Struts: Validator Without Form Field

Draft Variant

Structure: Simple

Description

This vulnerability occurs when a Struts application's validation configuration file references form fields that no longer exist in the corresponding ActionForm class. This mismatch indicates outdated validation logic that can fail to properly check user input.

Extended Description

This issue commonly arises during maintenance. When a developer modifies an ActionForm by renaming or removing a field but forgets to update the associated validation rules (validator.xml), the validation logic becomes desynchronized. The system may then ignore validation for new or modified fields, potentially allowing malicious or malformed data to pass through. While Java applications themselves are not typically vulnerable to classic buffer overflows, this validation gap becomes critical if the application passes data to native code components (like C/C++ libraries). An attacker could exploit the missing validation to inject unexpected data, potentially triggering a buffer overflow in the native layer and compromising the system.

Common Consequences 1

Scope: Other

Impact: Other

It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today's worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.

Detection Methods 2

Automated Static AnalysisModerate

To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.

Manual Static AnalysisModerate

To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.

Demonstrative Examples 1

This example shows an inconsistency between an action form and a validation form. with a third field.

This first block of code shows an action form that has two fields, startDate and endDate.

Code Example:Bad
Java
java

This second block of related code shows a validation form with a third field: scale. The presence of the third field suggests that DateRangeForm was modified without taking validation into account.

Code Example:Bad
XML
xml

References 1

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

Katrina Tsipenyuk, Brian Chess, and Gary McGraw

NIST Workshop on Software Security Assurance Tools Techniques and Metrics • NIST

07-11-2005

https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf

ID: REF-6

Applicable Platforms

Languages:

Java : Undetermined

Modes of Introduction

Implementation

Operation

Related Weaknesses

ChildOf:

Irrelevant Code (CWE-1164)

ChildOf:

Improper Input Validation (CWE-20)

Taxonomy Mapping

7 Pernicious Kingdoms
Software Fault Patterns