[
https://issues.apache.org/jira/browse/WW-4062?focusedWorklogId=929504&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-929504
]
ASF GitHub Bot logged work on WW-4062:
--------------------------------------
Author: ASF GitHub Bot
Created on: 09/Aug/24 10:03
Start Date: 09/Aug/24 10:03
Worklog Time Spent: 10m
Work Description: sonarcloud[bot] commented on PR #1013:
URL: https://github.com/apache/struts/pull/1013#issuecomment-2277599371
## [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1013)
**Quality Gate failed**
Failed conditions
 [10 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=1013&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)
 [31.1% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1013&metric=new_coverage&view=list)
(required ≥ 80%)
 [3.9% Duplication on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1013&metric=new_duplicated_lines_density&view=list)
(required ≤ 3%)
 [E Reliability Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1013)
(required ≥ A)
 [E Security Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1013)
(required ≥ A)
[See analysis details on
SonarCloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1013)
##
 Catch issues before they fail your Quality Gate with our IDE extension
[SonarLint](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)
Issue Time Tracking
-------------------
Worklog Id: (was: 929504)
Time Spent: 20m (was: 10m)
> Invalid OGNL expressions are not cached
> ---------------------------------------
>
> Key: WW-4062
> URL: https://issues.apache.org/jira/browse/WW-4062
> Project: Struts 2
> Issue Type: Bug
> Components: Value Stack
> Affects Versions: 2.3.14
> Reporter: Saulius Tvarijonas
> Priority: Major
> Fix For: 6.7.0
>
> Attachments: WW-4062.PNG
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> I am using velocity to render results page. During performance optimizations
> I noticed significant memory usage from
> *com.opensymphony.xwork2.ognl.OgnlUtil#compile*. There is caching implemented
> in OgnlUtil, but if expression compilation fails, it is not cached.
> I am not really sure if this problem is in struts or velocity engine. But
> situation is following:
> # In velocity template trying to render string *<p>$!foo</p>*
> # If value is null, velocity calls
> *org.apache.velocity.runtime.parser.node.ASTReference#getNullString*
> # Internally there is call to *context.get(".literal." + nullString)*
> # And this ".literal." expression always reaches *OgnlUtil#compile* and
> compilation fails.
> Below is stacktrace for more details:
> {code}
> at com.opensymphony.xwork2.ognl.OgnlUtil.compile(OgnlUtil.java:248)
> at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:236)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:291)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:274)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:256)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:236)
> at
> com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:298)
> at
> org.apache.struts2.dispatcher.StrutsRequestWrapper.getAttribute(StrutsRequestWrapper.java:82)
> at org.apache.velocity.tools.view.context.ChainedContext.getAttribute(Unknown
> Source:-1)
> at org.apache.velocity.tools.view.context.ChainedContext.internalGet(Unknown
> Source:-1)
> at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193)
> at
> org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:267)
> at
> org.apache.velocity.runtime.parser.node.ASTReference.getNullString(ASTReference.java:510)
> at
> org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:465)
> at
> org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
> at
> org.apache.velocity.runtime.parser.node.ASTStringLiteral.value(ASTStringLiteral.java:330)
> at
> org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
> at
> org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
> at
> org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
> at org.apache.velocity.runtime.directive.Parse.render(Parse.java:260)
> at
> org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
> at
> org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
> at org.apache.velocity.Template.merge(Template.java:356)
> at org.apache.velocity.Template.merge(Template.java:260)
> at
> org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156)
> at
> org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
