Skip to content

Commit 583b174

Browse files
committed
WW-5525 Fix NPE in ProxyUtil for SecurityMemberAccess originating static members
1 parent 9b04437 commit 583b174

File tree

4 files changed

+36
-2
lines changed

4 files changed

+36
-2
lines changed

core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,9 @@ public void restore(Map context, Object target, Member member, String propertyNa
160160
public boolean isAccessible(Map context, Object target, Member member, String propertyName) {
161161
LOG.debug("Checking access for [target: {}, member: {}, property: {}]", target, member, propertyName);
162162

163+
if (member == null) {
164+
throw new IllegalArgumentException("Member cannot be null!");
165+
}
163166
if (target != null) {
164167
// Special case: Target is a Class object but not Class.class
165168
if (Class.class.equals(target.getClass()) && !Class.class.equals(target)) {
@@ -228,7 +231,7 @@ protected boolean checkAllowlist(Object target, Member member) {
228231
return true;
229232
}
230233

231-
if (!disallowProxyObjectAccess && target != null && ProxyUtil.isProxy(target)) {
234+
if (!disallowProxyObjectAccess && ProxyUtil.isProxy(target)) {
232235
// If `disallowProxyObjectAccess` is not set, allow resolving Hibernate entities to their underlying
233236
// classes/members. This allows the allowlist capability to continue working and offer some level of
234237
// protection in applications where the developer has accepted the risk of allowing OGNL access to Hibernate

core/src/main/java/com/opensymphony/xwork2/util/ProxyUtil.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,7 @@ public static Class<?> ultimateTargetClass(Object candidate) {
8181
* @param object the object to check
8282
*/
8383
public static boolean isProxy(Object object) {
84+
if (object == null) return false;
8485
Class<?> clazz = object.getClass();
8586
Boolean flag = isProxyCache.get(clazz);
8687
if (flag != null) {
@@ -121,7 +122,7 @@ public static boolean isProxyMember(Member member, Object object) {
121122
*/
122123
public static boolean isHibernateProxy(Object object) {
123124
try {
124-
return HibernateProxy.class.isAssignableFrom(object.getClass());
125+
return object != null && HibernateProxy.class.isAssignableFrom(object.getClass());
125126
} catch (NoClassDefFoundError ignored) {
126127
return false;
127128
}

core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1233,6 +1233,34 @@ public void testOgnlValueStackFromOgnlValueStackFactoryAllStaticAccess() throws
12331233
assertNull("accessed private field (result not null) ?", accessedValue);
12341234
}
12351235

1236+
public void testFindValueWithConstructorAndProxyChecks() {
1237+
Map<String, String> properties = new HashMap<>();
1238+
properties.put(StrutsConstants.STRUTS_DISALLOW_PROXY_OBJECT_ACCESS, Boolean.TRUE.toString());
1239+
properties.put(StrutsConstants.STRUTS_DISALLOW_PROXY_MEMBER_ACCESS, Boolean.TRUE.toString());
1240+
loadButSet(properties);
1241+
refreshContainerFields();
1242+
1243+
String value = "test";
1244+
String ognlResult = (String) vs.findValue(
1245+
"new com.opensymphony.xwork2.ognl.OgnlValueStackTest$ValueHolder('" + value + "').value", String.class);
1246+
1247+
assertEquals(value, ognlResult);
1248+
}
1249+
1250+
@SuppressWarnings({"unused"})
1251+
public static class ValueHolder {
1252+
// See testFindValueWithConstructorAndProxyChecks
1253+
private final String value;
1254+
1255+
public ValueHolder(String value) {
1256+
this.value = value;
1257+
}
1258+
1259+
public String getValue() {
1260+
return value;
1261+
}
1262+
}
1263+
12361264
static class BadJavaBean {
12371265
private int count;
12381266
private int count2;

plugins/spring/src/test/java/com/opensymphony/xwork2/spring/SpringProxyUtilTest.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,8 @@ public void setUp() throws Exception {
4646
}
4747

4848
public void testIsProxy() throws Exception {
49+
assertFalse(ProxyUtil.isProxy(null));
50+
4951
Object simpleAction = appContext.getBean("simple-action");
5052
assertFalse(ProxyUtil.isProxy(simpleAction));
5153

0 commit comments

Comments
 (0)