Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WW-5353 Stronger security defaults for 7.0 #919

Merged
merged 2 commits into from
Apr 24, 2024
Merged

WW-5353 Stronger security defaults for 7.0 #919

merged 2 commits into from
Apr 24, 2024

Conversation

kusalk
Copy link
Member

@kusalk kusalk commented Apr 20, 2024

@kusalk kusalk force-pushed the WW-5353-stronger-security-defaults branch from 5d9c039 to 9f9a0e3 Compare April 20, 2024 11:59
kusalk
kusalk commented Apr 20, 2024
View reviewed changes
core/src/main/java/org/apache/struts2/util/StrutsTestCaseHelper.java

/**
* Generic test setup methods to be used with any unit testing framework.
*/
public class StrutsTestCaseHelper {

public static Dispatcher initDispatcher(ServletContext ctx, Map<String, String> params) {
Dispatcher du = new DispatcherWrapper(ctx, params != null ? params : emptyMap());
var finalParams = new HashMap<>(params);
finalParams.putIfAbsent(STRUTS_ALLOWLIST_ENABLE, "false");
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it makes sense to keep the allowlist disabled for unit tests as the auto-allowlisting is only effective in production applications

@kusalk kusalk force-pushed the merge-master-to-70-2024-04-20 branch from 8ad75f2 to 570f634 Compare April 20, 2024 12:07
@kusalk kusalk force-pushed the WW-5353-stronger-security-defaults branch from 0d614a7 to 9adc618 Compare April 20, 2024 12:08
@kusalk kusalk force-pushed the merge-master-to-70-2024-04-20 branch from 570f634 to d0204f3 Compare April 20, 2024 12:09
@kusalk kusalk force-pushed the WW-5353-stronger-security-defaults branch 2 times, most recently from 5e80a32 to f57b7c8 Compare April 20, 2024 12:22
@kusalk kusalk force-pushed the WW-5353-stronger-security-defaults branch from f57b7c8 to 5d4ad83 Compare April 20, 2024 12:33
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 20, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
76.9% Coverage on New Code (required ≥ 80%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

Base automatically changed from merge-master-to-70-2024-04-20 to release/struts-7-0-x April 20, 2024 14:54
@kusalk kusalk marked this pull request as ready for review April 20, 2024 14:54
@kusalk
Copy link
Member Author

kusalk commented Apr 24, 2024

Feedback on the next milestone will be interesting, let's see how we go!

@kusalk kusalk merged commit baab7dd into release/struts-7-0-x Apr 24, 2024
6 of 7 checks passed
@kusalk kusalk deleted the WW-5353-stronger-security-defaults branch April 24, 2024 12:33
@lukaszlenart
Copy link
Member

I can roll a new Milestone release during the weekend

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukaszlenart lukaszlenart lukaszlenart approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kusalk @lukaszlenart