If the style is to rely on external code to do input validation, then I think that should be in the javadocs as well as on the page you mention.
Claude On Tue, Oct 15, 2019 at 10:59 AM sebb <seb...@gmail.com> wrote: > It might be useful to add a note to the commons security page about > automated vulnerability checkers. > > These tend to produce a lot of false positives and may report items > which could never be a security issue (e.g. poor code style, dead > code). > > Even if the issue is potentially a vulnerability, it often depends on > the context. > This is particularly true of Commons - the code generally relies on > the application to do validation of input parameters. > > Thoughts? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- I like: Like Like - The likeliest place on the web <http://like-like.xenei.com> LinkedIn: http://www.linkedin.com/in/claudewarren
