Topic
1 reply Latest Post - ‏2014-04-25T16:38:56Z by ScottH
SJPW_RAJA_SHARMA
SJPW_RAJA_SHARMA
1 Post
ACCEPTED ANSWER

Pinned topic Lost Sink

‏2012-07-17T12:18:39Z |
Hi,

What are the ' no_package ' Lost Sinks in IBM AppScan Source Edition for Security?
Do we need to mark them ( <external_caller> ) as taint propagators??
  • ScottH
    ScottH
    14 Posts
    ACCEPTED ANSWER

    Re: Lost Sink

    ‏2014-04-25T16:38:56Z  in response to SJPW_RAJA_SHARMA

    Hello,

    This message most likely means that the code was not available when the scan was performed.  This can happen when calls go through 3rd party or other unavailable libraries.

    How to mark them will depend on your analysis of the call and information about whether they perform code validation.  If you are unsure taint propagator can be used.

     

    Scott