Skip to content

Java: Add support for Struts 7.x package names #21221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
navntoft wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Java: Add support for Struts 7.x package names #21221

navntoft wants to merge 2 commits into from
+15 −5

Conversation

@navntoft
Copy link

@navntoft navntoft commented Jan 26, 2026
edited
Loading

Struts 7.x renamed packages from com.opensymphony.xwork2 to org.apache.struts2.

This updates the CodeQL Struts library to recognize both the legacy xwork2 package names (Struts 2.x-6.x) and the new struts2 package names (Struts 7.x), maintaining backward compatibility while enabling analysis of applications using newer Struts versions.

Changes:

  • Updated StrutsActions.qll to recognize org.apache.struts2.action.Action, org.apache.struts2.Preparable, and org.apache.struts2.ActionSupport
  • Updated StrutsConventions.qll to recognize org.apache.struts2.action.Action for convention plugin detection

@navntoft navntoft requested a review from a team as a code owner January 26, 2026 20:10
Copilot AI review requested due to automatic review settings January 26, 2026 20:10
@github-actions github-actions bot added the Java label Jan 26, 2026

This comment was marked as outdated.

Sign in to view

@navntoft navntoft marked this pull request as draft January 26, 2026 20:39
@navntoft navntoft requested a review from Copilot January 26, 2026 21:36
Copilot AI reviewed Jan 26, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@navntoft
Copy link
Author

navntoft commented Jan 26, 2026

Please disregard the original Copilot review, as the the code and PR description at that point had a misleading assumption about Action being removed from Struts 7.x.

@navntoft navntoft marked this pull request as ready for review January 26, 2026 21:42
owen-mc
owen-mc previously approved these changes Jan 26, 2026
View reviewed changes
@navntoft
Java: Add support for Struts 7.x package names
9a94d04 
Updates Struts library to recognize both legacy xwork2 and new struts2
packages:
- StrutsActions.qll: Add org.apache.struts2 alternatives for Action,
  Preparable, ActionSupport
- StrutsConventions.qll: Add org.apache.struts2.action.Action
  alternative

This maintains backward compatibility for analyzing Struts 2.x-6.x apps
while supporting Struts 7.x which renamed packages from
com.opensymphony.xwork2 to org.apache.struts2.
@navntoft
Java: Add change note for Struts 7.x package name support
ede05b5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@owen-mc owen-mc owen-mc left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

documentation Java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@navntoft @owen-mc