In addition to the general global variables that users pass input to a PHP script via HTTP, methods and functions can also pass user modifiable values. Such functions are often provided by a framework or library. The Java as well as the PHP engine have already integrated many of these functions and methods of frameworks (list of supported Java and PHP frameworks).
This means that the code that defines the functions and methods does not necessarily have to be analyzed. In case a source was missed during analysis or in case the source is not defined within the analyzed code, additional sources of user input from functions, methods, properties, or objects can be configured in this section. For each source, please specify the source type and the corresponding name. Please refer to the code examples for further details.
Adding all sources of an application ensures that only parts of an application can be scanned and still all sensitive data flows are detected.
Supported Source Types
Adding a PHP function as source
Adding a Java method as source