This is an automated email from the ASF dual-hosted git repository. kusal pushed a commit to branch WW-5525-proxyutil-npe-67 in repository https://gitbox.apache.org/repos/asf/struts.git
commit fc9f0f9014ae647455ce1d2d67a7d5cb68b77988 Author: Lukasz Lenart <lukaszlen...@apache.org> AuthorDate: Sat Feb 1 07:40:18 2025 +0100 WW-5525 Fixes NPE when checking if expressions is acceptable (cherry picked from commit 9fee06cea030447c4bae650bde40282a93e85cd2) --- .../xwork2/ognl/SecurityMemberAccessProxyTest.java | 88 ++++++++++++++++++++++ 1 file changed, 88 insertions(+) diff --git a/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java b/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java index 885665a12..7a9d017fe 100644 --- a/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java +++ b/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java @@ -31,6 +31,7 @@ import java.util.HashMap; import java.util.Map; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; public class SecurityMemberAccessProxyTest extends XWorkJUnit4TestCase { @@ -87,4 +88,91 @@ public class SecurityMemberAccessProxyTest extends XWorkJUnit4TestCase { assertTrue(sma.isAccessible(context, proxy.getAction(), proxyObjectProxyMember, "")); assertTrue(sma.isAccessible(context, proxy.getAction(), proxyObjectNonProxyMember, "")); } + + @Test + public void nullTargetAndTargetAndMemberNotAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString()); + assertTrue(sma.isAccessible(context, null, proxyObjectProxyMember, "")); + } + + @Test + public void nullTargetAndTargetAllowedAndMemberNotAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString()); + assertTrue(sma.isAccessible(context, null, proxyObjectProxyMember, "")); + } + + @Test + public void nullTargetAndTargetAndMemberAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString()); + assertTrue(sma.isAccessible(context, null, proxyObjectProxyMember, "")); + } + + @Test + public void nullMemberAndTargetAndMemberNotAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString()); + Object action = proxy.getAction(); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, action, null, "")); + } + + @Test + public void nullMemberAndTargetAllowedAndMemberNotAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString()); + Object action = proxy.getAction(); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, action, null, "")); + } + + @Test + public void nullMemberAndTargetNotAllowedAndMemberAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString()); + Object action = proxy.getAction(); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, action, null, "")); + } + + @Test + public void nullTargetAndMemberAndTargetAndMemberNotAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString()); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, null, null, "")); + } + + @Test + public void nullTargetAndMemberAndTargetNotAllowedAndMemberAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.TRUE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString()); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, null, null, "")); + } + + @Test + public void nullTargetAndMemberAndTargetAllowedAndMemberNotAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString()); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, null, null, "")); + } + + @Test + public void nullTargetAndMemberAndTargetAndMemberAllowed() { + sma.useDisallowProxyObjectAccess(Boolean.FALSE.toString()); + sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString()); + assertThrows("Member cannot be null!", IllegalArgumentException.class, + () -> sma.isAccessible(context, null, null, "")); + } + + @Test + public void nullPropertyName() { + sma.useDisallowProxyMemberAccess(Boolean.FALSE.toString()); + Object action = proxy.getAction(); + assertTrue(sma.isAccessible(context, action, proxyObjectProxyMember, null)); + } }