use of com.opensymphony.xwork2.SimpleAction in project struts by apache.
the class ValidateAction method testExcludedTrickyParameters.
public void testExcludedTrickyParameters() throws Exception {
Map<String, Object> params = new HashMap<String, Object>() {
{
put("blah", "This is blah");
put("name", "try_1");
put("(name)", "try_2");
put("['name']", "try_3");
put("['na' + 'me']", "try_4");
put("{name}[0]", "try_5");
put("(new string{'name'})[0]", "try_6");
put("#{key: 'name'}.key", "try_7");
}
};
HashMap<String, Object> extraContext = new HashMap<>();
extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
ActionConfig config = configuration.getRuntimeConfiguration().getActionConfig("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME);
ParametersInterceptor pi = (ParametersInterceptor) config.getInterceptors().get(0).getInterceptor();
pi.setExcludeParams("name");
proxy.execute();
SimpleAction action = (SimpleAction) proxy.getAction();
assertNull(action.getName());
assertEquals("This is blah", (action).getBlah());
}
use of com.opensymphony.xwork2.SimpleAction in project struts by apache.
the class ValidateAction method testEvalExpressionAsParameterName.
/**
* This test demonstrates a vulnerability which allows to execute arbitrary code.
* For further details and explanations see https://cwiki.apache.org/confluence/display/WW/S2-009
*
* @throws Exception
*/
public void testEvalExpressionAsParameterName() throws Exception {
Map<String, Object> params = new HashMap<>();
params.put("blah", "(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new " + "java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new java.lang.Boolean(true), " + "@java.lang.Runtime@getRuntime().exec('mkdir /tmp/PWNAGE'))(meh)");
params.put("top['blah'](0)", "true");
HashMap<String, Object> extraContext = new HashMap<>();
extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
proxy.execute();
@SuppressWarnings("unused") SimpleAction action = (SimpleAction) proxy.getAction();
File pwn = new File("/tmp/PWNAGE");
boolean dirExists = pwn.exists();
@SuppressWarnings("unused") boolean deleted = pwn.delete();
Assert.assertFalse("Remote exploit: The PWN folder has been created", dirExists);
}
use of com.opensymphony.xwork2.SimpleAction in project struts by apache.
the class ValidateAction method testBeanListSingleValue.
public void testBeanListSingleValue() throws Exception {
Map<String, Object> params = new HashMap<>();
params.put("beanList.name", new String[] { "Superman" });
HashMap<String, Object> extraContext = new HashMap<>();
extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
proxy.execute();
SimpleAction action = (SimpleAction) proxy.getAction();
assertNotNull(action);
assertNotNull(action.getBeanList());
assertFalse(action.getBeanList().isEmpty());
}
use of com.opensymphony.xwork2.SimpleAction in project struts by apache.
the class ValidateAction method testParametersNotAccessPrivateVariables.
public void testParametersNotAccessPrivateVariables() throws Exception {
Map<String, Object> params = new HashMap<>();
params.put("protectedMap.foo", "This is blah");
params.put("theProtectedMap.boo", "This is blah");
HashMap<String, Object> extraContext = new HashMap<>();
extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
proxy.execute();
SimpleAction action = (SimpleAction) proxy.getAction();
assertEquals(1, action.getTheProtectedMap().size());
assertNotNull(action.getTheProtectedMap().get("boo"));
assertNull(action.getTheProtectedMap().get("foo"));
}
use of com.opensymphony.xwork2.SimpleAction in project struts by apache.
the class ScopedModelDrivenInterceptorTest method testNoScopedModelAction.
public void testNoScopedModelAction() throws Exception {
Action action = new SimpleAction();
MockActionInvocation mai = new MockActionInvocation();
MockActionProxy map = new MockActionProxy();
ActionConfig ac = new ActionConfig.Builder("", "", "").build();
map.setConfig(ac);
mai.setAction(action);
mai.setProxy(map);
inter.intercept(mai);
inter.destroy();
// nothing happends
}
Aggregations