Fabrice Bibonne created WW-5525:
-----------------------------------
Summary: NPE raised when using `new` in a ognl expression in a tag
Key: WW-5525
URL: https://issues.apache.org/jira/browse/WW-5525
Project: Struts 2
Issue Type: Bug
Components: Core
Affects Versions: 7.0.0
Reporter: Fabrice Bibonne
In a jsp, if I use a tag such as `<s:property value="new
sample.ToBeInstanced('test').getValue()" />`, there is a silent failure when
the jsp is processed : the value of the tag is not printed out because of
silent NPE (the error is displayed in dev mode)
The error can be reproduced from this repository :
[https://github.com/FBibonne/basic-Struts-tag-error]
The first analyze indicates a bug inside the
`org.apache.struts2.ognl.SecurityMemberAccess` : it appears when an ognl
expression such as `(new com.mycompany.MyClass()).method()`
While processing security checks before the ognl runtime calls the constructor,
the program executes the method
`org.apache.struts2.ognl.SecurityMemberAccess#isAccessible`
Inside this method, we pass through _the case where target is a class object_ .
At the end of this block, the `target` becomes null (line 153). So the next
test (`org.apache.struts2.ognl.SecurityMemberAccess#checkProxyObjectAccess`,
line 160)
Is executed with target as null. But as `checkProxyObjectAccess ` calls `
ProxyUtil.isProxy(target)` with target as null, it raises a
NullPointerException.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
