Validator plug-ins

2014-07-01
2014-07-09
  • Rodrigo Ruiz
    Rodrigo Ruiz
    2014-07-01

    Hi,

    VCG generates a lot of results with the following message:

    The application appears to use data contained in the
    HttpServletRequest without validation or sanitisation.
    No validator plug-ins were located in the application's
    XML files.
    

    I was wondering which validator plugins are supported/detected.

    Thanks in advance

     
    Last edit: Rodrigo Ruiz 2014-07-01
  • N1ckDunn
    N1ckDunn
    2014-07-09

    Hi Rodrigo

    It makes a fairly simple check for Struts validation in any XML files it encounters and also assumes some other type of validation is in place if any method called 'validate' is applied to input data.

    Thanks
    Nick