find-sec-bugs / find-sec-bugs

i want modify the severity and the solution for some of rules，but i do not know how to do that… is anybody can give me some suggestions，thanks a lot！

Severity (or Priority : Low, Medium, High) is not static in a configuration files. It will vary based on the code context. Most injection are rated medium by default but it become high if the source leading to the sink is tainted (confirmed user-input). It can also be set to low if an incomplete/ slightly risky encoding options is found.

SQL injection is one example.

find-sec-bugs/findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/injection/sql/SqlInjectionDetector.java

Lines 42 to 50 in e8c41d2

    
           protected int getPriority(Taint taint) { 
        
               if (!taint.isSafe() && taint.hasTag(Taint.Tag.SQL_INJECTION_SAFE)) { 
        
                   return Priorities.IGNORE_PRIORITY; 
        
               } else if (!taint.isSafe() && taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) { 
        
                   return Priorities.LOW_PRIORITY; 
        
               } else { 
        
                   return super.getPriority(taint); 
        
               } 
        
           }

okay,i get it, thanks

	protected int getPriority(Taint taint) {
	if (!taint.isSafe() && taint.hasTag(Taint.Tag.SQL_INJECTION_SAFE)) {
	return Priorities.IGNORE_PRIORITY;
	} else if (!taint.isSafe() && taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) {
	return Priorities.LOW_PRIORITY;
	} else {
	return super.getPriority(taint);
	}
	}

how can i modify the severity