Pinned topic Lost Sink
What are the ' no_package ' Lost Sinks in IBM AppScan Source Edition for Security?
Do we need to mark them ( <external_caller> ) as taint propagators??
ScottH 120000998U18 Posts
Re: Lost Sink2014-04-25T16:38:56ZThis is the accepted answer. This is the accepted answer.
This message most likely means that the code was not available when the scan was performed. This can happen when calls go through 3rd party or other unavailable libraries.
How to mark them will depend on your analysis of the call and information about whether they perform code validation. If you are unsure taint propagator can be used.