IBM / ibm-cos-sdk-java

Privacy.DataLeakage :

Source: org.apache.http.HttpEntity.getContent():InputStream via CRC32ChecksumResponseInterceptor:78

Sink: org.apache.http.protocol.HttpContext.setAttribute(String;Object):void via CRC32ChecksumResponseInterceptor:77

Hi, our SAST(AppScan) reports this vulnerability from COS jar.. can you please check if this is a valid issue and needs any change..

This code applies only to the upstream JSON protocol that COS does not support:

Line 39 in e74a8c1

    
           // Only Json protocol has this header, we only wrap CRC32ChecksumCalculatingInputStream in json protocol clients.

.

SAST : Privacy.DataLeakage