cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X

Security Audit warning in ApplicationLog

bbeuckSIG
16-Pearl

Security Audit warning in ApplicationLog

Dear community,

 

We upgraded from Thingworx 9.3.13 to 9.5.2 which mostly worked OK. After restart I am encountering this message in ApplicationLog:

[SECURITY AUDIT Anonymous:@unknown -> /ExampleApplication/org.owasp.esapi.reference.validation.StringValidationRule] Input validation excludes canonicalization. Context: setHeader Input: attachment; filename="plotly-basic.min.js"; filename*=UTF-8''plotly-basic.min.js

 

I am loading the plotly library (from local repository) on several mashups and the warning shows up whenever the according mashup is loaded. The Mashups work fine.

 

In Release 9.3.13 we did not receive this warning. I also checked the files ESAPI.properties and validation.properties in ThingworxStorage/esapi folder but they haven't changed.

 

What is the warning telling me? And more importantly, how do I get rid of this message?

 

Thank you in advance for any kind of support
Benny

 

1 ACCEPTED SOLUTION

Accepted Solutions

@bbeuckSIG .

 

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

 

That should address your question.
HTH
Pehowe

 

View solution in original post

2 REPLIES 2

@bbeuckSIG .

 

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

 

That should address your question.
HTH
Pehowe

 

Hey @PEHOWE ,

 

many thanks for your feedback. I am not entirely sure what exactly I have done but you are right, the messages are gone. It's in test system now and if we don't encounter related issues it will be deployed to production.

 

Thank you very much

Benny

Top Tags