[jira] [Work logged] (WW-5284) Further clean up ActionValidatorManager implementations
[ https://issues.apache.org/jira/browse/WW-5284?focusedWorklogId=846404&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-846404 ] ASF GitHub Bot logged work on WW-5284: -- Author: ASF GitHub Bot Created on: 20/Feb/23 06:48 Start Date: 20/Feb/23 06:48 Worklog Time Spent: 10m Work Description: lukaszlenart merged PR #659: URL: https://github.com/apache/struts/pull/659 Issue Time Tracking --- Worklog Id: (was: 846404) Time Spent: 1h 20m (was: 1h 10m) > Further clean up ActionValidatorManager implementations > --- > > Key: WW-5284 > URL: https://issues.apache.org/jira/browse/WW-5284 > Project: Struts 2 > Issue Type: Task > Components: Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.2.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5284) Further clean up ActionValidatorManager implementations
[ https://issues.apache.org/jira/browse/WW-5284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691029#comment-17691029 ] ASF subversion and git services commented on WW-5284: - Commit f67e5f1aceb4e536d31d2c75d1e8295b3023 in struts's branch refs/heads/master from Lukasz Lenart [ https://gitbox.apache.org/repos/asf?p=struts.git;h=f67e5f1ac ] Merge pull request #659 from atlassian/WW-5284-clean-up-validator WW-5284 Refactor ActionValidatorManager implementations > Further clean up ActionValidatorManager implementations > --- > > Key: WW-5284 > URL: https://issues.apache.org/jira/browse/WW-5284 > Project: Struts 2 > Issue Type: Task > Components: Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.2.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Resolved] (WW-5284) Further clean up ActionValidatorManager implementations
[ https://issues.apache.org/jira/browse/WW-5284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Lukasz Lenart resolved WW-5284. --- Resolution: Fixed > Further clean up ActionValidatorManager implementations > --- > > Key: WW-5284 > URL: https://issues.apache.org/jira/browse/WW-5284 > Project: Struts 2 > Issue Type: Task > Components: Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.2.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5284) Further clean up ActionValidatorManager implementations
[ https://issues.apache.org/jira/browse/WW-5284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691028#comment-17691028 ] ASF subversion and git services commented on WW-5284: - Commit d30870ac63af4555878c05d6984415e2ae5dd211 in struts's branch refs/heads/master from Kusal Kithul-Godage [ https://gitbox.apache.org/repos/asf?p=struts.git;h=d30870ac6 ] WW-5284 Delete unnecessary override > Further clean up ActionValidatorManager implementations > --- > > Key: WW-5284 > URL: https://issues.apache.org/jira/browse/WW-5284 > Project: Struts 2 > Issue Type: Task > Components: Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.2.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (WW-5284) Further clean up ActionValidatorManager implementations
[ https://issues.apache.org/jira/browse/WW-5284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691027#comment-17691027 ] ASF subversion and git services commented on WW-5284: - Commit 816e606ffed37fa38a0007964fad94b08a9b5a98 in struts's branch refs/heads/master from Kusal Kithul-Godage [ https://gitbox.apache.org/repos/asf?p=struts.git;h=816e606ff ] WW-5284 Refactor ActionValidatorManager implementations > Further clean up ActionValidatorManager implementations > --- > > Key: WW-5284 > URL: https://issues.apache.org/jira/browse/WW-5284 > Project: Struts 2 > Issue Type: Task > Components: Core Interceptors >Reporter: Kusal Kithul-Godage >Priority: Trivial > Fix For: 6.2.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5284) Further clean up ActionValidatorManager implementations
[
https://issues.apache.org/jira/browse/WW-5284?focusedWorklogId=846382&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-846382
]
ASF GitHub Bot logged work on WW-5284:
--
Author: ASF GitHub Bot
Created on: 20/Feb/23 02:32
Start Date: 20/Feb/23 02:32
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #659:
URL: https://github.com/apache/struts/pull/659#discussion_r401411
##
core/src/main/java/com/opensymphony/xwork2/validator/AnnotationActionValidatorManager.java:
##
@@ -120,10 +66,20 @@ protected String buildValidatorKey(Class clazz, String
context) {
} else {
sb.append(context);
}
-
return sb.toString();
}
+@Override
+protected Validator getValidatorFromValidatorConfig(ValidatorConfig
config, ValueStack stack) {
+Validator validator = validatorFactory.getValidator(
+new ValidatorConfig.Builder(config)
+.removeParam("methodName")
Review Comment:
Done :)
Issue Time Tracking
---
Worklog Id: (was: 846382)
Time Spent: 1h 10m (was: 1h)
> Further clean up ActionValidatorManager implementations
> ---
>
> Key: WW-5284
> URL: https://issues.apache.org/jira/browse/WW-5284
> Project: Struts 2
> Issue Type: Task
> Components: Core Interceptors
>Reporter: Kusal Kithul-Godage
>Priority: Trivial
> Fix For: 6.2.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[GitHub] [struts] kusalk commented on a diff in pull request #659: WW-5284 Refactor ActionValidatorManager implementations
kusalk commented on code in PR #659:
URL: https://github.com/apache/struts/pull/659#discussion_r401411
##
core/src/main/java/com/opensymphony/xwork2/validator/AnnotationActionValidatorManager.java:
##
@@ -120,10 +66,20 @@ protected String buildValidatorKey(Class clazz, String
context) {
} else {
sb.append(context);
}
-
return sb.toString();
}
+@Override
+protected Validator getValidatorFromValidatorConfig(ValidatorConfig
config, ValueStack stack) {
+Validator validator = validatorFactory.getValidator(
+new ValidatorConfig.Builder(config)
+.removeParam("methodName")
Review Comment:
Done :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@struts.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (WW-5268) Add configuration option to exempt classes from OGNL package exclusions
[ https://issues.apache.org/jira/browse/WW-5268?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17690864#comment-17690864 ] Yasser Zamani commented on WW-5268: --- [~kusal] IMHO this mechanism would be completely replaced with a more generic solution like [1] in future major releases. As you said it sometime might fell in false positives. Generally I found it hard to maintain it and its default values. Regarding your PR however I agree, it is better if Struts have it rather than nothing at all, specially now that it's already implemented. thanks! [1] https://struts.apache.org/security/#run-ognl-expressions-inside-sandbox > Add configuration option to exempt classes from OGNL package exclusions > --- > > Key: WW-5268 > URL: https://issues.apache.org/jira/browse/WW-5268 > Project: Struts 2 > Issue Type: Improvement > Components: Core >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.2.0 > > Time Spent: 10m > Remaining Estimate: 0h > > It is currently possible to exclude packages from OGNL evaluation using > `struts.excludedPackageNamePatterns` and `struts.excludedPackageNames`. > There may exist a scenario where you wish to have certain packages > excluded/blocklisted by default, but exempt specific classes from these > packages that have been assessed to be safe. -- This message was sent by Atlassian Jira (v8.20.10#820010)
