Throws away methods that doesn't match pattern

apache · May 12, 2016 · 2374325 · 2374325
1 parent ca25476
commit 2374325
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 15 deletions.
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
@@ -33,6 +33,7 @@
 import org.apache.struts2.RequestUtils;
 import org.apache.struts2.ServletActionContext;
 import org.apache.struts2.StrutsConstants;
+import org.apache.struts2.StrutsException;
 import org.apache.struts2.util.PrefixTrie;
 
 import javax.servlet.http.HttpServletRequest;
@@ -384,18 +385,7 @@ protected String cleanupActionName(final String rawActionName) {
         if (allowedActionNames.matcher(rawActionName).matches()) {
             return rawActionName;
         } else {
-            if (LOG.isWarnEnabled()) {
-                LOG.warn("Action/method [#0] does not match allowed action names pattern [#1], cleaning it up!",
-                        rawActionName, allowedActionNames);
-            }
-            String cleanActionName = rawActionName;
-            for (String chunk : allowedActionNames.split(rawActionName)) {
-                cleanActionName = cleanActionName.replace(chunk, "");
-            }
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Cleaned action/method name [#0]", cleanActionName);
-            }
-            return cleanActionName;
+            throw new StrutsException("Action [" + rawActionName + "] does not match allowed action names pattern [" + allowedActionNames + "]!");
         }
     }
 

diff --git a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
@@ -30,6 +30,7 @@
 import com.opensymphony.xwork2.config.entities.PackageConfig;
 import com.opensymphony.xwork2.config.impl.DefaultConfiguration;
 import org.apache.struts2.ServletActionContext;
+import org.apache.struts2.StrutsException;
 import org.apache.struts2.StrutsInternalTestCase;
 import org.apache.struts2.dispatcher.StrutsResultSupport;
 import org.apache.struts2.views.jsp.StrutsMockHttpServletRequest;
@@ -844,14 +845,37 @@ public void testAllowedActionNames() throws Exception {
         String actionName = "action";
         assertEquals(actionName, mapper.cleanupActionName(actionName));
 
+        Throwable expected = null;
+
         actionName = "${action}";
-        assertEquals("action", mapper.cleanupActionName(actionName));
+        try {
+            mapper.cleanupActionName(actionName);
+            fail();
+        } catch (Throwable t) {
+            expected = t;
+        }
+        assertTrue(expected instanceof StrutsException);
+        assertEquals("Action [${action}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
 
         actionName = "${${%{action}}}";
-        assertEquals("action", mapper.cleanupActionName(actionName));
+        try {
+            mapper.cleanupActionName(actionName);
+            fail();
+        } catch (Throwable t) {
+            expected = t;
+        }
+        assertTrue(expected instanceof StrutsException);
+        assertEquals("Action [${${%{action}}}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
 
         actionName = "${#foo='action',#foo}";
-        assertEquals("fooactionfoo", mapper.cleanupActionName(actionName));
+        try {
+            mapper.cleanupActionName(actionName);
+            fail();
+        } catch (Throwable t) {
+            expected = t;
+        }
+        assertTrue(expected instanceof StrutsException);
+        assertEquals("Action [${#foo='action',#foo}] does not match allowed action names pattern [[a-zA-Z0-9._!/\\-]*]!", expected.getMessage());
 
         actionName = "test-action";
         assertEquals("test-action", mapper.cleanupActionName(actionName));