Description
This page provides the possible reason for the No Violation or Decrease in the violations for User Input Data Flow Security metrics.
Observed in CAST AIP
Release | Yes/No |
|---|---|
| 8.3.x |  |
Observed on RDBMS
RDBMS | Yes/No |
|---|---|
| CSS | |
Step by Step Scenario
Below is the step-by-step scenario leading to the problem:
- Deliver and accept the application.
- Enable User Input Data Flow security option for J2EE.
- Launch analysis + snapshot.
- Open dashboard and search for objects violating security flow.
- Huge variation (decreased) in the objects violation User Input Data Flow Security or there are no violations for User Input Data Flow Security.
Impact of the Problem
The impact of the problem on the analysis or the dashboard is: Results for security on the dashboard or not correct.
Action Plan
To fix the problem, proceed as follows:
- Check if there is change in the configuration of the analysis unit.
- Removed files.
- Versions of the technologies.
- Check if there is any change in the Execution Unit. If you have split the analysis unit then there will be an impact in the User Input Data Flow Security results.
- Data Flow security is based on dynamic links and hence splitting of the analysis units will reduce the scope.
Impact of the solution on the analysis or the dashboard is: The results for security metrics will be correct.
Notes/comments
Related Pages
Ticket ID : 5044
