameters != null) { - Map contextMap = ac.getContextMap(); - try { - ReflectionContextState.setCreatingNullObjects(contextMap, true); - ReflectionContextState.setDenyMethodExecution(contextMap, true); - ReflectionContextState.setReportingConversionErrors(contextMap, true); - - ValueStack stack = ac.getValueStack(); - setParameters(action, stack, parameters); - } finally { - ReflectionContextState.setCreatingNullObjects(contextMap, false); - ReflectionContextState.setDenyMethodExecution(contextMap, false); - ReflectionContextState.setReportingConversionErrors(contextMap, false); - } - } + if (parameters == null) { + return invocation.invoke(); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("Setting params {}", normalizeSpace(getParameterLogMap(parameters))); + } + + Map contextMap = actionContext.getContextMap(); + batchSetReflectionContextState(contextMap, true); + try { + setParameters(action, actionContext.getValueStack(), parameters); + } finally { + batchSetReflectionContextState(contextMap, false); } + return invocation.invoke(); } /** * Gets the parameter map to apply from wherever appropriate * - * @param ac The action context + * @param actionContext The action context * @return The parameter map to apply */ - protected HttpParameters retrieveParameters(ActionContext ac) { - return ac.getParameters(); + protected HttpParameters retrieveParameters(ActionContext actionContext) { + return actionContext.getParameters(); } /** * Adds the parameters into context's ParameterMap + *

+ * In this class this is a no-op, since the parameters were fetched from the same location. In subclasses both this + * and {@link #retrieveParameters} should be overridden. * * @param ac The action context * @param newParams The parameter map to apply - *

- * In this class this is a no-op, since the parameters were fetched from the same location. - * In subclasses both retrieveParameters() and addParametersToContext() should be overridden. - *

*/ protected void addParametersToContext(ActionContext ac, Map newParams) { } protected void setParameters(final Object action, ValueStack stack, HttpParameters parameters) { - HttpParameters params; - Map acceptableParameters; - if (ordered) { - params = HttpParameters.create().withComparator(getOrderedComparator()).withParent(parameters).build(); - acceptableParameters = new TreeMap<>(getOrderedComparator()); - } else { - params = HttpParameters.create().withParent(parameters).build(); - acceptableParameters = new TreeMap<>(); - } + Map acceptableParameters = toAcceptableParameters(parameters, action); - for (Map.Entry entry : params.entrySet()) { - String parameterName = entry.getKey(); - boolean isAcceptableParameter = isAcceptableParameter(parameterName, action); - isAcceptableParameter &= isAcceptableParameterValue(entry.getValue(), action); + ValueStack newStack = toNewStack(stack); + batchSetReflectionContextState(newStack.getContext(), true); + setMemberAccessProperties(newStack); - if (isAcceptableParameter) { - acceptableParameters.put(parameterName, entry.getValue()); - } + setParametersOnStack(newStack, acceptableParameters, action); + + if (newStack instanceof ClearableValueStack) { + stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors()); } + addParametersToContext(ActionContext.getContext(), acceptableParameters); + } + + protected void batchSetReflectionContextState(Map context, boolean value) { + ReflectionContextState.setCreatingNullObjects(context, value); + ReflectionContextState.setDenyMethodExecution(context, value); + ReflectionContextState.setReportingConversionErrors(context, value); + } + + protected ValueStack toNewStack(ValueStack stack) { ValueStack newStack = valueStackFactory.createValueStack(stack); - boolean clearableStack = newStack instanceof ClearableValueStack; - if (clearableStack) { - //if the stack's context can be cleared, do that to prevent OGNL - //from having access to objects in the stack, see XW-641 + if (newStack instanceof ClearableValueStack) { ((ClearableValueStack) newStack).clearContextValues(); - Map context = newStack.getContext(); - ReflectionContextState.setCreatingNullObjects(context, true); - ReflectionContextState.setDenyMethodExecution(context, true); - ReflectionContextState.setReportingConversionErrors(context, true); - - //keep locale from original context newStack.getActionContext().withLocale(stack.getActionContext().getLocale()).withValueStack(stack); } + return newStack; + } + + protected void setMemberAccessProperties(ValueStack stack) { + if (!(stack instanceof MemberAccessValueStack)) { + return; + } + ((MemberAccessValueStack) stack).useAcceptProperties(acceptedPatterns.getAcceptedPatterns()); + ((MemberAccessValueStack) stack).useExcludeProperties(excludedPatterns.getExcludedPatterns()); + } + + protected Map toAcceptableParameters(HttpParameters parameters, Object action) { + HttpParameters newParams = initNewHttpParameters(parameters); + Map acceptableParameters = initParameterMap(); + + for (Map.Entry entry : newParams.entrySet()) { + String parameterName = entry.getKey(); + Parameter parameterValue = entry.getValue(); + if (isAcceptableParameter(parameterName, action) && isAcceptableParameterValue(parameterValue, action)) { + acceptableParameters.put(parameterName, parameterValue); + } + } + return acceptableParameters; + } - boolean memberAccessStack = newStack instanceof MemberAccessValueStack; - if (memberAccessStack) { - //block or allow access to properties - //see WW-2761 for more details - MemberAccessValueStack accessValueStack = (MemberAccessValueStack) newStack; - accessValueStack.useAcceptProperties(acceptedPatterns.getAcceptedPatterns()); - accessValueStack.useExcludeProperties(excludedPatterns.getExcludedPatterns()); + protected Map initParameterMap() { + if (ordered) { + return new TreeMap<>(getOrderedComparator()); + } else { + return new TreeMap<>(); } + } + + protected HttpParameters initNewHttpParameters(HttpParameters parameters) { + if (ordered) { + return HttpParameters.create().withComparator(getOrderedComparator()).withParent(parameters).build(); + } else { + return HttpParameters.create().withParent(parameters).build(); + } + } - for (Map.Entry entry : acceptableParameters.entrySet()) { - String name = entry.getKey(); - Parameter value = entry.getValue(); + protected void setParametersOnStack(ValueStack stack, Map parameters, Object action) { + for (Map.Entry entry : parameters.entrySet()) { try { - newStack.setParameter(name, value.getObject()); + stack.setParameter(entry.getKey(), entry.getValue().getObject()); } catch (RuntimeException e) { if (devMode) { - notifyDeveloperParameterException(action, name, e.getMessage()); + notifyDeveloperParameterException(action, entry.getKey(), e.getMessage()); } } } - - if (clearableStack) { - stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors()); - } - - addParametersToContext(ActionContext.getContext(), acceptableParameters); } protected void notifyDeveloperParameterException(Object action, String property, String message) { - String developerNotification = "Unexpected Exception caught setting '" + property + "' on '" + action.getClass() + ": " + message; + String logMsg = "Unexpected Exception caught setting '" + property + "' on '" + action.getClass() + ": " + message; if (action instanceof TextProvider) { TextProvider tp = (TextProvider) action; - developerNotification = tp.getText("devmode.notification", - "Developer Notification:\n{0}", - new String[]{developerNotification} - ); + logMsg = tp.getText("devmode.notification", "Developer Notification:\n{0}", new String[]{logMsg}); } - - LOG.error(developerNotification); + LOG.error(logMsg); if (action instanceof ValidationAware) { - // see https://issues.apache.org/jira/browse/WW-4066 - Collection messages = ((ValidationAware) action).getActionMessages(); + ValidationAware validationAware = (ValidationAware) action; + Collection messages = validationAware.getActionMessages(); messages.add(message); - ((ValidationAware) action).setActionMessages(messages); + validationAware.setActionMessages(messages); } } @@ -275,8 +287,11 @@ protected void notifyDeveloperParameterException(Object action, String property, * @return true if parameter is accepted */ protected boolean isAcceptableParameter(String name, Object action) { - ParameterNameAware parameterNameAware = (action instanceof ParameterNameAware) ? (ParameterNameAware) action : null; - return acceptableName(name) && (parameterNameAware == null || parameterNameAware.acceptableParameterName(name)); + return acceptableName(name) && isAcceptableParameterNameAware(name, action); + } + + protected boolean isAcceptableParameterNameAware(String name, Object action) { + return !(action instanceof ParameterNameAware) || ((ParameterNameAware) action).acceptableParameterName(name); } /** @@ -287,13 +302,11 @@ protected boolean isAcceptableParameter(String name, Object action) { * @return true if parameter is accepted */ protected boolean isAcceptableParameterValue(Parameter param, Object action) { - ParameterValueAware parameterValueAware = (action instanceof ParameterValueAware) ? (ParameterValueAware) action : null; - boolean acceptableParamValue = (parameterValueAware == null || parameterValueAware.acceptableParameterValue(param.getValue())); - if (hasParamValuesToExclude() || hasParamValuesToAccept()) { - // Additional validations to process - acceptableParamValue &= acceptableValue(param.getName(), param.getValue()); - } - return acceptableParamValue; + return isAcceptableParameterValueAware(param, action) && acceptableValue(param.getName(), param.getValue()); + } + + protected boolean isAcceptableParameterValueAware(Parameter param, Object action) { + return !(action instanceof ParameterValueAware) || ((ParameterValueAware) action).acceptableParameterValue(param.getValue()); } /** @@ -311,16 +324,9 @@ protected String getParameterLogMap(HttpParameters parameters) { if (parameters == null) { return "NONE"; } - - StringBuilder logEntry = new StringBuilder(); - for (Map.Entry entry : parameters.entrySet()) { - logEntry.append(entry.getKey()); - logEntry.append(" => "); - logEntry.append(entry.getValue().getValue()); - logEntry.append(" "); - } - - return logEntry.toString(); + return parameters.entrySet().stream() + .map(entry -> String.format("%s => %s ", entry.getKey(), entry.getValue().getValue())) + .collect(joining()); } /** @@ -338,18 +344,17 @@ protected boolean acceptableName(String name) { return false; } boolean accepted = isWithinLengthLimit(name) && !isExcluded(name) && isAccepted(name); - if (devMode && accepted) { // notify only when in devMode + if (devMode && accepted) { LOG.debug("Parameter [{}] was accepted and will be appended to action!", name); } return accepted; } private boolean isIgnoredDMI(String name) { - if (dmiEnabled) { - return DMI_IGNORED_PATTERN.matcher(name).matches(); - } else { + if (!dmiEnabled) { return false; } + return DMI_IGNORED_PATTERN.matcher(name).matches(); } /** @@ -363,7 +368,7 @@ private boolean isIgnoredDMI(String name) { * @return true if accepted */ protected boolean acceptableValue(String name, String value) { - boolean accepted = (value == null || value.isEmpty() || (!isParamValueExcluded(value) && isParamValueAccepted(value))); + boolean accepted = value == null || value.isEmpty() || (!isParamValueExcluded(value) && isParamValueAccepted(value)); if (!accepted) { String message = "Value [{}] of parameter [{}] was not accepted and will be dropped!"; if (devMode) { @@ -378,7 +383,7 @@ protected boolean acceptableValue(String name, String value) { protected boolean isWithinLengthLimit(String name) { boolean matchLength = name.length() <= paramNameMaxLength; if (!matchLength) { - if (devMode) { // warn only when in devMode + if (devMode) { LOG.warn("Parameter [{}] is too long, allowed length is [{}]. Use Interceptor Parameter Overriding " + "to override the limit, see more at\n" + "https://struts.apache.org/core-developers/interceptors.html#interceptor-parameter-overriding", @@ -392,22 +397,23 @@ protected boolean isWithinLengthLimit(String name) { protected boolean isAccepted(String paramName) { AcceptedPatternsChecker.IsAccepted result = acceptedPatterns.isAccepted(paramName); - if (result.isAccepted()) { - return true; - } else if (devMode) { // warn only when in devMode - LOG.warn("Parameter [{}] didn't match accepted pattern [{}]! See Accepted / Excluded patterns at\n" + - "https://struts.apache.org/security/#accepted--excluded-patterns", - paramName, result.getAcceptedPattern()); - } else { - LOG.debug("Parameter [{}] didn't match accepted pattern [{}]!", paramName, result.getAcceptedPattern()); + if (!result.isAccepted()) { + if (devMode) { + LOG.warn("Parameter [{}] didn't match accepted pattern [{}]! See Accepted / Excluded patterns at\n" + + "https://struts.apache.org/security/#accepted--excluded-patterns", + paramName, result.getAcceptedPattern()); + } else { + LOG.debug("Parameter [{}] didn't match accepted pattern [{}]!", paramName, result.getAcceptedPattern()); + } + return false; } - return false; + return true; } protected boolean isExcluded(String paramName) { ExcludedPatternsChecker.IsExcluded result = excludedPatterns.isExcluded(paramName); if (result.isExcluded()) { - if (devMode) { // warn only when in devMode + if (devMode) { LOG.warn("Parameter [{}] matches excluded pattern [{}]! See Accepted / Excluded patterns at\n" + "https://struts.apache.org/security/#accepted--excluded-patterns", paramName, result.getExcludedPattern()); @@ -460,11 +466,11 @@ protected boolean isParamValueAccepted(String value) { } private boolean hasParamValuesToExclude() { - return excludedValuePatterns != null && excludedValuePatterns.size() > 0; + return excludedValuePatterns != null && !excludedValuePatterns.isEmpty(); } private boolean hasParamValuesToAccept() { - return acceptedValuePatterns != null && acceptedValuePatterns.size() > 0; + return acceptedValuePatterns != null && !acceptedValuePatterns.isEmpty(); } /** @@ -530,7 +536,7 @@ public void setAcceptedValuePatterns(String commaDelimitedPatterns) { acceptedValuePatterns.add(Pattern.compile(pattern, Pattern.CASE_INSENSITIVE)); } } finally { - acceptedValuePatterns = Collections.unmodifiableSet(acceptedValuePatterns); + acceptedValuePatterns = unmodifiableSet(acceptedValuePatterns); } } @@ -555,7 +561,7 @@ public void setExcludedValuePatterns(String commaDelimitedPatterns) { excludedValuePatterns.add(Pattern.compile(pattern, Pattern.CASE_INSENSITIVE)); } } finally { - excludedValuePatterns = Collections.unmodifiableSet(excludedValuePatterns); + excludedValuePatterns = unmodifiableSet(excludedValuePatterns); } } } diff --git a/core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java b/core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java index 333556ae70..33c3ce6e25 100644 --- a/core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java +++ b/core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java @@ -1053,7 +1053,7 @@ public boolean hasActionErrors() { } public boolean hasActionMessages() { - return messages.size() > 0; + return !messages.isEmpty(); } public boolean hasErrors() { From aa4398ee2e57beb3e46d2e69e8a30cd02784c1c9 Mon Sep 17 00:00:00 2001 From: Kusal Kithul-Godage Date: Sat, 6 Jan 2024 02:10:12 +1100 Subject: [PATCH 2/3] WW-5352 Do not use setter notation for helper methods --- .../parameter/ParametersInterceptor.java | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java index 4887232551..e93b60a28c 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java @@ -149,11 +149,11 @@ public String doIntercept(ActionInvocation invocation) throws Exception { } Map contextMap = actionContext.getContextMap(); - batchSetReflectionContextState(contextMap, true); + batchApplyReflectionContextState(contextMap, true); try { setParameters(action, actionContext.getValueStack(), parameters); } finally { - batchSetReflectionContextState(contextMap, false); + batchApplyReflectionContextState(contextMap, false); } return invocation.invoke(); @@ -182,14 +182,22 @@ protected HttpParameters retrieveParameters(ActionContext actionContext) { protected void addParametersToContext(ActionContext ac, Map newParams) { } + /** + * @deprecated since 6.4.0, use {@link #applyParameters} + */ + @Deprecated protected void setParameters(final Object action, ValueStack stack, HttpParameters parameters) { + applyParameters(action, stack, parameters); + } + + protected void applyParameters(final Object action, ValueStack stack, HttpParameters parameters) { Map acceptableParameters = toAcceptableParameters(parameters, action); ValueStack newStack = toNewStack(stack); - batchSetReflectionContextState(newStack.getContext(), true); - setMemberAccessProperties(newStack); + batchApplyReflectionContextState(newStack.getContext(), true); + applyMemberAccessProperties(newStack); - setParametersOnStack(newStack, acceptableParameters, action); + applyParametersOnStack(newStack, acceptableParameters, action); if (newStack instanceof ClearableValueStack) { stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors()); @@ -198,7 +206,7 @@ protected void setParameters(final Object action, ValueStack stack, HttpParamete addParametersToContext(ActionContext.getContext(), acceptableParameters); } - protected void batchSetReflectionContextState(Map context, boolean value) { + protected void batchApplyReflectionContextState(Map context, boolean value) { ReflectionContextState.setCreatingNullObjects(context, value); ReflectionContextState.setDenyMethodExecution(context, value); ReflectionContextState.setReportingConversionErrors(context, value); @@ -213,7 +221,7 @@ protected ValueStack toNewStack(ValueStack stack) { return newStack; } - protected void setMemberAccessProperties(ValueStack stack) { + protected void applyMemberAccessProperties(ValueStack stack) { if (!(stack instanceof MemberAccessValueStack)) { return; } @@ -251,7 +259,7 @@ protected HttpParameters initNewHttpParameters(HttpParameters parameters) { } } - protected void setParametersOnStack(ValueStack stack, Map parameters, Object action) { + protected void applyParametersOnStack(ValueStack stack, Map parameters, Object action) { for (Map.Entry entry : parameters.entrySet()) { try { stack.setParameter(entry.getKey(), entry.getValue().getObject()); From 199ea0db69ec7ed7bed221508341dfed2f840dcc Mon Sep 17 00:00:00 2001 From: Kusal Kithul-Godage Date: Sat, 6 Jan 2024 02:10:34 +1100 Subject: [PATCH 3/3] WW-5352 Rename acceptable name/value methods --- .../parameter/ParametersInterceptor.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java index e93b60a28c..efc4a7b04e 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java +++ b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParametersInterceptor.java @@ -337,6 +337,13 @@ protected String getParameterLogMap(HttpParameters parameters) { .collect(joining()); } + /** + * @deprecated since 6.4.0, use {@link #isAcceptableName} + */ + protected boolean acceptableName(String name) { + return isAcceptableName(name); + } + /** * Validates the name passed is: * * Within the max length of a parameter name @@ -346,7 +353,7 @@ protected String getParameterLogMap(HttpParameters parameters) { * @param name - Name to check * @return true if accepted */ - protected boolean acceptableName(String name) { + protected boolean isAcceptableName(String name) { if (isIgnoredDMI(name)) { LOG.trace("DMI is enabled, ignoring DMI method: {}", name); return false; @@ -365,6 +372,13 @@ private boolean isIgnoredDMI(String name) { return DMI_IGNORED_PATTERN.matcher(name).matches(); } + /** + * @deprecated since 6.4.0, use {@link #isAcceptableValue} + */ + protected boolean acceptableValue(String name, String value) { + return isAcceptableValue(name, value); + } + /** * Validates: * * Value is null/blank @@ -375,7 +389,7 @@ private boolean isIgnoredDMI(String name) { * @param value - value to check * @return true if accepted */ - protected boolean acceptableValue(String name, String value) { + protected boolean isAcceptableValue(String name, String value) { boolean accepted = value == null || value.isEmpty() || (!isParamValueExcluded(value) && isParamValueAccepted(value)); if (!accepted) { String message = "Value [{}] of parameter [{}] was not accepted and will be dropped!";