Skip to content

Commit

Permalink
Merge pull request #828 from apache/WW-5364-fix-str-access
Browse files Browse the repository at this point in the history
WW-5364 Add String.class to system allowlist
  • Loading branch information
kusalk authored Jan 2, 2024
2 parents 9976ed3 + 8954ad6 commit 83a4503
Showing 1 changed file with 5 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -60,17 +60,18 @@ public class SecurityMemberAccess implements MemberAccess {
private static final Logger LOG = LogManager.getLogger(SecurityMemberAccess.class);

private static final Set<String> ALLOWLIST_REQUIRED_PACKAGES = unmodifiableSet(new HashSet<>(Arrays.asList(
"com.opensymphony.xwork2.validator.validators",
"org.apache.struts2.components",
"org.apache.struts2.views.jsp",
"com.opensymphony.xwork2.validator.validators"
"org.apache.struts2.views.jsp"
)));

private static final Set<Class<?>> ALLOWLIST_REQUIRED_CLASSES = unmodifiableSet(new HashSet<>(Arrays.asList(
java.lang.Enum.class,
java.lang.String.class,
java.util.Date.class,
java.util.HashMap.class,
java.util.Map.class,
java.util.Map.Entry.class,
java.util.HashMap.class
java.util.Map.Entry.class
)));

private final ProviderAllowlist providerAllowlist;
Expand Down

0 comments on commit 83a4503

Please sign in to comment.