[
https://issues.apache.org/jira/browse/WW-5429?focusedWorklogId=923854&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923854
]
ASF GitHub Bot logged work on WW-5429:
--------------------------------------
Author: ASF GitHub Bot
Created on: 18/Jun/24 09:42
Start Date: 18/Jun/24 09:42
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #969:
URL: https://github.com/apache/struts/pull/969#discussion_r1644161012
##########
core/src/main/java/com/opensymphony/xwork2/interceptor/ValidationAware.java:
##########
@@ -119,7 +119,9 @@ public interface ValidationAware {
*
* @return <code>(hasActionErrors() || hasFieldErrors())</code>
*/
- boolean hasErrors();
+ default boolean hasErrors() {
Review Comment:
Added default implementation which matches the JavaDoc, makes implementing
this class simpler
##########
core/src/main/java/com/opensymphony/xwork2/util/DebugUtils.java:
##########
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.opensymphony.xwork2.util;
+
+import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.interceptor.ValidationAware;
+import org.apache.logging.log4j.Logger;
+
+/**
+ * @since 6.5.0
+ */
+public class DebugUtils {
+
+ public static void notifyDeveloperOfError(Logger log, Object action,
String message) {
Review Comment:
Extracted this method out of `ParametersInterceptor` for reuse
##########
core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java:
##########
@@ -116,15 +116,17 @@ public void testInsecureParameters() throws Exception {
pi.setParameters(action, vs, HttpParameters.create(params).build());
// then
- assertEquals(3, action.getActionMessages().size());
+ assertEquals(3, action.getActionErrors().size());
- String msg1 = action.getActionMessage(0);
- String msg2 = action.getActionMessage(1);
- String msg3 = action.getActionMessage(2);
+ List<String> actionErrors = new ArrayList<>(action.getActionErrors());
- assertEquals("Error setting expression 'expression' with value
'#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#[email protected]@getRequest(),#[email protected]@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'",
msg1);
- assertEquals("Error setting expression 'name' with value
'(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new
java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new
java.lang.Boolean(true), @java.lang.Runtime@getRuntime().exec('mkdir
/tmp/PWNAGE'))(meh)'", msg2);
- assertEquals("Error setting expression 'top['name'](0)' with value
'true'", msg3);
+ String msg1 = actionErrors.get(0);
+ String msg2 = actionErrors.get(1);
+ String msg3 = actionErrors.get(2);
+
+ assertEquals("Unexpected Exception caught setting 'expression' on
'class org.apache.struts2.interceptor.parameter.ValidateAction: Error setting
expression 'expression' with value
'#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#[email protected]@getRequest(),#[email protected]@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'",
msg1);
Review Comment:
These messages now include both the context message as well as the exception
message. Whilst they are very similar in this test example, it's not guaranteed
to be the case
##########
core/src/main/java/com/opensymphony/xwork2/ognl/ErrorMessageBuilder.java:
##########
@@ -42,7 +42,7 @@ public ErrorMessageBuilder
errorSettingExpressionWithValue(String expr, Object v
return this;
}
- private void appenExpression(String expr) {
+ private void appendExpression(String expr) {
Review Comment:
Fixed typo
##########
core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java:
##########
@@ -116,15 +116,17 @@ public void testInsecureParameters() throws Exception {
pi.setParameters(action, vs, HttpParameters.create(params).build());
// then
- assertEquals(3, action.getActionMessages().size());
+ assertEquals(3, action.getActionErrors().size());
Review Comment:
Using Action errors instead of Action messages to communicate developer
errors (only impacts DevMode)
Issue Time Tracking
-------------------
Worklog Id: (was: 923854)
Time Spent: 0.5h (was: 20m)
> Log parameter annotation issues at ERROR level when in DevMode
> --------------------------------------------------------------
>
> Key: WW-5429
> URL: https://issues.apache.org/jira/browse/WW-5429
> Project: Struts 2
> Issue Type: Improvement
> Components: Core, Core Interceptors
> Reporter: Kusal Kithul-Godage
> Priority: Trivial
> Fix For: 6.5.0, 7.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
