Objective
I'm trying to create a security control, but my method does not take in any input parameters.
Process
If there are no parameters being passed in, a code exclusion can be created as an alternative.
Following the example is from our online documentation site:
Choosing Code (allows regex) will allow you to specify a list of method signatures. Any findings involving these methods will be suppressed. The entire method signature must be present and not include a trailing parameter definition or any other extra characters. For example:
-
If you have a method
doLegacySecurity()
inside a class calledcom.acme.OldSecurity
that is being reported for using insecure cryptographic algorithms, you can ignore it by entering this line into the exclusion code block:com.acme.OldSecurity.doLegacySecurity
-
We’ll match this method signature against the stacktrace for any vulnerabilities found and suppress any that contain a match.
For more information on exclusions: https://docs.contrastsecurity.com/en/application-exclusions.html
Support for security controls without parameters is being tracked as enhancement request (CUST-1764)