Improper Input Validation in Form
Description
Form inputs should have minimal input validation to provide defense in depth against various risks. The code does not contain a validate method, which is necessary for input validation.
Examples
Insecure Code
scala
class MyForm extends ActionForm { }Secure Code
scala
class MyForm extends ActionForm { public void validate() { // validation logic } }Remediation
Add a validate method to the form class to perform input validation.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0038 |
| Category | Web |
| Severity | MEDIUM |
| CWE | CWE-1289 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | input validation, Struts |
| OWASP | N/A |