[ https://issues.apache.org/jira/browse/WW-5429?focusedWorklogId=923854&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-923854 ]
ASF GitHub Bot logged work on WW-5429: -------------------------------------- Author: ASF GitHub Bot Created on: 18/Jun/24 09:42 Start Date: 18/Jun/24 09:42 Worklog Time Spent: 10m Work Description: kusalk commented on code in PR #969: URL: https://github.com/apache/struts/pull/969#discussion_r1644161012 ########## core/src/main/java/com/opensymphony/xwork2/interceptor/ValidationAware.java: ########## @@ -119,7 +119,9 @@ public interface ValidationAware { * * @return <code>(hasActionErrors() || hasFieldErrors())</code> */ - boolean hasErrors(); + default boolean hasErrors() { Review Comment: Added default implementation which matches the JavaDoc, makes implementing this class simpler ########## core/src/main/java/com/opensymphony/xwork2/util/DebugUtils.java: ########## @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package com.opensymphony.xwork2.util; + +import com.opensymphony.xwork2.TextProvider; +import com.opensymphony.xwork2.interceptor.ValidationAware; +import org.apache.logging.log4j.Logger; + +/** + * @since 6.5.0 + */ +public class DebugUtils { + + public static void notifyDeveloperOfError(Logger log, Object action, String message) { Review Comment: Extracted this method out of `ParametersInterceptor` for reuse ########## core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java: ########## @@ -116,15 +116,17 @@ public void testInsecureParameters() throws Exception { pi.setParameters(action, vs, HttpParameters.create(params).build()); // then - assertEquals(3, action.getActionMessages().size()); + assertEquals(3, action.getActionErrors().size()); - String msg1 = action.getActionMessage(0); - String msg2 = action.getActionMessage(1); - String msg3 = action.getActionMessage(2); + List<String> actionErrors = new ArrayList<>(action.getActionErrors()); - assertEquals("Error setting expression 'expression' with value '#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#req=@org.apache.struts2.ServletActionContext@getRequest(),#resp=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'", msg1); - assertEquals("Error setting expression 'name' with value '(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new java.lang.Boolean(true), @java.lang.Runtime@getRuntime().exec('mkdir /tmp/PWNAGE'))(meh)'", msg2); - assertEquals("Error setting expression 'top['name'](0)' with value 'true'", msg3); + String msg1 = actionErrors.get(0); + String msg2 = actionErrors.get(1); + String msg3 = actionErrors.get(2); + + assertEquals("Unexpected Exception caught setting 'expression' on 'class org.apache.struts2.interceptor.parameter.ValidateAction: Error setting expression 'expression' with value '#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#req=@org.apache.struts2.ServletActionContext@getRequest(),#resp=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'", msg1); Review Comment: These messages now include both the context message as well as the exception message. Whilst they are very similar in this test example, it's not guaranteed to be the case ########## core/src/main/java/com/opensymphony/xwork2/ognl/ErrorMessageBuilder.java: ########## @@ -42,7 +42,7 @@ public ErrorMessageBuilder errorSettingExpressionWithValue(String expr, Object v return this; } - private void appenExpression(String expr) { + private void appendExpression(String expr) { Review Comment: Fixed typo ########## core/src/test/java/org/apache/struts2/interceptor/parameter/ParametersInterceptorTest.java: ########## @@ -116,15 +116,17 @@ public void testInsecureParameters() throws Exception { pi.setParameters(action, vs, HttpParameters.create(params).build()); // then - assertEquals(3, action.getActionMessages().size()); + assertEquals(3, action.getActionErrors().size()); Review Comment: Using Action errors instead of Action messages to communicate developer errors (only impacts DevMode) Issue Time Tracking ------------------- Worklog Id: (was: 923854) Time Spent: 0.5h (was: 20m) > Log parameter annotation issues at ERROR level when in DevMode > -------------------------------------------------------------- > > Key: WW-5429 > URL: https://issues.apache.org/jira/browse/WW-5429 > Project: Struts 2 > Issue Type: Improvement > Components: Core, Core Interceptors > Reporter: Kusal Kithul-Godage > Priority: Trivial > Fix For: 6.5.0, 7.0.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)