Security Audit warning in ApplicationLog

Forum|Forum|1 year ago
June 5, 2024
1 reply
1390 views

Dear community,

We upgraded from Thingworx 9.3.13 to 9.5.2 which mostly worked OK. After restart I am encountering this message in ApplicationLog:

[SECURITY AUDIT Anonymous:@unknown -> /ExampleApplication/org.owasp.esapi.reference.validation.StringValidationRule] Input validation excludes canonicalization. Context: setHeader Input: attachment; filename="plotly-basic.min.js"; filename*=UTF-8''plotly-basic.min.js

I am loading the plotly library (from local repository) on several mashups and the warning shows up whenever the according mashup is loaded. The Mashups work fine.

In Release 9.3.13 we did not receive this warning. I also checked the files ESAPI.properties and validation.properties in ThingworxStorage/esapi folder but they haven't changed.

What is the warning telling me? And more importantly, how do I get rid of this message?

Thank you in advance for any kind of support
Benny

Best answer by PEHOWE

@BennyB .

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

That should address your question.
HTH
Pehowe

P

PEHOWE

Answer

17-Peridot

@BennyB .

I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx

That should address your question.
HTH
Pehowe

B

BennyB

Author

16-Pearl

Hey @PEHOWE ,

many thanks for your feedback. I am not entirely sure what exactly I have done but you are right, the messages are gone. It's in test system now and if we don't encounter related issues it will be deployed to production.

Thank you very much

Benny

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded