If anyone has an idea how to resolve this issue can you please help , to me this looks like a false positive since the code is using pzEncryptURLActionString which should register the url and avoid security issue.
Is the tool at fault or are we missing something.
***Edited by Moderator Marije to add Capability tags***
***Edited by Moderator Marissa to add Support Case Details***
While there was no official response we have since found that this was a false positive. The Access Control Health Check tool relies on 2 regx rules pySafeURLAndActivity and pyReferencingRules , we ended up tuning them to our security concerns .
Since the tuning would be org specific so i'd recommend that you work with your internal security team to refine the regx's to your organization's security needs.
Posted: 6 months ago
Updated: 6 months ago
Posted: 15 Mar 2022 7:41 EDT Updated: 15 Mar 2022 17:08 EDT
Marije Schillern (MarijeSchillern)
Senior Knowledge Management Specialist