New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#23900 fixing ajax vulnerabilities reported by sonar #23911
Conversation
Postman Tests Report 54 files ±0 737 suites ±0 1h 30m 14s ⏱️ - 2m 5s For more details on these failures, see this check. Results for commit d07c834. ± Comparison against base commit aa04d26. ♻️ This comment has been updated with latest results. |
Integration Tests [postgres] Report 425 files ±0 425 suites ±0 1h 10m 50s ⏱️ + 12m 18s For more details on these failures, see this check. Results for commit d07c834. ± Comparison against base commit aa04d26. ♻️ This comment has been updated with latest results. |
Integration Tests [mssql] Report 424 files ±0 424 suites ±0 2h 31m 48s ⏱️ - 5m 30s For more details on these failures, see this check. Results for commit d07c834. ± Comparison against base commit aa04d26. ♻️ This comment has been updated with latest results. |
@@ -266,4 +267,19 @@ private void remove () { | |||
|
|||
} | |||
|
|||
@Override | |||
protected Set<String> getAllowedCommands() { | |||
return Set.of( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't be a constant static
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had it as a class field. non-static but Mockito wouldnt see the results when calling the real method so ended up inlining the Set instantiation. It isn't a big penalti performance wise @jdotcms
* @throws NoSuchMethodException | ||
*/ | ||
@VisibleForTesting | ||
Method getMethod(String method, Class<?>... parameterTypes ) throws NoSuchMethodException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a ReflectionUtils, may be better there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First this is a deprecated class Im not spending too much effort on it.. and the only reason I extracted that logic into a separate method was to verify that the method gets called using mokito @jdotcms
*/ | ||
@Override | ||
protected Set<String> getAllowedCommands() { | ||
return Set.of( "action", "reorder", "delete", "add", "save", "deleteActionForStep" ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same constant
*/ | ||
@VisibleForTesting | ||
Method getMethod(String method, Class<?>... parameterTypes ) throws NoSuchMethodException { | ||
return this.getClass().getMethod(method, parameterTypes); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it seems the method is repeat
Proposed Changes