Return-Path: 
 <commits-return-13155-apmail-struts-commits-archive=struts.apache.org@struts.apache.org>
X-Original-To: apmail-struts-commits-archive@minotaur.apache.org
Delivered-To: apmail-struts-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8C5F3116B9
	for <apmail-struts-commits-archive@minotaur.apache.org>;
 Wed, 18 Jun 2014 06:49:29 +0000 (UTC)
Received: (qmail 81629 invoked by uid 500); 18 Jun 2014 06:49:21 -0000
Delivered-To: apmail-struts-commits-archive@struts.apache.org
Received: (qmail 81568 invoked by uid 500); 18 Jun 2014 06:49:21 -0000
Mailing-List: contact commits-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@struts.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@struts.apache.org>
List-Post: <mailto:commits@struts.apache.org>
List-Id: <commits.struts.apache.org>
Reply-To: dev@struts.apache.org
Delivered-To: mailing list commits@struts.apache.org
Received: (qmail 81522 invoked by uid 99); 18 Jun 2014 06:49:21 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jun 2014 06:49:21 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 97D3183B360; Wed, 18 Jun 2014 06:49:21 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: lukaszlenart@apache.org
To: commits@struts.apache.org
Date: Wed, 18 Jun 2014 06:49:41 -0000
Message-Id: <e5db2f794e034d62aa3170c6764df9ff@git.apache.org>
In-Reply-To: <20bec4e476d24a2e80ce3caab9f07683@git.apache.org>
References: <20bec4e476d24a2e80ce3caab9f07683@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [24/50] git commit: Converts class with patterns into Struts bean

Converts class with patterns into Struts bean


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/65c023b6
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/65c023b6
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/65c023b6

Branch: refs/heads/develop
Commit: 65c023b6f3e848fae13135ee90c101a0d0e2f262
Parents: 08b44fd
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Mon May 12 08:26:12 2014 +0200
Committer: Lukasz Lenart <lukaszlenart@apache.org>
Committed: Mon May 12 08:26:12 2014 +0200

----------------------------------------------------------------------
 core/src/main/resources/struts-default.xml      |   4 +
 .../opensymphony/xwork2/ExcludedPatterns.java   |  22 ---
 .../xwork2/ExcludedPatternsChecker.java         | 135 +++++++++++++++++++
 3 files changed, 139 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/core/src/main/resources/struts-default.xml
----------------------------------------------------------------------
diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml
index 1f37ea2..554a8ba 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,6 +144,10 @@
     <bean type="ognl.PropertyAccessor" name="java.util.HashSet" class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" />
     <bean type="ognl.PropertyAccessor" name="java.util.HashMap" class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor" />
 
+    <bean type="com.opensymphony.xwork2.ExcludedPatternsChecker" name="struts" class="com.opensymphony.xwork2.ExcludedPatternsChecker" scope="request"/>
+
+    <constant name="struts.excludedPatterns.checker" value="struts"/>
+
     <package name="struts-default" abstract="true">
         <result-types>
             <result-type name="chain" class="com.opensymphony.xwork2.ActionChainResult"/>

http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
deleted file mode 100644
index b618a52..0000000
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package com.opensymphony.xwork2;
-
-/**
- * ExcludedPatterns contains hard-coded patterns that must be rejected by {@link com.opensymphony.xwork2.interceptor.ParametersInterceptor}
- * and partially in CookInterceptor
- */
-public class ExcludedPatterns {
-
-    public static final String CLASS_ACCESS_PATTERN = "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*";
-
-    public static final String[] EXCLUDED_PATTERNS = {
-            CLASS_ACCESS_PATTERN,
-            "^dojo\\..*",
-            "^struts\\..*",
-            "^session\\..*",
-            "^request\\..*",
-            "^application\\..*",
-            "^servlet(Request|Response)\\..*",
-            "^parameters\\..*"
-    };
-
-}

http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
new file mode 100644
index 0000000..ee3eea6
--- /dev/null
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
@@ -0,0 +1,135 @@
+package com.opensymphony.xwork2;
+
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Used across different interceptors to check if given string matches one of the excluded patterns.
+ * User has two options to change its behaviour:
+ * - define new set of patterns with <constant name="struts.override.excludedPatterns" value=".."/>
+ * - override this class and use then extension point <constant name="struts.excludedPatterns.checker" value="myChecker"/>
+ *   to inject it in appropriated places
+ */
+public class ExcludedPatternsChecker {
+
+    private static final Logger LOG = LoggerFactory.getLogger(ExcludedPatternsChecker.class);
+
+    public static final String[] EXCLUDED_PATTERNS = {
+            "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
+            "^dojo\\..*",
+            "^struts\\..*",
+            "^session\\..*",
+            "^request\\..*",
+            "^application\\..*",
+            "^servlet(Request|Response)\\..*",
+            "^parameters\\..*"
+    };
+
+    private Set<Pattern> excludedPatterns;
+
+    public ExcludedPatternsChecker() {
+        excludedPatterns = new HashSet<Pattern>();
+        for (String pattern : EXCLUDED_PATTERNS) {
+            excludedPatterns.add(Pattern.compile(pattern));
+        }
+    }
+
+    @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = false)
+    public void setOverrideExcludePatterns(String excludePatterns) {
+        if (LOG.isWarnEnabled()) {
+            LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!",
+                    XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, excludePatterns);
+        }
+        excludedPatterns = new HashSet<Pattern>();
+        for (String pattern : TextParseUtil.commaDelimitedStringToSet(excludePatterns)) {
+            excludedPatterns.add(Pattern.compile(pattern));
+        }
+    }
+
+    /**
+     * Allows add additional excluded patterns during runtime
+     *
+     * @param commaDelimitedPatterns comma delimited string with patterns
+     */
+    public void addExcludedPatterns(String commaDelimitedPatterns) {
+        addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
+    }
+
+    /**
+     * Allows add additional excluded patterns during runtime
+     *
+     * @param additionalPatterns array of additional excluded patterns
+     */
+    public void addExcludedPatterns(String[] additionalPatterns) {
+        addExcludedPatterns(new HashSet<String>(Arrays.asList(additionalPatterns)));
+    }
+
+    /**
+     * Allows add additional excluded patterns during runtime
+     *
+     * @param additionalPatterns set of additional patterns
+     */
+    public void addExcludedPatterns(Set<String> additionalPatterns) {
+        if (LOG.isTraceEnabled()) {
+            LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns);
+        }
+        for (String pattern : additionalPatterns) {
+            excludedPatterns.add(Pattern.compile(pattern));
+        }
+    }
+
+    public IsExcluded isExcluded(String value) {
+        for (Pattern excludedPattern : excludedPatterns) {
+            if (excludedPattern.matcher(value).matches()) {
+                if (LOG.isTraceEnabled()) {
+                    LOG.trace("[#0] matches excluded pattern [#1]", value, excludedPattern);
+                }
+                return IsExcluded.yes(excludedPattern);
+            }
+        }
+        return IsExcluded.no();
+    }
+
+    public final static class IsExcluded {
+
+        private final boolean excluded;
+        private final Pattern excludedPattern;
+
+        public static IsExcluded yes(Pattern excludedPattern) {
+            return new IsExcluded(true, excludedPattern);
+        }
+
+        public static IsExcluded no() {
+            return new IsExcluded(false, null);
+        }
+
+        private IsExcluded(boolean excluded, Pattern excludedPattern) {
+            this.excluded = excluded;
+            this.excludedPattern = excludedPattern;
+        }
+
+        public boolean isExcluded() {
+            return excluded;
+        }
+
+        public Pattern getExcludedPattern() {
+            return excludedPattern;
+        }
+
+        @Override
+        public String toString() {
+            return "IsExcluded { " +
+                    "excluded=" + excluded +
+                    ", excludedPattern=" + excludedPattern +
+                    " }";
+        }
+    }
+
+}