cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X

Security Audit warning in ApplicationLog

BennyB
16-Pearl

Security Audit warning in ApplicationLog

Dear community,

 

We upgraded from Thingworx 9.3.13 to 9.5.2 which mostly worked OK. After restart I am encountering this message in ApplicationLog:

[SECURITY AUDIT Anonymous:@unknown -> /ExampleApplication/org.owasp.esapi.reference.validation.StringValidationRule] Input validation excludes canonicalization. Context: setHeader Input: attachment; filename="plotly-basic.min.js"; filename*=UTF-8''plotly-basic.min.js

 

I am loading the plotly library (from local repository) on several mashups and the warning shows up whenever the according mashup is loaded. The Mashups work fine.

 

In Release 9.3.13 we did not receive this warning. I also checked the files ESAPI.properties and validation.properties in ThingworxStorage/esapi folder but they haven't changed.

 

What is the warning telling me? And more importantly, how do I get rid of this message?

 

Thank you in advance for any kind of support
Benny

 

ACCEPTED SOLUTION

Accepted Solutions
PEHOWE
16-Pearl
(To:BennyB)

@BennyB .

 

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

 

That should address your question.
HTH
Pehowe

 

View solution in original post

2 REPLIES 2
PEHOWE
16-Pearl
(To:BennyB)

@BennyB .

 

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

 

That should address your question.
HTH
Pehowe

 

BennyB
16-Pearl
(To:PEHOWE)

Hey @PEHOWE ,

 

many thanks for your feedback. I am not entirely sure what exactly I have done but you are right, the messages are gone. It's in test system now and if we don't encounter related issues it will be deployed to production.

 

Thank you very much

Benny

Announcements


Top Tags