Vulnerable Code
The vulnerable code should be avoided in validation of xml file
Secure Code
The code is secure as it does not duplicate form names
Struts Validator Class
- The struts form should extend one of the following validator classes to implement struts validator
– ValidatorForm
– ValidatorActionForm
– DynaValidatorActionForm
– DynaValidatorFrom - The method validate() can be implemented in the user’s application through the use of these classes
- The validation of form fields are done under the validate() method
- The validator form that defines a validate() method should call super.validate() function
- The validator forms derived from ActionForm and DynaActionForm classes cannot use the struts validator
💖Secure and Insecure Code for Struts Validator Class
Vulnerable Code
The code is vulnerable as it does not call super.validate() function
Secure Code
The code calls super.validate() function
💖Enable the Struts Validator
- The action form mapping for the validate() method should always be given the value true
- The form disables the struts validator if the action form mapping is disabled
The following code shows how to enable action form mapping
Vulnerable Code
The code is vulnerable as it deactivates the struts validator as the validate parameter is set no false
Secure Code
The code is secure as it activates the struts validator as the validate parameter is set to true
Cheng® 