CWE

Struts: Plug-in Framework not in Use

ID: 106		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.

Applicable Platforms
Language: Java

Time Of Introduction

• Implementation

Common Consequences

Scope	Technical Impact	Notes
Integrity	Unexpected state

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
		Use an input validation framework such as Struts.

Relationships

Related CWE	Type	View	Chain
CWE-106 ChildOf CWE-896	Category	CWE-888

Demonstrative Examples   (Details)

1. In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for an online business site. The user will enter registration data and, through the Struts framework, the RegistrationForm bean will maintain the user data.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
7 Pernicious Kingdoms		Struts: Plug-in Framework Not In Use

References:
None