• Home
• org.sonarsource.java
• java-checks
• 3.13
• source code
• S3374.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S3374.html Maven / Gradle / Ivy

According to the Common Weakness Enumeration,
If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision might not correspond to the programmer's expectations...
In such a case, it is likely that the two forms should be combined. At the very least, one should be removed.

Noncompliant Code Example
<form-validation>
  <formset>
    <form name="BookForm"> ... </form>
    <form name="BookForm"> ... </form>  <!-- Noncompliant -->
  </formset>
</form-validation>


Compliant Solution
<form-validation>
  <formset>
    <form name="BookForm"> ... </form>
  </formset>
</form-validation>


See

 MITRE, CWE-102 - Struts: Duplicate Validation Forms
 OWASP, Improper Data Validation - Struts: Duplicate Validation Forms