My security control doesn't take in any parameters

  • Updated

Objective

I'm trying to create a security control, but my method does not take in any input parameters.

Process

If there are no parameters being passed in, a code exclusion can be created as an alternative. 

Following the example is from our online documentation site:


Choosing Code (allows regex) will allow you to specify a list of method signatures. Any findings involving these methods will be suppressed. The entire method signature must be present and not include a trailing parameter definition or any other extra characters. For example:

  • If you have a method doLegacySecurity() inside a class called com.acme.OldSecurity that is being reported for using insecure cryptographic algorithms, you can ignore it by entering this line into the exclusion code block:

    com.acme.OldSecurity.doLegacySecurity
  • We’ll match this method signature against the stacktrace for any vulnerabilities found and suppress any that contain a match.


For more information on exclusions: https://docs.contrastsecurity.com/en/application-exclusions.html 

Support for security controls without parameters is being tracked as enhancement request (CUST-1764)

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request