Improper validation of unsafe equivalence in input

scala.form.scala_form_rule_formvalidate

Severity

low

Resource

Form

Language

Scala

Description

Form inputs should have minimal input validation. Preventive validation helps provide defense in depth against a variety of risks.

Rationale

Form inputs should have minimal input validation. Preventive validation helps provide defense in depth against a variety of risks.

The following code illustrates a vulnerable pattern detected by this rule:

// License: LGPL-3.0 License (c) find-sec-bugs
package form

import org.apache.struts.validator.ValidatorForm

// VULNERABLE: Improper validation of unsafe equivalence in input
class FormValidate extends ValidatorForm {
  private var name: String = null
  private var email: String = null

  def getName = name

  def setName(n: String) {
    this.name = n
  }

  def getEmail = email

  def setEmail(email: String) {
    this.email = email
  }
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-1289
OWASP Top 10 2021 - A04 : Insecure Design.