Page tree
Skip to end of metadata
Go to start of metadata

Requirements

Dependencies

Make sure the application is analyzed with all necessary libraries selected and make sure you avoid unresolved methods especially in the Input, Target and Sanitization methods.

Troubleshooting

Unresolved Methods

However a faster and more efficient way to check that the critical input and target methods are correctly resolved by the analyzer is to look at the content of the file BuildAgent.symbols located in the CAST Large Intermediate Storage Area directory (LISA). The input and target methods listed in the flaw specs or manually entered in the GUI must be present in the file BuildAgent.symbols and have a full name in the form *.*

If this is not the case, this means that the analysis lacks mandatory libraries such as the J2EE Servlet library if the user inputs are retrieved through the method “javax.servlet.ServletRequest.getParameter”.

If the application is based on UI frameworks, it is also critical to include the frameworks library or to select the appropriate framework in the CAST Management Studio. For example, if the application uses Struts, it is mandatory to select the Struts framework in the J2EE technology as the User Input engine will use the framework’s Form methods as input and therefore needs correct resolution of these methods:

 

 

  • No labels