SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
XML

XML static code analysis

Unique rules to find Bugs and Code Smells in your XML code

  • All rules 37
  • Vulnerability7
  • Bug5
  • Security Hotspot9
  • Code Smell16
 
Tags
    Impact
      Clean code attribute
        1. Components should be explicitly exported

           Vulnerability
        2. Custom permissions should not be defined in the "android.permission" namespace

           Vulnerability
        3. Exported component access should be restricted with appropriate permissions

           Vulnerability
        4. Struts validation forms should have unique names

           Vulnerability
        5. Struts filters should not miss their corresponding filter-map

           Vulnerability
        6. Default EJB interceptors should be declared in "ejb-jar.xml"

           Vulnerability
        7. Basic authentication should not be used

           Vulnerability

        Struts validation forms should have unique names

        intentionality - logical
        security
        Vulnerability
        • cwe
        • struts

        Having two form validation entries with the same name indicates a configuration issue. Only one of the two configurations will be applied, which can lead to validation gaps.

        Why is this an issue?

        How can I fix it?

        More Info

        In Struts, form validation is used to validate the data the application’s clients provide as part of a form submission to the server. Configuring two different form validations with the same name leads to unexpected behaviors.

        When faced with multiple form validations with the same name, Struts will arbitrarily choose one and apply it while discarding the others.

        What is the potential impact?

        The application might perform an incomplete validation of user-submitted forms. Some parts of the validation configuration defined in discarded items will not apply, which can have severe consequences if not duplicated in the applied one.

        Missing input validation can make the application vulnerable to injection attacks or other severe issues. They might affect the confidentiality, integrity, or availability of the application or the data it stores.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.3
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.3

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use