|License Type||SaaS & On-Premise|
|Agent Mode||Assess & Protect|
|Main Product Category||Java Agent|
|Sub Category||Security Controls|
I'm trying to create a security control, but my method does not take in any input parameters.
If there are no parameters being passed in, a code exclusion can be created as an alternative.
Following the example is from our Open Doc site:
Choosing Code (allows regex) will allow you to specify a list of method signatures. Any findings involving these methods will be suppressed. The entire method signature must be present and not include a trailing parameter definition or any other extra characters. For example:
If you have a method
doLegacySecurity()inside a class called
com.acme.OldSecuritythat is being reported for using insecure cryptographic algorithms, you can ignore it by entering this line into the exclusion code block:
We’ll match this method signature against the stacktrace for any vulnerabilities found and suppress any that contain a match.
For more information on exclusions: https://docs.contrastsecurity.com/admin-policymgmt.html#exclude
Support for security controls without parameters is being tracked as enhancement request (CUST-1764)