This list of keywords directly related to the struts security issues will help us to use a search tool (such as drek or Graudit) to locate and to identify the issue; take a look at the following table:
Struts security |
Keyword search in bold |
Development mode |
struts.devMode. Review tips: The suggested value should be false in struts.xml. |
Dynamic method invocation |
struts.enable.DynamicMethodInvocation. Review tips: The suggested value should be false in struts.xml. |
OGNL static method access |
struts.ognl.allowStaticMethodAccess. Review tips: The suggested value should be false in struts.xml. |
File upload |
Allowedtypes. maximumSize. allowedExtensions. Review tips |