VariantDraft

CWE-608Struts: Non-private Field in ActionForm Class

Category: other

Description

An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.

Common consequences· 1

  • Integrity / Confidentiality — Modify Application Data, Read Application Data

Potential mitigations· 1

  • [Implementation]Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided.

References

  1. https://cwe.mitre.org/data/definitions/608.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Struts: Unvalidated Action Form
CWE
Struts: Form Bean Does Not Extend Validation Class
CWE
Struts: Validator Without Form Field
CWE
Struts: Form Field Without Validator
CWE
Struts: Unused Validation Form
CWE
Struts: Incomplete validate() Method Definition
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.