23 lines
1.3 KiB
Plaintext
23 lines
1.3 KiB
Plaintext
=== on 19 Sep 2014, 13:35:26 Freddy Mallet wrote:
|
|
@Ann:
|
|
|
|
* I would activate this rule by default because I don't see when this rule might generate some false-positives
|
|
* I would associate the rule to the SQALE sub-characteristic "Error"
|
|
* I guess this rule belongs to OWASP Top 10 ?
|
|
|
|
=== on 22 Sep 2014, 11:44:56 Ann Campbell wrote:
|
|
For the record: not in the OWASP Top 10
|
|
|
|
=== on 12 Dec 2014, 21:26:02 Sébastien Gioria wrote:
|
|
as the result could be to stackTrace or information reply on the browser, we could consider this issue in OWASP-TOP10-A6
|
|
|
|
=== on 15 Dec 2014, 10:22:03 Freddy Mallet wrote:
|
|
This is a good point [~sebastien.gioria] which raises another question: for the time being we tag a rule relating to a CWE item with tag "owasp-top10" if and only if in the MITRE CWE referential, this CWE item is part of http://cwe.mitre.org/data/definitions/928.html[CWE-928: Weaknesses in OWASP Top Ten (2013)]. Do you think this is a too strong requirement [~sebastien.gioria] ?
|
|
|
|
=== on 20 Jul 2015, 07:49:37 Ann Campbell wrote:
|
|
Tagged java-top by Ann
|
|
|
|
=== on 13 Nov 2019, 15:06:56 Guillaume Dequenne wrote:
|
|
Updating the message to explicitly mention which unhandled exception type triggered the issue (as the method invocation could already be in a try/catch block without a correct catch clause).
|
|
|