[WW-5115] Reduce logging for DMI excluded parameters - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.25
Fix Version/s: 6.0.0
Component/s: Core
Labels:
None

Description

There are unnecessary log warning when DMI is enabled, from the ParametersInterceptor.

WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor ParametersInterceptor:isAccepted - Parameter [action:myAction!save] didn't match accepted pattern [[\w+((\.\w+)|(\[\d+])|((\d+))|(['(\w|[\u4e00-\u9fa5])'])|(('(\w|[\u4e00-\u9fa5])')))*]]! See Accepted / Excluded patterns at https://struts.apache.org/security/#accepted--excluded-patterns

eg the property 'action:myAction!save' should not be considered as a bean/property parameter, as its used as part of DMI to submit the form.

Any property which matches the DMI method invocation "^(action|method):.*" needs to be silently ignored and not logged in devMode=true.

DMI_AWARE_ACCEPTED_PATTERNS can also be dropped from DefaultAcceptedPatternsChecker as the DMI action|method would never be a form property.
public static final String[] DMI_AWARE_ACCEPTED_PATTERNS =

{ "\\w+([:]?\\w+)?((\\.\\w+)|(\\[\\d+])|(\\(\\d+\\))|(\\['(\\w|[\\u4e00-\\u9fa5])+'])|(\\('(\\w|[\\u4e00-\\u9fa5])+'\\)))*([!]?\\w+)?" }

;

Attachments

Issue Links

links to

GitHub Pull Request #469

GitHub Pull Request #482

GitHub Pull Request #526

Activity

People

Assignee:: Lukasz Lenart

Reporter:: Greg Huber

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Jan/21 10:06

Updated:: 14/Jun/22 09:47

Resolved:: 29/Jan/22 16:22

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 40m