[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=898425&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-898425 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 08/Jan/24 11:03 Start Date: 08/Jan/24 11:03 Worklog Time Spent: 10m Work Description: kusalk closed pull request #840: WW-5379 Add one more method to provide Velocity directives with ValueStack URL: https://github.com/apache/struts/pull/840 Issue Time Tracking --- Worklog Id: (was: 898425) Time Spent: 2.5h (was: 2h 20m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=898426&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-898426 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 08/Jan/24 11:03 Start Date: 08/Jan/24 11:03 Worklog Time Spent: 10m Work Description: kusalk commented on PR #840: URL: https://github.com/apache/struts/pull/840#issuecomment-1880789716 Nevermind with this one too Issue Time Tracking --- Worklog Id: (was: 898426) Time Spent: 2h 40m (was: 2.5h) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=898409&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-898409 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 08/Jan/24 09:58 Start Date: 08/Jan/24 09:58 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #840: URL: https://github.com/apache/struts/pull/840#issuecomment-1880687722 ## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=840) **Quality Gate passed** Kudos, no new issues were introduced! [0 New issues](https://sonarcloud.io/project/issues?id=apache_struts&pullRequest=840&resolved=false&inNewCodePeriod=true) [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=840&resolved=false&inNewCodePeriod=true) [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=840&metric=new_coverage&view=list) [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=840&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=840) Issue Time Tracking --- Worklog Id: (was: 898409) Time Spent: 2h 20m (was: 2h 10m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 2h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=898405&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-898405 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 08/Jan/24 09:52 Start Date: 08/Jan/24 09:52 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #840: URL: https://github.com/apache/struts/pull/840 WW-5379 -- Issue Time Tracking --- Worklog Id: (was: 898405) Time Spent: 2h 10m (was: 2h) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897733&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897733 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 03/Jan/24 00:41 Start Date: 03/Jan/24 00:41 Worklog Time Spent: 10m Work Description: kusalk merged PR #822: URL: https://github.com/apache/struts/pull/822 Issue Time Tracking --- Worklog Id: (was: 897733) Time Spent: 2h (was: 1h 50m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 2h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897722&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897722 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 02/Jan/24 19:28 Start Date: 02/Jan/24 19:28 Worklog Time Spent: 10m Work Description: lukaszlenart commented on code in PR #822: URL: https://github.com/apache/struts/pull/822#discussion_r1439750640 ## plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java: ## @@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) { return null; } for (VelocityContext chainedContext : chainedContexts) { -Object val = chainedContext.internalGet(key); +Object val = chainedContext.get(key); if (val != null) { return val; } } return null; } + +public ValueStack getValueStack() { +return stack; +} Review Comment: It shouldn't change as far I understand, yet I'm not sure if this is true :) Let's leave it as is, at some point I will solve this puzzle ;-) Issue Time Tracking --- Worklog Id: (was: 897722) Time Spent: 1h 50m (was: 1h 40m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 1h 50m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897638&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897638 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 02/Jan/24 10:32 Start Date: 02/Jan/24 10:32 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #822: URL: https://github.com/apache/struts/pull/822#issuecomment-1873852402 ## [![Quality Gate Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png 'Quality Gate Failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) **Quality Gate failed** Failed conditions [10 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=822&resolved=false&inNewCodePeriod=true) [28.5% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_coverage&view=list) (required ≥ 80%) [4.1% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_duplicated_lines_density&view=list) (required ≤ 3%) [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'SonarLint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 897638) Time Spent: 1h 40m (was: 1.5h) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 1h 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897635&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897635 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 02/Jan/24 10:12 Start Date: 02/Jan/24 10:12 Worklog Time Spent: 10m Work Description: kusalk commented on code in PR #822: URL: https://github.com/apache/struts/pull/822#discussion_r1439307636 ## plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java: ## @@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) { return null; } for (VelocityContext chainedContext : chainedContexts) { -Object val = chainedContext.internalGet(key); +Object val = chainedContext.get(key); if (val != null) { return val; } } return null; } + +public ValueStack getValueStack() { +return stack; +} Review Comment: I think it has to be but I wonder if Directives can simply obtain the ValueStack from the ActionContext? It's not clear to me if the ValueStack on the ActionContext changes between the time of Velocity context creation and directive rendering. I recall this was how the ValueStack was obtained in WebWork 2.1 but I presume it was changed for a reason? But also, there's no change in terms of security as the stack was already exposed on the `StrutsVelocityContext` instance using `internalGet("stack")` or `get("stack")`. And yep I can definitely use a marker interface to allow more flexibility in the Velocity context implementation used by applications. Issue Time Tracking --- Worklog Id: (was: 897635) Time Spent: 1.5h (was: 1h 20m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897628&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897628 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 02/Jan/24 09:45 Start Date: 02/Jan/24 09:45 Worklog Time Spent: 10m Work Description: lukaszlenart commented on code in PR #822: URL: https://github.com/apache/struts/pull/822#discussion_r1439286738 ## plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java: ## @@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) { return null; } for (VelocityContext chainedContext : chainedContexts) { -Object val = chainedContext.internalGet(key); +Object val = chainedContext.get(key); if (val != null) { return val; } } return null; } + +public ValueStack getValueStack() { +return stack; +} Review Comment: Do we need to have this public? Also this requires to cast to `StrutsVelocityContext`, wouldn't be better to have a marking interface `ValueStackAware` or `ValueStackProvider` to expose the ValueStack? Issue Time Tracking --- Worklog Id: (was: 897628) Time Spent: 1h 20m (was: 1h 10m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897290&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897290 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 21:39 Start Date: 27/Dec/23 21:39 Worklog Time Spent: 10m Work Description: kusalk commented on code in PR #822: URL: https://github.com/apache/struts/pull/822#discussion_r1437263299 ## plugins/velocity/src/main/java/org/apache/struts2/views/velocity/components/AbstractDirective.java: ## @@ -57,8 +59,11 @@ public int getType() { protected abstract Component getBean(ValueStack stack, HttpServletRequest req, HttpServletResponse res); public boolean render(InternalContextAdapter ctx, Writer writer, Node node) throws IOException, ResourceNotFoundException, ParseErrorException, MethodInvocationException { -// get the bean -ValueStack stack = (ValueStack) ctx.get("stack"); +ValueStack stack = extractValueStack(ctx); +if (stack == null) { Review Comment: This shouldn't occur but left it for backwards compatibility in case there is a scenario I didn't foresee Issue Time Tracking --- Worklog Id: (was: 897290) Time Spent: 1h 10m (was: 1h) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897289&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897289 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 21:38 Start Date: 27/Dec/23 21:38 Worklog Time Spent: 10m Work Description: kusalk commented on code in PR #822: URL: https://github.com/apache/struts/pull/822#discussion_r1437263013 ## plugins/velocity/src/main/java/org/apache/struts2/views/velocity/StrutsVelocityContext.java: ## @@ -96,11 +96,15 @@ protected Object chainedContextGet(String key) { return null; } for (VelocityContext chainedContext : chainedContexts) { -Object val = chainedContext.internalGet(key); +Object val = chainedContext.get(key); Review Comment: Was technically a bug as we were failing to look at chained contexts within our chained contexts Issue Time Tracking --- Worklog Id: (was: 897289) Time Spent: 1h (was: 50m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 1h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897288&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897288 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 21:35 Start Date: 27/Dec/23 21:35 Worklog Time Spent: 10m Work Description: kusalk commented on PR #822: URL: https://github.com/apache/struts/pull/822#issuecomment-1870641672 (Again, SonarCloud is using the wrong base) Issue Time Tracking --- Worklog Id: (was: 897288) Time Spent: 50m (was: 40m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 50m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897287&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897287 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 21:25 Start Date: 27/Dec/23 21:25 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #822: URL: https://github.com/apache/struts/pull/822#issuecomment-1870636647 ## [![Quality Gate Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png 'Quality Gate Failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) **Quality Gate failed** Failed conditions [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=822&resolved=false&inNewCodePeriod=true) [28.5% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_coverage&view=list) (required ≥ 80%) [4.1% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_duplicated_lines_density&view=list) (required ≤ 3%) [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'SonarLint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 897287) Time Spent: 40m (was: 0.5h) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897286&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897286 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 20:50 Start Date: 27/Dec/23 20:50 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #822: URL: https://github.com/apache/struts/pull/822#issuecomment-1870618498 ## [![Quality Gate Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png 'Quality Gate Failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) **Quality Gate failed** Failed conditions [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=822&resolved=false&inNewCodePeriod=true) [28.5% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_coverage&view=list) (required ≥ 80%) [4.1% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_duplicated_lines_density&view=list) (required ≤ 3%) [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'SonarLint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 897286) Time Spent: 0.5h (was: 20m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897283&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897283 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 18:11 Start Date: 27/Dec/23 18:11 Worklog Time Spent: 10m Work Description: sonarcloud[bot] commented on PR #822: URL: https://github.com/apache/struts/pull/822#issuecomment-1870524035 ## [![Quality Gate Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png 'Quality Gate Failed')](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) **Quality Gate failed** Failed conditions [8 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=822&resolved=false&inNewCodePeriod=true) [28.5% Coverage on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_coverage&view=list) (required ≥ 80%) [4.1% Duplication on New Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=822&metric=new_duplicated_lines_density&view=list) (required ≤ 3%) [E Security Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [E Reliability Rating on New Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) (required ≥ A) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=822) ![idea](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/light_bulb-16px.png 'idea') Catch issues before they fail your Quality Gate with our IDE extension ![SonarLint](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/sonarlint-16px.png 'SonarLint') [SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request) Issue Time Tracking --- Worklog Id: (was: 897283) Time Spent: 20m (was: 10m) > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 20m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (WW-5379) Implement alternative mechanism for Velocity directives to obtain stack
[ https://issues.apache.org/jira/browse/WW-5379?focusedWorklogId=897282&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897282 ] ASF GitHub Bot logged work on WW-5379: -- Author: ASF GitHub Bot Created on: 27/Dec/23 18:02 Start Date: 27/Dec/23 18:02 Worklog Time Spent: 10m Work Description: kusalk opened a new pull request, #822: URL: https://github.com/apache/struts/pull/822 WW-5379 -- This affords applications the ability to not include the ValueStack as `$stack` in the Velocity context and reduce risk of SSTI escalation. Issue Time Tracking --- Worklog Id: (was: 897282) Remaining Estimate: 0h Time Spent: 10m > Implement alternative mechanism for Velocity directives to obtain stack > --- > > Key: WW-5379 > URL: https://issues.apache.org/jira/browse/WW-5379 > Project: Struts 2 > Issue Type: Improvement > Components: Plugin - Velocity >Reporter: Kusal Kithul-Godage >Priority: Minor > Fix For: 6.4.0 > > Time Spent: 10m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)