github-advanced-security[bot] commented on code in PR #1084: URL: https://github.com/apache/struts/pull/1084#discussion_r1804135403
########## core/src/main/java/org/apache/struts2/ActionSupport.java: ########## @@ -0,0 +1,371 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.struts2; + +import com.opensymphony.xwork2.Action; +import com.opensymphony.xwork2.ActionContext; +import com.opensymphony.xwork2.LocaleProvider; +import com.opensymphony.xwork2.LocaleProviderFactory; +import com.opensymphony.xwork2.TextProvider; +import com.opensymphony.xwork2.TextProviderFactory; +import com.opensymphony.xwork2.Validateable; +import com.opensymphony.xwork2.ValidationAwareSupport; +import com.opensymphony.xwork2.conversion.impl.ConversionData; +import com.opensymphony.xwork2.inject.Container; +import com.opensymphony.xwork2.inject.Inject; +import com.opensymphony.xwork2.interceptor.ValidationAware; +import com.opensymphony.xwork2.util.ValueStack; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.Serializable; +import java.util.Arrays; +import java.util.Collection; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.ResourceBundle; + +/** + * Provides a default implementation for the most common actions. + * See the documentation for all the interfaces this class implements for more detailed information. + */ +public class ActionSupport implements com.opensymphony.xwork2.Action, Validateable, ValidationAware, TextProvider, LocaleProvider, Serializable { + + private static final Logger LOG = LogManager.getLogger(ActionSupport.class); + + private final ValidationAwareSupport validationAware = new ValidationAwareSupport(); + + private transient TextProvider textProvider; + private transient LocaleProvider localeProvider; + + protected Container container; + + @Override + public void setActionErrors(Collection<String> errorMessages) { + validationAware.setActionErrors(errorMessages); + } + + @Override + public Collection<String> getActionErrors() { + return validationAware.getActionErrors(); + } + + @Override + public void setActionMessages(Collection<String> messages) { + validationAware.setActionMessages(messages); + } + + @Override + public Collection<String> getActionMessages() { + return validationAware.getActionMessages(); + } + + @Override + public void setFieldErrors(Map<String, List<String>> errorMap) { + validationAware.setFieldErrors(errorMap); + } + + @Override + public Map<String, List<String>> getFieldErrors() { + return validationAware.getFieldErrors(); + } + + @Override + public Locale getLocale() { + return getLocaleProvider().getLocale(); + } + + @Override + public boolean isValidLocaleString(String localeStr) { + return getLocaleProvider().isValidLocaleString(localeStr); + } + + @Override + public boolean isValidLocale(Locale locale) { + return getLocaleProvider().isValidLocale(locale); + } + + @Override + public Locale toLocale(String localeStr) { + return getLocaleProvider().toLocale(localeStr); + } + + @Override + public boolean hasKey(String key) { + return getTextProvider().hasKey(key); + } + + @Override + public String getText(String aTextName) { + return getTextProvider().getText(aTextName); + } + + @Override + public String getText(String aTextName, String defaultValue) { + return getTextProvider().getText(aTextName, defaultValue); + } + + @Override + public String getText(String aTextName, String defaultValue, String obj) { + return getTextProvider().getText(aTextName, defaultValue, obj); + } + + @Override + public String getText(String aTextName, List<?> args) { + return getTextProvider().getText(aTextName, args); + } + + @Override + public String getText(String key, String[] args) { + return getTextProvider().getText(key, args); + } + + @Override + public String getText(String aTextName, String defaultValue, List<?> args) { + return getTextProvider().getText(aTextName, defaultValue, args); + } + + @Override + public String getText(String key, String defaultValue, String[] args) { + return getTextProvider().getText(key, defaultValue, args); + } + + @Override + public String getText(String key, String defaultValue, List<?> args, ValueStack stack) { + return getTextProvider().getText(key, defaultValue, args, stack); Review Comment: ## OGNL Expression Language statement with user-controlled input OGNL Expression Language statement depends on a [user-provided value](1). OGNL Expression Language statement depends on a [user-provided value](2). [Show more details](https://github.com/apache/struts/security/code-scanning/668) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
