I’m curious about the Sonacube analysis process.
When analyzing Sonacube, I wonder how the rules are examined. For example, I wonder if sql injection simply checks the code or actually tries it through compilation.
Hi,
The answer is “neither”. Instead, I believe it simulates execution.
Would you mind explaining your interest?
Thx,
Ann