Struts: Unused Validation FormID: 107 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Variant |
Description
An unused validation form indicates that validation logic is
not up-to-date.
Extended DescriptionIt is easy for developers to forget to update validation logic when they
remove or rename action form mappings. One indication that validation logic
is not being properly maintained is the presence of an unused validation
form.
Applicable PlatformsLanguage: Java
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | Quality degradation | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Implementation | | Remove the unused Validation Form from the validation.xml file. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-107 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following example the class RegistrationForm is a Struts
framework ActionForm Bean that will maintain user input data from a
registration webpage for an online business site. The user will enter
registration data and, through the Struts framework, the RegistrationForm
bean will maintain the user data in the form fields using the private member
variables. The RegistrationForm class uses the Struts validation capability
by extending the ValidatorForm class and including the validation for the
form fields within the validator XML file, validator.xml.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
7 Pernicious Kingdoms | | Struts: Unused Validation Form | |
References:None