Kingdom: Input Validation and Representation
Input validation and representation problems ares caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input. The issues include: "Buffer Overflows," "Cross-Site Scripting" attacks, "SQL Injection," and many others.
Missing Form Field Validation
Abstract
The application does not perform any validation for form data.
Explanation
The application fails to validate the type of data received from a web form. It is a good practice to validate that the received data satisfy the requirements defined for the expected data.
Example 1: The following code defines a Spring WebFlow
Example 1: The following code defines a Spring WebFlow
FormAction which fails to validate the data against the expected requirements:Example 2: The following code defines a Spring WebFlow action state which fails to validate the data against the expected requirements:
<bean id="customerCriteriaAction" class="org.springframework.webflow.action.FormAction">
<property name="formObjectClass"
value="com.acme.domain.CustomerCriteria" />
<property name="propertyEditorRegistrar">
<bean
class="com.acme.web.PropertyEditors" />
</property>
</bean>
<action-state>
<action bean="transferMoneyAction" method="bind" />
</action-state>
desc.config.java.missing_form_field_validation
Abstract
The application does not perform any validation for form data.
Explanation
The application fails to validate the type of data received from a web form. It is a good practice to validate that the received data satisfy the requirements defined for the expected data.
Example 1: The following code defines a form but fails to validate the data against the expected requirements:
Example 1: The following code defines a form but fails to validate the data against the expected requirements:
def form = Form(
mapping(
"name" -> text,
"age" -> number
)(UserData.apply)(UserData.unapply)
)
desc.structural.scala.missing_form_field_validation