kusalk commented on code in PR #760:
URL: https://github.com/apache/struts/pull/760#discussion_r1347756216
##########
core/src/main/java/org/apache/struts2/ognl/StrutsOgnlGuard.java:
##########
@@ -71,28 +71,38 @@ public boolean isRawExpressionBlocked(String expr) {
@Override
public boolean isParsedTreeBlocked(Object tree) {
- return containsExcludedNodeType(tree);
+ if (!(tree instanceof Node) || skipTreeCheck((Node) tree)) {
+ return false;
+ }
+ return recurseNodes((Node) tree);
}
- protected boolean containsExcludedNodeType(Object tree) {
- if (!(tree instanceof Node) || excludedNodeTypes.isEmpty()) {
- return false;
+ protected boolean skipTreeCheck(Node tree) {
+ return excludedNodeTypes.isEmpty();
+ }
+
+ protected boolean recurseNodes(Node node) {
+ if (checkNode(node)) {
+ return true;
+ }
+ for (int i = 0; i < node.jjtGetNumChildren(); i++) {
+ if (recurseNodes(node.jjtGetChild(i))) {
+ return true;
+ }
}
- return recurseExcludedNodeType((Node) tree);
+ return false;
+ }
+
+ protected boolean checkNode(Node node) {
Review Comment:
I separated the recursion logic from the node checking logic so that
subclasses don't need to unnecessarily duplicate that code when overriding.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
