how can i modify the severity
TimerZz007 opened this issue · comments
i want modify the severity and the solution for some of rules,but i do not know how to do that… is anybody can give me some suggestions,thanks a lot!
Severity (or Priority : Low, Medium, High) is not static in a configuration files. It will vary based on the code context. Most injection are rated medium by default but it become high if the source leading to the sink is tainted (confirmed user-input). It can also be set to low if an incomplete/ slightly risky encoding options is found.
SQL injection is one example.
okay,i get it, thanks