[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Struts: Non-private Field in ActionForm Class

ID: 608Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.

Applicable Platforms
Language: Java

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Confidentiality
 
Modify application data
Read application data
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided.
 
  

Relationships

Related CWETypeViewChain
CWE-608 ChildOf CWE-897 Category CWE-888  

Demonstrative Examples   (Details)

  1. In the following Java example the class RegistrationForm is a Struts framework ActionForm Bean that will maintain user input data from a registration webpage for a online business site. The user will enter registration data and through the Struts framework the RegistrationForm bean will maintain the user data.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
Anonymous Tool Vendor (under NDA)  
 
 

References:
None

© 2013 SecPod Technologies