[
https://issues.apache.org/jira/browse/WW-5378?focusedWorklogId=897259&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-897259
]
ASF GitHub Bot logged work on WW-5378:
--------------------------------------
Author: ASF GitHub Bot
Created on: 27/Dec/23 13:41
Start Date: 27/Dec/23 13:41
Worklog Time Spent: 10m
Work Description: github-advanced-security[bot] commented on code in PR
#821:
URL: https://github.com/apache/struts/pull/821#discussion_r1437049858
##########
core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java:
##########
@@ -337,34 +337,16 @@
}
private Object tryFindValue(String expr) throws OgnlException {
- Object value;
- expr = lookupForOverrides(expr);
- if (defaultType != null) {
- value = findValue(expr, defaultType);
- } else {
- value = getValueUsingOgnl(expr);
- if (value == null) {
- value = findInContext(expr);
- }
- }
- return value;
+ return tryFindValue(expr, defaultType);
Review Comment:
## OGNL Expression Language statement with user-controlled input
OGNL Expression Language statement depends on a [user-provided value](1).
OGNL Expression Language statement depends on a [user-provided value](2).
OGNL Expression Language statement depends on a [user-provided value](3).
OGNL Expression Language statement depends on a [user-provided value](4).
OGNL Expression Language statement depends on a [user-provided value](5).
OGNL Expression Language statement depends on a [user-provided value](6).
OGNL Expression Language statement depends on a [user-provided value](7).
OGNL Expression Language statement depends on a [user-provided value](8).
OGNL Expression Language statement depends on a [user-provided value](9).
OGNL Expression Language statement depends on a [user-provided value](10).
OGNL Expression Language statement depends on a [user-provided value](11).
OGNL Expression Language statement depends on a [user-provided value](12).
[Show more
details](https://github.com/apache/struts/security/code-scanning/368)
##########
core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java:
##########
@@ -419,22 +401,19 @@
}
private Object tryFindValue(String expr, Class asType) throws
OgnlException {
- Object value = null;
try {
expr = lookupForOverrides(expr);
- value = getValue(expr, asType);
+ Object value = ognlUtil.getValue(expr, context, root, asType);
Review Comment:
## OGNL Expression Language statement with user-controlled input
OGNL Expression Language statement depends on a [user-provided value](1).
OGNL Expression Language statement depends on a [user-provided value](2).
OGNL Expression Language statement depends on a [user-provided value](3).
OGNL Expression Language statement depends on a [user-provided value](4).
OGNL Expression Language statement depends on a [user-provided value](5).
OGNL Expression Language statement depends on a [user-provided value](6).
OGNL Expression Language statement depends on a [user-provided value](7).
OGNL Expression Language statement depends on a [user-provided value](8).
OGNL Expression Language statement depends on a [user-provided value](9).
OGNL Expression Language statement depends on a [user-provided value](10).
OGNL Expression Language statement depends on a [user-provided value](11).
OGNL Expression Language statement depends on a [user-provided value](12).
[Show more
details](https://github.com/apache/struts/security/code-scanning/369)
Issue Time Tracking
-------------------
Worklog Id: (was: 897259)
Time Spent: 0.5h (was: 20m)
> Add option to not fallback to context lookup when finding value in
> OgnlValueStack
> ---------------------------------------------------------------------------------
>
> Key: WW-5378
> URL: https://issues.apache.org/jira/browse/WW-5378
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
