...
Some considerations when muting at Defect-specific Level
When you select a defect to mute, you can decide whether to mute "by line number" or "by source code".
If you mute a defect "by line number", bear in mind that modifying the line number where that defect appears (by adding/removing lines before the defect line) will make the defect appear again.
Instead, if you mute that defect "by textsource code", you can freely add/remove lines before that defect, the defect will be silenced as long as the source line text does not change.
When you mute a defect "by textsource code", there's a condition that you must bear in mind:
- If, for example, you get 3 defects in different lines but the source code line is equal in all those defects, if you mute one of them "by textsource code", the side-effect is that all three will be muted as well
.. This is a side-effect you mut know because the mute-engine cannot distinguish between them (the source code line is the same for all of them, and the line numer is not considered)
Finally, when the defect is an injection Vulnerability (i.e. a defect coming from a injenction Security rule), the defect is uniquely identified by three factors: the sink, the source and the propagatin propagation path.
Then, if you select the source to mute, the mute window will show to you both the sink and source code lines.
In this case, if you mute "by line number", the defect will be muted based on line numbers of sink and source code lines. As above, if line numbers of sink or source change, the mute will not be applied and the defect will rise again.
But, if you mute "by textsource code", the mute applied to the source code of the sink, the source and the propagation path. That means that although the sink and source code lines do not change, any change in the propagation path will be considered as a new defect and the mute will dissapear.
...