stackoom
  简体   繁体   中英

Validation Required issue by IBM AppScan

 原文  2018-07-19 08:13:24       java/ android/ validation/ security/ bluemix-app-scan

Question

IBM AppScan has thrown the error Validation Required while scanning my app for the following code:- 

return Arrays.asList(System.getenv("PATH").split(":"));

I am not sure why the error is thrown. Could it be a false positive ? Can I use 

System.getProperty("java.class.path")

2 answers

solution1
 0 ACCPTED  2018-07-19 15:22:38

AppScan is reporting validation issue as you are getting variable value from the source which is outside the app. According to IBM AppScan rules, all the strings values from outside the apps should be validated. If you are sure that nobody will change PATH value, you can say it is a false positive.

solution2
 0  2019-10-01 08:49:57

Split function: Depends upon what data you have to pass in function. If data is validated before passing the function then you can mark this issues as false positive. Usually we mark split function as false positive

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Appscan Validation.Required issue in java IBM Appscan Security Vulnerability SQL injection jsf validation issue - applies required field validation for disabled input fields Bean Validation required for enums required? Is JSPF validation broken in IBM RAD 8? @Required Validation messages Appscan source edition - SQL Injection Rectify PathTraversal found in AppScan Tool Dynamic required validation for different buttons? JAXB XML Required Field Validation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM