Struts: Form Field Without Validator| ID: 105 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
The application has a form field that is not validated by a
corresponding validation form, which can introduce other weaknesses related to
insufficient input validation.
Applicable PlatformsLanguage: Java
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Integrity | Unexpected state | |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | Ensure that you validate all form fields. If a field is unused, it is
still important to constrain it so that it is empty or undefined. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-105 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following example the Java class RegistrationForm is a Struts
framework ActionForm Bean that will maintain user input data from a
registration webpage for an online business site. The user will enter
registration data and, through the Struts framework, the RegistrationForm
bean will maintain the user data in the form fields using the private member
variables. The RegistrationForm class uses the Struts validation capability
by extending the ValidatorForm class and including the validation for the
form fields within the validator XML file, validator.xml.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| 7 Pernicious Kingdoms | | Struts: Form Field Without Validator | |
References:None
