Return-Path: X-Original-To: apmail-struts-commits-archive@minotaur.apache.org Delivered-To: apmail-struts-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E9527117DB for ; Fri, 27 Jun 2014 11:23:40 +0000 (UTC) Received: (qmail 96481 invoked by uid 500); 27 Jun 2014 11:23:38 -0000 Delivered-To: apmail-struts-commits-archive@struts.apache.org Received: (qmail 96406 invoked by uid 500); 27 Jun 2014 11:23:38 -0000 Mailing-List: contact commits-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list commits@struts.apache.org Received: (qmail 96363 invoked by uid 99); 27 Jun 2014 11:23:38 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jun 2014 11:23:38 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 236C898D6D0; Fri, 27 Jun 2014 11:23:37 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: lukaszlenart@apache.org To: commits@struts.apache.org Date: Fri, 27 Jun 2014 11:24:02 -0000 Message-Id: <231c9fecbaca430d892d42fe38c1faa6@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [34/50] git commit: Moves security related classes to security package Moves security related classes to security package Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7faf91ab Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7faf91ab Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7faf91ab Branch: refs/heads/feature/WW-4295-localization Commit: 7faf91abe1987aa812655860b4e7ef1ad2f93644 Parents: 83b76b0 Author: Lukasz Lenart Authored: Mon May 19 09:59:23 2014 +0200 Committer: Lukasz Lenart Committed: Mon May 19 09:59:23 2014 +0200 ---------------------------------------------------------------------- core/src/main/resources/struts-default.xml | 2 +- .../struts2/TestConfigurationProvider.java | 2 +- .../interceptor/CookieInterceptorTest.java | 2 +- .../xwork2/DefaultExcludedPatternsChecker.java | 82 ------------------- .../providers/XWorkConfigurationProvider.java | 2 +- .../DefaultExcludedPatternsChecker.java | 83 ++++++++++++++++++++ .../security/ExcludedPatternsChecker.java | 82 +++++++++++++++++++ 7 files changed, 169 insertions(+), 86 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/main/resources/struts-default.xml ---------------------------------------------------------------------- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 2d74b4f..ecfa5cf 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -144,7 +144,7 @@ - + http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java index 9323f02..d9da6c4 100644 --- a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java +++ b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java @@ -24,7 +24,7 @@ package org.apache.struts2; import com.opensymphony.xwork2.Action; import com.opensymphony.xwork2.ActionProxyFactory; import com.opensymphony.xwork2.DefaultActionProxyFactory; -import com.opensymphony.xwork2.DefaultExcludedPatternsChecker; +import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker; import com.opensymphony.xwork2.ExcludedPatternsChecker; import com.opensymphony.xwork2.ObjectFactory; import com.opensymphony.xwork2.config.Configuration; http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java index 1f642f5..a531a69 100644 --- a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java +++ b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java @@ -27,7 +27,7 @@ import java.util.Map; import javax.servlet.http.Cookie; -import com.opensymphony.xwork2.DefaultExcludedPatternsChecker; +import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker; import com.opensymphony.xwork2.mock.MockActionInvocation; import org.easymock.MockControl; import org.springframework.mock.web.MockHttpServletRequest; http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java deleted file mode 100644 index eabd621..0000000 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java +++ /dev/null @@ -1,82 +0,0 @@ -package com.opensymphony.xwork2; - -import com.opensymphony.xwork2.inject.Inject; -import com.opensymphony.xwork2.util.TextParseUtil; -import com.opensymphony.xwork2.util.logging.Logger; -import com.opensymphony.xwork2.util.logging.LoggerFactory; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; -import java.util.regex.Pattern; - -public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker { - - private static final Logger LOG = LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class); - - public static final String[] EXCLUDED_PATTERNS = { - "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*", - "^dojo\\..*", - "^struts\\..*", - "^session\\..*", - "^request\\..*", - "^application\\..*", - "^servlet(Request|Response)\\..*", - "^parameters\\..*" - }; - - private Set excludedPatterns; - - public DefaultExcludedPatternsChecker() { - excludedPatterns = new HashSet(); - for (String pattern : EXCLUDED_PATTERNS) { - excludedPatterns.add(Pattern.compile(pattern)); - } - } - - @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = false) - public void setOverrideExcludePatterns(String excludePatterns) { - if (LOG.isWarnEnabled()) { - LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!", - XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, excludePatterns); - } - excludedPatterns = new HashSet(); - for (String pattern : TextParseUtil.commaDelimitedStringToSet(excludePatterns)) { - excludedPatterns.add(Pattern.compile(pattern)); - } - } - - public void addExcludedPatterns(String commaDelimitedPatterns) { - addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns)); - } - - public void addExcludedPatterns(String[] additionalPatterns) { - addExcludedPatterns(new HashSet(Arrays.asList(additionalPatterns))); - } - - public void addExcludedPatterns(Set additionalPatterns) { - if (LOG.isTraceEnabled()) { - LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns); - } - for (String pattern : additionalPatterns) { - excludedPatterns.add(Pattern.compile(pattern)); - } - } - - public IsExcluded isExcluded(String value) { - for (Pattern excludedPattern : excludedPatterns) { - if (excludedPattern.matcher(value).matches()) { - if (LOG.isTraceEnabled()) { - LOG.trace("[#0] matches excluded pattern [#1]", value, excludedPattern); - } - return IsExcluded.yes(excludedPattern); - } - } - return IsExcluded.no(); - } - - public Set getExcludedPatterns() { - return excludedPatterns; - } - -} http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java b/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java index c341d98..1a72206 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java @@ -2,7 +2,7 @@ package com.opensymphony.xwork2.config.providers; import com.opensymphony.xwork2.ActionProxyFactory; import com.opensymphony.xwork2.DefaultActionProxyFactory; -import com.opensymphony.xwork2.DefaultExcludedPatternsChecker; +import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker; import com.opensymphony.xwork2.DefaultLocaleProvider; import com.opensymphony.xwork2.DefaultTextProvider; import com.opensymphony.xwork2.DefaultUnknownHandlerManager; http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java new file mode 100644 index 0000000..f2abed6 --- /dev/null +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java @@ -0,0 +1,83 @@ +package com.opensymphony.xwork2.security; + +import com.opensymphony.xwork2.*; +import com.opensymphony.xwork2.inject.Inject; +import com.opensymphony.xwork2.util.TextParseUtil; +import com.opensymphony.xwork2.util.logging.Logger; +import com.opensymphony.xwork2.util.logging.LoggerFactory; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +import java.util.regex.Pattern; + +public class DefaultExcludedPatternsChecker implements com.opensymphony.xwork2.ExcludedPatternsChecker { + + private static final Logger LOG = LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class); + + public static final String[] EXCLUDED_PATTERNS = { + "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*", + "^dojo\\..*", + "^struts\\..*", + "^session\\..*", + "^request\\..*", + "^application\\..*", + "^servlet(Request|Response)\\..*", + "^parameters\\..*" + }; + + private Set excludedPatterns; + + public DefaultExcludedPatternsChecker() { + excludedPatterns = new HashSet(); + for (String pattern : EXCLUDED_PATTERNS) { + excludedPatterns.add(Pattern.compile(pattern)); + } + } + + @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = false) + public void setOverrideExcludePatterns(String excludePatterns) { + if (LOG.isWarnEnabled()) { + LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!", + XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, excludePatterns); + } + excludedPatterns = new HashSet(); + for (String pattern : TextParseUtil.commaDelimitedStringToSet(excludePatterns)) { + excludedPatterns.add(Pattern.compile(pattern)); + } + } + + public void addExcludedPatterns(String commaDelimitedPatterns) { + addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns)); + } + + public void addExcludedPatterns(String[] additionalPatterns) { + addExcludedPatterns(new HashSet(Arrays.asList(additionalPatterns))); + } + + public void addExcludedPatterns(Set additionalPatterns) { + if (LOG.isTraceEnabled()) { + LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns); + } + for (String pattern : additionalPatterns) { + excludedPatterns.add(Pattern.compile(pattern)); + } + } + + public IsExcluded isExcluded(String value) { + for (Pattern excludedPattern : excludedPatterns) { + if (excludedPattern.matcher(value).matches()) { + if (LOG.isTraceEnabled()) { + LOG.trace("[#0] matches excluded pattern [#1]", value, excludedPattern); + } + return IsExcluded.yes(excludedPattern); + } + } + return IsExcluded.no(); + } + + public Set getExcludedPatterns() { + return excludedPatterns; + } + +} http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java new file mode 100644 index 0000000..51751e9 --- /dev/null +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java @@ -0,0 +1,82 @@ +package com.opensymphony.xwork2.security; + +import java.util.Set; +import java.util.regex.Pattern; + +/** + * Used across different interceptors to check if given string matches one of the excluded patterns. + */ +public interface ExcludedPatternsChecker { + + /** + * Checks if value matches any of patterns on exclude list + * + * @param value to check + * @return object containing result of matched pattern and pattern itself + */ + public IsExcluded isExcluded(String value); + + /** + * Allows add additional excluded patterns during runtime + * + * @param commaDelimitedPatterns comma delimited string with patterns + */ + public void addExcludedPatterns(String commaDelimitedPatterns); + + /** + * Allows add additional excluded patterns during runtime + * + * @param additionalPatterns array of additional excluded patterns + */ + public void addExcludedPatterns(String[] additionalPatterns); + + /** + * Allows add additional excluded patterns during runtime + * + * @param additionalPatterns set of additional patterns + */ + public void addExcludedPatterns(Set additionalPatterns); + + /** + * Allow access list of all defined excluded patterns + * + * @return set of excluded patterns + */ + public Set getExcludedPatterns(); + + public final static class IsExcluded { + + private final boolean excluded; + private final Pattern excludedPattern; + + public static IsExcluded yes(Pattern excludedPattern) { + return new IsExcluded(true, excludedPattern); + } + + public static IsExcluded no() { + return new IsExcluded(false, null); + } + + private IsExcluded(boolean excluded, Pattern excludedPattern) { + this.excluded = excluded; + this.excludedPattern = excludedPattern; + } + + public boolean isExcluded() { + return excluded; + } + + public Pattern getExcludedPattern() { + return excludedPattern; + } + + @Override + public String toString() { + return "IsExcluded { " + + "excluded=" + excluded + + ", excludedPattern=" + excludedPattern + + " }"; + } + } + +}