Struts: Non-private Field in ActionForm Class
Weakness ID: 608 (Weakness Variant)Status: Draft
+ Description

Description Summary

An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

Java

+ Potential Mitigations

Make all fields private. Use getter to get the value of the field. Setter should be used only by the framework; setting an action form field from other actions is bad practice and should be avoided.

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory101Struts Validation Problems
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Research Concepts (primary)1000
+ Causal Nature

Explicit

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Anonymous Tool Vendor (under NDA)Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings, Weakness Ordinalities
Back to top