Handle findings in non-debug code

Question

Handle findings in non-debug code

tjarrettveracode opened this issue 4 years ago · 1 comments

We seek to match on source file and line number, but these attributes aren't present for applications scanned without debug symbols (especially common in dependent libraries in .NET).

Update the flaw matching algorithm to fall back to match on non-debug attributes if source file (e.g.) is not present.

Answer 1 · 2021-04-26T20:24:59.000Z

Made changes in commits 43003c0 and da18e99 to handle empty source files. Need to check to see if we can reasonably match in these cases.