Pinned topic Lost Sink
What are the ' no_package ' Lost Sinks in IBM AppScan Source Edition for Security?
Do we need to mark them ( <external_caller> ) as taint propagators??
ScottH 120000998U14 PostsACCEPTED ANSWER
Re: Lost Sink2014-04-25T16:38:56Z in response to SJPW_RAJA_SHARMA
This message most likely means that the code was not available when the scan was performed. This can happen when calls go through 3rd party or other unavailable libraries.
How to mark them will depend on your analysis of the call and information about whether they perform code validation. If you are unsure taint propagator can be used.