WW-5294 Add warning when JSP tags accessed directly#1569
Open
lukaszlenart wants to merge 1 commit intomainfrom
Open
WW-5294 Add warning when JSP tags accessed directly#1569lukaszlenart wants to merge 1 commit intomainfrom
lukaszlenart wants to merge 1 commit intomainfrom
Conversation
Add security warning to TagUtils.getStack() that logs when JSP tags are rendered outside of action scope (direct JSP access). This helps developers identify potential security issues where JSPs are accessed directly without going through the Struts action flow. The warning message includes a link to the security documentation at https://struts.apache.org/security/#never-expose-jsp-files-directly 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
lukaszlenart
force-pushed
the
feat/WW-5294-jsp-direct-access-warning
branch
from
3ff8275 to
c2293ea
Compare
lukaszlenart
requested review from
aleksandr-m,
cnenning,
jogep,
kusalk,
rgielen,
sdutry and
yasserzamani
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TagUtils.getStack()that logs when JSP tags are rendered outside of action scopeActionInvocationis null or when the action is null (direct JSP access)Fixes WW-5294
Changes
TagUtils.javaTagUtilsTest.javaActionTagTest.javagetAction()callTest plan
TagUtilsTest- 5 tests covering all scenarios (null ActionInvocation, null action, valid action, security URL in message)🤖 Generated with Claude Code