Search in sources :

Example 41 with SimpleAction

use of com.opensymphony.xwork2.SimpleAction in project struts by apache.

the class ValidateAction method testExcludedTrickyParameters.

public void testExcludedTrickyParameters() throws Exception {
    Map<String, Object> params = new HashMap<String, Object>() {

        {
            put("blah", "This is blah");
            put("name", "try_1");
            put("(name)", "try_2");
            put("['name']", "try_3");
            put("['na' + 'me']", "try_4");
            put("{name}[0]", "try_5");
            put("(new string{'name'})[0]", "try_6");
            put("#{key: 'name'}.key", "try_7");
        }
    };
    HashMap<String, Object> extraContext = new HashMap<>();
    extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
    ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
    ActionConfig config = configuration.getRuntimeConfiguration().getActionConfig("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME);
    ParametersInterceptor pi = (ParametersInterceptor) config.getInterceptors().get(0).getInterceptor();
    pi.setExcludeParams("name");
    proxy.execute();
    SimpleAction action = (SimpleAction) proxy.getAction();
    assertNull(action.getName());
    assertEquals("This is blah", (action).getBlah());
}
Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) ActionProxy(com.opensymphony.xwork2.ActionProxy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SimpleAction(com.opensymphony.xwork2.SimpleAction)

Example 42 with SimpleAction

use of com.opensymphony.xwork2.SimpleAction in project struts by apache.

the class ValidateAction method testEvalExpressionAsParameterName.

/**
 * This test demonstrates a vulnerability which allows to execute arbitrary code.
 * For further details and explanations see https://cwiki.apache.org/confluence/display/WW/S2-009
 *
 * @throws Exception
 */
public void testEvalExpressionAsParameterName() throws Exception {
    Map<String, Object> params = new HashMap<>();
    params.put("blah", "(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new " + "java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new java.lang.Boolean(true), " + "@java.lang.Runtime@getRuntime().exec('mkdir /tmp/PWNAGE'))(meh)");
    params.put("top['blah'](0)", "true");
    HashMap<String, Object> extraContext = new HashMap<>();
    extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
    ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
    proxy.execute();
    @SuppressWarnings("unused") SimpleAction action = (SimpleAction) proxy.getAction();
    File pwn = new File("/tmp/PWNAGE");
    boolean dirExists = pwn.exists();
    @SuppressWarnings("unused") boolean deleted = pwn.delete();
    Assert.assertFalse("Remote exploit: The PWN folder has been created", dirExists);
}
Also used : ActionProxy(com.opensymphony.xwork2.ActionProxy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SimpleAction(com.opensymphony.xwork2.SimpleAction) File(java.io.File)

Example 43 with SimpleAction

use of com.opensymphony.xwork2.SimpleAction in project struts by apache.

the class ValidateAction method testBeanListSingleValue.

public void testBeanListSingleValue() throws Exception {
    Map<String, Object> params = new HashMap<>();
    params.put("beanList.name", new String[] { "Superman" });
    HashMap<String, Object> extraContext = new HashMap<>();
    extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
    ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
    proxy.execute();
    SimpleAction action = (SimpleAction) proxy.getAction();
    assertNotNull(action);
    assertNotNull(action.getBeanList());
    assertFalse(action.getBeanList().isEmpty());
}
Also used : ActionProxy(com.opensymphony.xwork2.ActionProxy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SimpleAction(com.opensymphony.xwork2.SimpleAction)

Example 44 with SimpleAction

use of com.opensymphony.xwork2.SimpleAction in project struts by apache.

the class ValidateAction method testParametersNotAccessPrivateVariables.

public void testParametersNotAccessPrivateVariables() throws Exception {
    Map<String, Object> params = new HashMap<>();
    params.put("protectedMap.foo", "This is blah");
    params.put("theProtectedMap.boo", "This is blah");
    HashMap<String, Object> extraContext = new HashMap<>();
    extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
    ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
    proxy.execute();
    SimpleAction action = (SimpleAction) proxy.getAction();
    assertEquals(1, action.getTheProtectedMap().size());
    assertNotNull(action.getTheProtectedMap().get("boo"));
    assertNull(action.getTheProtectedMap().get("foo"));
}
Also used : ActionProxy(com.opensymphony.xwork2.ActionProxy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SimpleAction(com.opensymphony.xwork2.SimpleAction)

Example 45 with SimpleAction

use of com.opensymphony.xwork2.SimpleAction in project struts by apache.

the class ScopedModelDrivenInterceptorTest method testNoScopedModelAction.

public void testNoScopedModelAction() throws Exception {
    Action action = new SimpleAction();
    MockActionInvocation mai = new MockActionInvocation();
    MockActionProxy map = new MockActionProxy();
    ActionConfig ac = new ActionConfig.Builder("", "", "").build();
    map.setConfig(ac);
    mai.setAction(action);
    mai.setProxy(map);
    inter.intercept(mai);
    inter.destroy();
// nothing happends
}
Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) SimpleAction(com.opensymphony.xwork2.SimpleAction) Action(com.opensymphony.xwork2.Action) MockActionInvocation(com.opensymphony.xwork2.mock.MockActionInvocation) SimpleAction(com.opensymphony.xwork2.SimpleAction) MockActionProxy(com.opensymphony.xwork2.mock.MockActionProxy)

Aggregations

SimpleAction (com.opensymphony.xwork2.SimpleAction)32 ActionProxy (com.opensymphony.xwork2.ActionProxy)24 HashMap (java.util.HashMap)23 LinkedHashMap (java.util.LinkedHashMap)17 MockActionProxy (com.opensymphony.xwork2.mock.MockActionProxy)14 ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)8 XmlConfigurationProvider (com.opensymphony.xwork2.config.providers.XmlConfigurationProvider)7 StrutsXmlConfigurationProvider (org.apache.struts2.config.StrutsXmlConfigurationProvider)7 OgnlUtil (com.opensymphony.xwork2.ognl.OgnlUtil)6 Action (com.opensymphony.xwork2.Action)5 TestBean (com.opensymphony.xwork2.TestBean)5 OgnlValueStack (com.opensymphony.xwork2.ognl.OgnlValueStack)5 ValueStack (com.opensymphony.xwork2.util.ValueStack)5 ActionInvocation (com.opensymphony.xwork2.ActionInvocation)4 ModelDrivenAction (com.opensymphony.xwork2.ModelDrivenAction)3 ConversionData (com.opensymphony.xwork2.conversion.impl.ConversionData)3 MockActionInvocation (com.opensymphony.xwork2.mock.MockActionInvocation)3 StaticWebApplicationContext (org.springframework.web.context.support.StaticWebApplicationContext)3 MockConfigurationProvider (com.opensymphony.xwork2.config.providers.MockConfigurationProvider)2 MockResult (com.opensymphony.xwork2.mock.MockResult)2