-
Notifications
You must be signed in to change notification settings - Fork 814
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WW-5340 Introducing OGNL Guard #747
Conversation
02db368
to
31cc8a1
Compare
Conflicts |
* | ||
* @since 6.4.0 | ||
*/ | ||
public class DefaultOgnlGuard implements OgnlGuard { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefer to use StrutsOgnlGuard
- default means different things for different ppl ;)
1401f1e
to
f69364b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for review in steps, got distracted :)
Kudos, SonarCloud Quality Gate passed! |
Is it ready for review? |
Yep that should be everything addressed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 💪 LGTM 👍
WW-5340
This serves as an optional, additional layer of protection to
SecurityMemberAccess
.OgnlGuard
can validate both the raw and parsed OGNL expression. It is implemented as a user-configurable bean.The default functionality includes the capability to block any expressions which contain specified OGNL AST nodes.