Could someone point to where the terms used in filters are defined in the Fortify documentation? I can't find it. For example, when one selects the File System Input filter in the Audit Guide Filters dialog in the Visual Studio Extension, the filter terms visible in the filter tab are:
- If taint contains file_sytem then hide issue
- If taint contains constfile then hide issue
- If taint contains stream then hide issue
- If category is File Access Race Condition then hide issue.
I can infer the meaning of file_system, stream, and file access race condition, but how is constfile defined? Is it a file with extension .txt, or .properties or ???
For a second example, when the Code Quality filter is selected in the Audit Guide Filters dialog in the Visual Studio Extension, the filter terms visible in the filter tab are
- If kingdom contains code quality then hide issue
However, the kingdom contains different issues including non-portable file separator. Is there a taxonomy somewhere in the documentation that explains the hierarchy of kingdoms, conditions and who knows what else? I am not looking for resolution of these examples, but rather a pointer do Fortify documentation.
Thanks in advance for any assistance.
PS - I would like to give kudos to people that have helped me in the past on this board, but for the life of me I can't figure out how.