PM80691: Need better documentation on using individual rule props in scan configs

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • The Scan Configuration does not behave correctly. Using
    SimpleIOT, a new scan configuration with just
    'Validation.Required' as selected so the expected behavior is
    that when the scan is run using this scan configuration, only
    findings that match 'Validation.Required' will be listed.
    Unfortunately, all findings are still reported.
    
    Here are the steps to reproduce using the sample application,
    SimpleIOT:
    
    a) Create a new scan configuration. Under the Scan Rules
    section, there is a link that states, 'Discard selected rule
    sets and let me select individual rule properties'. Click that.
    b) Choose a specific vulnerability type (ie,
    Vulnerability.Validation.Required)
    c) Save the scan configuration
    d) right-click SimpleIOT and scan using the newly created scan
    configuration
    
    The expected result should be that only the findings for
    Validation.Required is displayed, however, there are findings
    reported for Validation.EncodingRequired.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    Information with regard to using individual rule properties
    in scan configs is not clearly documented.
    

Problem conclusion

  • Documentation is now updated with correct information.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM80691

  • Reported component name

    SEC APPSCN SRC

  • Reported component ID

    5724Z3400

  • Reported release

    860

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-01-15

  • Closed date

    2014-06-20

  • Last modified date

    2014-06-20

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SEC APPSCN SRC

  • Fixed component ID

    5724Z3400

Applicable component levels

  • R860 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security AppScan Source

Software version:

860

Reference #:

PM80691

Modified date:

2014-06-20

Translate my page

Machine Translation

Content navigation