/struts2-uel-plugin/src/test/java/org/apache/struts2/uel/VulnerabilityTest.java
https://github.com/apache/struts-sandbox · Java · 100 lines · 61 code · 15 blank · 24 comment · 0 complexity · c46cc0b6b4b73f6f0541d4cfe78c86b2 MD5 · raw file
- /*
- * $Id$
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
- package org.apache.struts2.uel;
-
- import com.opensymphony.xwork2.ActionContext;
- import com.opensymphony.xwork2.util.CompoundRoot;
- import com.opensymphony.xwork2.util.ValueStack;
- import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
- import org.apache.struts2.StrutsTestCase;
-
- import javax.servlet.ServletContextEvent;
- import java.util.HashMap;
- import java.util.Map;
-
- public class VulnerabilityTest extends StrutsTestCase {
-
- public void testMethodsAreNotInvokedUnlessDenyMethodExecutionIsTrue() {
- CompoundRoot root = new CompoundRoot();
- ValueStack stack = new UELValueStack(container);
- TestObject obj = new TestObject();
- root.push(obj);
-
- Map contextMap = stack.getContext();
- ReflectionContextState.setCreatingNullObjects(contextMap, true);
- ReflectionContextState.setDenyMethodExecution(contextMap, true);
- ReflectionContextState.setReportingConversionErrors(contextMap, true);
-
- //simple
- stack.findValue("top.invoke()");
- assertFalse(obj.wasInvoked());
-
- //nested
- TestObject nested = new TestObject();
- obj.setInner(nested);
- stack.findValue("top.inner.invoke()");
- assertFalse(nested.wasInvoked());
- }
-
- public void testParametersDoesNotAffectSession() throws Exception {
- HashMap<String, Object> session = new HashMap<String, Object>();
- ValueStack stack = ActionContext.getContext().getValueStack();
- stack.getContext().put("session", session);
- assertSame(session, stack.findValue("#session"));
-
- //make sure that values can tb set in session
- stack.setValue("#session['clean']", "clean");
- assertEquals("clean", stack.findValue("#session['clean']"));
-
- Map<String, Object> params = new HashMap<String, Object>();
- params.put("bar", "123");
- params.put("#session.foo", "Foo");
- params.put("\u0023session[\'user\']", "0wn3d");
- params.put("\\u0023session[\'user\']", "0wn3d");
- params.put("\u0023session.user2", "0wn3d");
- params.put("\\u0023session.user2", "0wn3d");
- params.put("('\u0023'%20%2b%20'session[\'user3\']')(unused)", "0wn3d");
- params.put("('\\u0023' + 'session[\\'user4\\']')(unused)", "0wn3d");
- params.put("('\u0023'%2b'session[\'user5\']')(unused)", "0wn3d");
- params.put("('\\u0023'%2b'session[\'user5\']')(unused)", "0wn3d");
- request.setParameters(params);
-
- executeAction("/test/test.action");
-
- assertEquals(123, findValueAfterExecute("top.bar"));
- assertNull(session.get("foo"));
- assertNull(session.get("user"));
- assertNull(session.get("user2"));
- assertNull(session.get("user3"));
- assertNull(session.get("user4"));
- assertNull(session.get("user5"));
- }
-
-
- @Override
- protected void setUp() throws Exception {
- super.setUp();
-
- //simulate start up
- UELServletContextListener listener = new UELServletContextListener();
- listener.contextInitialized(new ServletContextEvent(servletContext));
- }
- }