IBM AppScan has thrown the error Validation Required while scanning my app for the following code:-
return Arrays.asList(System.getenv("PATH").split(":"));
I am not sure why the error is thrown. Could it be a false positive ? Can I use
System.getProperty("java.class.path")
AppScan is reporting validation issue as you are getting variable value from the source which is outside the app. According to IBM AppScan rules, all the strings values from outside the apps should be validated. If you are sure that nobody will change PATH value, you can say it is a false positive.