Developers often use sanitization functions in their application source code to sanitize user input for common attacks such as SQL Injection (SQLi). If you use sanitization functions, you want ShiftLeft to ignore vulnerabilities that have a sanitization function in the dataflow when analyzing your application.
The process is:
For additional information, refer to the articles:
Add the following directive to the new Policy file
IMPORT io.shiftleft/defaultIMPORT io.shiftleft/defaultdictTAG "CHECK" METHOD -f "javax.servlet.http.HttpServletRequest.setAttribute:void(java.lang.String,java.lang.Object)"
setAttribute is the actual method signature of the sanitization function.
The last line instructs ShiftLeft to add a
check tag to all flows which contain a function that matches the method signature defined with the