An unused action form indicates that application logic might not be up-to-date.
Struts uses form-bean
entries to map HTML forms to actions. If the <action-mappings>
element of the Struts configuration file does not contain an entry that corresponds to a relevant action form defined via a <form-bean>
tag, the application logic might not be up-to-date.
Example 1: The following configuration does not contain a mapping for bean2
.
<form-beans>
<form-bean name="bean1" type="coreservlets.UserFormBean1" />
<form-bean name="bean2" type="coreservlets.UserFormBean2" />
</form-beans>
<action-mappings>
<action path="/actions/register1" type="coreservlets.RegisterAction1" name="bean1" scope="request" />
</action-mappings>
[1] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration
[2] Apache Struts 1.3 Specification