Tainted Sink in output #25
Description
How to get the tainted sink for a vulnerability in output from the signatures.yaml file?
For Example, if subprocess.call() is a tainted sink as configured in the signatures file, from where I can fetch the sink subprocess.call(...) to view in output(either json or sarif)?