Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

XML static code analysis

Unique rules to find Bugs and Code Smells in your XML code

Struts validation forms should have unique names

intentionality - logical

security

Vulnerability

Having two form validation entries with the same name indicates a configuration issue. Only one of the two configurations will be applied, which can lead to validation gaps.

Why is this an issue?

How can I fix it?

More Info

In Struts, form validation is used to validate the data the application’s clients provide as part of a form submission to the server. Configuring two different form validations with the same name leads to unexpected behaviors.

When faced with multiple form validations with the same name, Struts will arbitrarily choose one and apply it while discarding the others.

What is the potential impact?

The application might perform an incomplete validation of user-submitted forms. Some parts of the validation configuration defined in discarded items will not apply, which can have severe consequences if not duplicated in the applied one.

Missing input validation can make the application vulnerable to injection attacks or other severe issues. They might affect the confidentiality, integrity, or availability of the application or the data it stores.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Available Since
9.3

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.3

In-IDE

SaaS

Self-Hosted