Reputation: 750
Validation Required issue by IBM AppScan
IBM AppScan has thrown the error Validation Required while scanning my app for the following code:-
return Arrays.asList(System.getenv("PATH").split(":"));
I am not sure why the error is thrown. Could it be a false positive ? Can I use
System.getProperty("java.class.path")
Upvotes: 0
Views: 2131
Answers (2)
Reputation: 156
Split function: Depends upon what data you have to pass in function. If data is validated before passing the function then you can mark this issues as false positive. Usually we mark split function as false positive
Upvotes: 0
Reputation: 170
AppScan is reporting validation issue as you are getting variable value from the source which is outside the app. According to IBM AppScan rules, all the strings values from outside the apps should be validated. If you are sure that nobody will change PATH value, you can say it is a false positive.
Upvotes: 0
Related Questions
- Appscan Validation.Required issue in java
- Unable to locate validation of android native app after many efforts in automation
- A "No such file or directory" error occurs with the appscan.sh command
- App authenticity is giving a different error
- Trying to do App Authenticity and during client.connect() getting "App authenticity security check failed"
- Bluemix sample app fails with "Failed to authenticate against MCA"
- Bluemix: Can I scan a Java ReST API using Application Security on Cloud
- Appscan Issues: Authentication.Credentials.Unprotected
- XML Validation Error Mobilefirst App Authenticity
- IBM Bluemix NoAppDetectedError when uploading application