We have a translation module that takes on the PHP backend a string and checks in a json file the mapped translated value. Regretfully Sonar marks all these translation lookups as a vulnerability, it will be a lot of work to try and manually override these vulnerabilities/false positives. Is there anything you can do about it?
Btw when I open this file seperately it doens’t show this as a security issue, only when other files are calling this function its highlighted as: Refactor this code to not reflect tainted, user-controlled data.
Moreover the exact same code in the our other repo does not highlight this as a security issue.