I'm getting trust boundary violation in the code that i'm testing. The code adds forms in session and it is getting flawed as trust boundary violation
Inside Struts Action class execute method
{
EditForm editform = new EditForm ();
All the values are set either from databse or from request params and then the form is added to session as below
**request.getSession(false).setAttribute("EDIT_FORM", editform );**
}
I'm getting violation on the code shown as bold.
How can i fix this? I'm not sure where to add the validation. It is a new form that is created inside Action class execute methods and the vaues are populated from request and db
You should try esapy library, try something like :
Before setting attribute. I've found this flaw asociate to Object type variable and that's the worst thing ever, because you cannot validate it as you can't know the type.