-
Notifications
You must be signed in to change notification settings - Fork 814
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WW-5353 Stronger security defaults for 7.0 #919
WW-5353 Stronger security defaults for 7.0 #919
Conversation
5d9c039
to
9f9a0e3
Compare
|
||
/** | ||
* Generic test setup methods to be used with any unit testing framework. | ||
*/ | ||
public class StrutsTestCaseHelper { | ||
|
||
public static Dispatcher initDispatcher(ServletContext ctx, Map<String, String> params) { | ||
Dispatcher du = new DispatcherWrapper(ctx, params != null ? params : emptyMap()); | ||
var finalParams = new HashMap<>(params); | ||
finalParams.putIfAbsent(STRUTS_ALLOWLIST_ENABLE, "false"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it makes sense to keep the allowlist disabled for unit tests as the auto-allowlisting is only effective in production applications
8ad75f2
to
570f634
Compare
0d614a7
to
9adc618
Compare
570f634
to
d0204f3
Compare
5e80a32
to
f57b7c8
Compare
f57b7c8
to
5d4ad83
Compare
Quality Gate failedFailed conditions See analysis details on SonarCloud Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
Feedback on the next milestone will be interesting, let's see how we go! |
I can roll a new Milestone release during the weekend |
WW-5353