Is it possible to write a custom rule to address Semantic categeory findings?
Specifically for "SQL Injection" and "Process Control" findings?
The use of mysql_stmt_prepare() raises an "SQL Injection" finding and the use of dlopen() raises a "Process Control" finding (both, understandably so). These two findings are in the Semantic vulnerability category. I have tried writing custom rules to addresses these findings, but have not succeeded. Am I correct in thinking that it simply is not possble to write a custom rule for findings in the Semantic category?