Topic
  • 1 reply
  • Latest Post - ‏2014-04-25T16:38:56Z by ScottH
SJPW_RAJA_SHARMA
SJPW_RAJA_SHARMA
1 Post

Pinned topic Lost Sink

‏2012-07-17T12:18:39Z |
Hi,

What are the ' no_package ' Lost Sinks in IBM AppScan Source Edition for Security?
Do we need to mark them ( <external_caller> ) as taint propagators??
  • ScottH
    ScottH
    16 Posts

    Re: Lost Sink

    ‏2014-04-25T16:38:56Z  

    Hello,

    This message most likely means that the code was not available when the scan was performed.  This can happen when calls go through 3rd party or other unavailable libraries.

    How to mark them will depend on your analysis of the call and information about whether they perform code validation.  If you are unsure taint propagator can be used.

     

    Scott