(struts) 02/02: WW-5525 Fixes NPE when checking if expressions is acceptable

Sun, 16 Feb 2025 23:55:32 -0800 

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch WW-5525-proxyutil-npe-67
in repository https://gitbox.apache.org/repos/asf/struts.git

commit fc9f0f9014ae647455ce1d2d67a7d5cb68b77988
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Sat Feb 1 07:40:18 2025 +0100

    WW-5525 Fixes NPE when checking if expressions is acceptable
    
    (cherry picked from commit 9fee06cea030447c4bae650bde40282a93e85cd2)
---
 .../xwork2/ognl/SecurityMemberAccessProxyTest.java | 88 ++++++++++++++++++++++
 1 file changed, 88 insertions(+)

diff --git 
a/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
 
b/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
index 885665a12..7a9d017fe 100644
--- 
a/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
+++ 
b/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
@@ -31,6 +31,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
 public class SecurityMemberAccessProxyTest extends XWorkJUnit4TestCase {
@@ -87,4 +88,91 @@ public class SecurityMemberAccessProxyTest extends 
XWorkJUnit4TestCase {
         assertTrue(sma.isAccessible(context, proxy.getAction(), 
proxyObjectProxyMember, ""));
         assertTrue(sma.isAccessible(context, proxy.getAction(), 
proxyObjectNonProxyMember, ""));
     }
+
+    @Test
+    public void nullTargetAndTargetAndMemberNotAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
+        assertTrue(sma.isAccessible(context, null, proxyObjectProxyMember, 
""));
+    }
+
+    @Test
+    public void nullTargetAndTargetAllowedAndMemberNotAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
+        assertTrue(sma.isAccessible(context, null, proxyObjectProxyMember, 
""));
+    }
+
+    @Test
+    public void nullTargetAndTargetAndMemberAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString());
+        assertTrue(sma.isAccessible(context, null, proxyObjectProxyMember, 
""));
+    }
+
+    @Test
+    public void nullMemberAndTargetAndMemberNotAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
+        Object action = proxy.getAction();
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, action, null, ""));
+    }
+
+    @Test
+    public void nullMemberAndTargetAllowedAndMemberNotAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
+        Object action = proxy.getAction();
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, action, null, ""));
+    }
+
+    @Test
+    public void nullMemberAndTargetNotAllowedAndMemberAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString());
+        Object action = proxy.getAction();
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, action, null, ""));
+    }
+
+    @Test
+    public void nullTargetAndMemberAndTargetAndMemberNotAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, null, null, ""));
+    }
+
+    @Test
+    public void nullTargetAndMemberAndTargetNotAllowedAndMemberAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString());
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, null, null, ""));
+    }
+
+    @Test
+    public void nullTargetAndMemberAndTargetAllowedAndMemberNotAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, null, null, ""));
+    }
+
+    @Test
+    public void nullTargetAndMemberAndTargetAndMemberAllowed() {
+        sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString());
+        sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString());
+        assertThrows("Member cannot be null!", IllegalArgumentException.class,
+                () -> sma.isAccessible(context, null, null, ""));
+    }
+
+    @Test
+    public void nullPropertyName() {
+        sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString());
+        Object action = proxy.getAction();
+        assertTrue(sma.isAccessible(context, action, proxyObjectProxyMember, 
null));
+    }
 }

Reply via email to