gitlab.find_sec_bugs.STRUTS_FORM_VALIDATION-1

unknown

Download Count*

License

Form inputs should have minimal input validation. Preventive validation helps provide defense in depth against a variety of risks.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: find_sec_bugs.STRUTS_FORM_VALIDATION-1
    patterns:
      - pattern-inside: |
          class $CLASS extends $SC {
            ...
          }
      - metavariable-regex:
          metavariable: $SC
          regex: (ActionForm|ValidatorForm)
      - pattern-not: public void validate() { ... }
    languages:
      - java
    message: >
      Form inputs should have minimal input validation. Preventive validation
      helps

      provide defense in depth against a variety of risks.
    metadata:
      category: security
      cwe: "CWE-20: Improper Input Validation"
      primary_identifier: find_sec_bugs.STRUTS_FORM_VALIDATION-1
      secondary_identifiers:
        - name: Find Security Bugs-STRUTS_FORM_VALIDATION
          type: find_sec_bugs_type
          value: STRUTS_FORM_VALIDATION
      license: MIT
    severity: WARNING

Short Link: https://sg.run/R5K2