ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S3367/java/rule.adoc
Fred Tingaud 16f6c0aecf
Inline adoc when include has no additional value (#1940) 
Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
2023-05-25 14:18:12 +02:00

60 lines
1.6 KiB
Plaintext
Raw Blame History

== Why is this an issue?
Validation is the first line of defense against injection, cross-site scripting, and many other attacks. Omitting it in modern web applications is simply negligent.
When creating a Struts ``++ActionForm++``, you have the choice of extending something from the ``++org.apache.struts.action++`` package, or extending something from the ``++org.apache.struts.validator++`` package. Since you can't use the Struts validator capabilities without extending something from the ``++validator++`` package, that should always be your choice.
=== Noncompliant code example
[source,java]
----
public class MyForm extends org.apache.struts.action.ActionForm { // Noncompliant
// ...
----
=== Compliant solution
[source,java]
----
public class MyForm extends org.apache.struts.validator.ValidatorForm {
// ...
----
== Resources
* https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection
* https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
* https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS)
* https://cwe.mitre.org/data/definitions/104[MITRE, CWE-104] - Struts: Form Bean Does Not Extend Validation Class
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Extend a validator class instead of "xxx".
=== Highlighting
super class name
'''
== Comments And Links
(visible only on this page)
=== on 1 Dec 2015, 11:19:01 Michael Gumowski wrote:
LGTM!
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink