Ignore Rules
The information in this document applies to version 6.9.14 of Syhunt Hybrid.
Examples:
rule:path=*,checkid=C-1603659845-9557
would prevent any vulnerability with the unique check ID C-1603659845-9557 from being reported.rule:path=*,name=XSS
would prevent any vulnerability with XSS in the title from being reportedrule:path=/demo/*,name=XSS
would prevent any vulnerability with a path starting with /demo/ and XSS in the title from being reportedrule:path=*,"name=Web Technology Disclosure"
would prevent any vulnerability with Web Technology Disclosure in the title from being reported
SAST Examples:
rule:path=/demo.php,lines=10
would prevent any vulnerability in line 10 from being reportedrule:path=/demo.php,"lines=10,11"
would prevent any vulnerability in lines 10 and 11 from being reported
The following parameters can be used as part of a rule:
- path (required) - a wildcard text (which can contain the special characters ? and *) that will be matched against the affected path
- checkid - an ID that will be matched against the vulnerability check ID
- name - a text that will be matched against the vulnerability title
- params - a param name that will be matched against the affected param(s). If multiple params are provided, they must be separated by comma.
- risk - a risk that will be matched against the vulnerability risk (can be low, medium, high or info)
- module - a module name that will be matched against the module that detected the vulnerability (can be dyn or code). If omitted, the rule will work for both Dynamic and Code vulnerabilities
- lines - a number or numbers that will be matched against the affected source code line(s). If multiple lines are provided, they must be separated by comma.
- cve - a CVE ID that will be matched against the vulnerability's CVE references
- cwe - a CWE number that will be matched against the vulnerability's CWE references
Global Rule Creation
You can also create a global rule that applies to all dynamic or code scans:
- Go to the Dynamic Preferences screen ( -> Preferences -> Dynamic Preferences) or go to the Code Preferences screen ( -> Preferences -> Code Preferences).
- Go to the Advanced tab and click the Vulnerabilities... button
- Click the plus button and add using the input dialog a new rule.