Details

    • Type: Vulnerability Detection
    • Status: Active
    • Resolution: Unresolved
    • Labels:
    • Message:
      * "xxx" filter should have a mapping.
    • Default Severity:
      Critical
    • Impact:
      High
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Covered Languages:
      Java
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      30min
    • Analysis Scope:
      Main Sources
    • OWASP:
      A6

      Description

      Every filter defined in web.xml file should be used in a <filter-mapping> element. Otherwise such filters are not invoked.

      Noncompliant Code Example

        <filter>
           <filter-name>DefinedNotUsed</filter-name>
           <filter-class&gt;com.myco.servlet.ValidationFilter</filter-class&gt;
        </filter>
      

      Compliant Solution

        <filter>
           <filter-name>ValidationFilter</filter-name>
           <filter-class&gt;com.myco.servlet.ValidationFilter</filter-class&gt;
        </filter>
             
        <filter-mapping>
           <filter-name>ValidationFilter</filter-name>
           <url-pattern>/*</url-pattern>
        </filter-mapping>
      

      See

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ann.campbell.2 Ann Campbell
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: