cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can change your system assigned username to something more personal in your community settings. X

Security Audit warning in ApplicationLog

Go to solution
bbeuckSIG
15-Moonstone
15-Moonstone
‎Jun 05, 2024 03:55 AM
‎Jun 05, 2024 03:55 AM

Security Audit warning in ApplicationLog

Dear community,

 

We upgraded from Thingworx 9.3.13 to 9.5.2 which mostly worked OK. After restart I am encountering this message in ApplicationLog:

[SECURITY AUDIT Anonymous:@unknown -> /ExampleApplication/org.owasp.esapi.reference.validation.StringValidationRule] Input validation excludes canonicalization. Context: setHeader Input: attachment; filename="plotly-basic.min.js"; filename*=UTF-8''plotly-basic.min.js

 

I am loading the plotly library (from local repository) on several mashups and the warning shows up whenever the according mashup is loaded. The Mashups work fine.

 

In Release 9.3.13 we did not receive this warning. I also checked the files ESAPI.properties and validation.properties in ThingworxStorage/esapi folder but they haven't changed.

 

What is the warning telling me? And more importantly, how do I get rid of this message?

 

Thank you in advance for any kind of support
Benny

 

Labels:
0 Kudos
Notify Moderator
1 ACCEPTED SOLUTION

Accepted Solutions
PEHOWE
16-Pearl
16-Pearl
(To:bbeuckSIG)
‎Jun 06, 2024 10:49 AM
‎Jun 06, 2024 10:49 AM

@bbeuckSIG .

 

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

 

That should address your question.
HTH
Pehowe

 

View solution in original post

Notify Moderator
2 REPLIES 2
PEHOWE
16-Pearl
16-Pearl
(To:bbeuckSIG)
‎Jun 06, 2024 10:49 AM
‎Jun 06, 2024 10:49 AM

@bbeuckSIG .

 

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

 

That should address your question.
HTH
Pehowe

 

Notify Moderator
bbeuckSIG
15-Moonstone
15-Moonstone
(To:PEHOWE)
‎Jun 14, 2024 10:09 AM
‎Jun 14, 2024 10:09 AM

Hey @PEHOWE ,

 

many thanks for your feedback. I am not entirely sure what exactly I have done but you are right, the messages are gone. It's in test system now and if we don't encounter related issues it will be deployed to production.

 

Thank you very much

Benny

0 Kudos
Notify Moderator
Top Tags