The summary displays all code lines relevant to a particular issue that can span over many function calls and files. The background colors of the code lines have the following meaning:
- Grey: The origin of the user-supplied data.
- Orange: The user-supplied data was concatenated into the specified markup.
- Red: Sensitive sink of the vulnerability that executes the tainted data as a parameter.
Clicking on a code line opens that particular file and line in the codeviewer.
Clicking on a user-defined function opens the function definition in the codeviewer.
Common programming mistakes make the developer believe that he has filtered and intercepted possible malicious user input.
To avoid misinterpreting an issue as a false positive, the code summary displays such errors as pitfalls.
These are blue underlined in the code and explained with an info box above the code.
Examples of common pitfalls
String formatting pitfall
Wrong converting sanitizer in attribute context