Search modifiers

You can use a search modifier to specify to which issue attribute the search term applies. To use a modifier that contains a space in the name, such as the name of the custom tag, you must enclose the modifier in brackets. For example, to search for issues that are new, type [issue age]:new.

A search that is not qualified by a modifier matches the search query based on the following attributes: kingdom, primary rule id, analyzer, filename, severity, class name, function name, instance id, package, confidence, type, subtype, taint flags, category, sink, and source.

The following examples describe using the search with and without applying a search modifier:

To apply the search to all modifiers, type a string such as control flow. This searches all the modifiers and returns any results that contain the "control flow" string.
To apply the search to a specific modifier, type the modifier name and the string as follows: analyzer:control flow. This returns all results detected by the Control Flow Analyzer.

The following table describes the search modifiers. A few modifiers have a shortened modifier name indicated in parentheses. You can use either modifier string.

Search Modifier(Issue Attribute)	Description
`accuracy`	Searches for issues based on the accuracy value specified (0.1 through 5.0).
`analysis`	Searches for issues that have the specified audit analysis value such as `exploitable`, `not an issue`, and so on.
`[analysis type]`	Searches for issues based on the analyzer product such as `SCA` and `WEBINSPECT`.
`analyzer`	Searches the issues for the specified analyzer such as `control flow`, `data flow`, `structural`, and so on.
`[app defender protected]` (`def`)	Searches for issues based on whether Application Defender can protect the vulnerability category (`protected` or `not protected`).
`[attack payload]`	Searches for issues that contain the search term in the part of the request that caused the vulnerability for penetration test results.
`[attack type]`	Searches for issues based on the type of penetration test attack conducted (URL, parameter, header, or cookie).
`audience`	Searches for issues based on intended audience such as `dev`, `targeted`, `medium`, `broad`, and so on. This metadata is legacy information that is no longer used and will be removed in a future release. OpenText recommends that you do not use this search modifier.
`audited`	Searches the issues to find `true` if the primary tag is set and `false` if the primary tag is not set. The default primary tag is the Analysis tag.
`body`	Searches for issues that contain the search term in the HTTP message body in penetration test results, which is all the data that is transmitted immediately following the headers.
`bug`	Searches for issues that contain the search term in the information for the filed bug. This information is discarded each time you restart Fortify Audit Workbench.
`category` (`cat`)	Searches for the specified category or category substring.
`class`	Searches for issues based on the specified class name.
`codesnippet`	Searches for the specified string within the few lines of code that are stored for each vulnerability by default. If code snippets were excluded from the scan results during the analysis, then the search will not return any results.
`comments` (`comment`, `com`)	Searches for issues that contain the search term in the comments added to the issue.
`commentuser`	Searches for issues with comments from a specified user.
`confidence` (`con`)	Searches for issues that have the specified confidence value 0.1 through 5.0 (legacy metadata).
`cookies`	Searches for issues that contain the search term in the cookie from the HTTP query for penetration test results.
`correlated`	Searches for issues based on whether the issues are correlated with another analyzer.
`[correlation group]`	Searches for issues based on whether the issues are in the same correlation group.
`<custom_tagname>`	Searches for issues based on the value of the specified custom tag. You can search a list-type custom tag using a range of values. The values of a list-type custom tag are an enumerated list where the first value is 0, the second is 1, and so on. You can use the search syntax for a range of numbers to search for ranges of list-type custom tag values. For example, `analysis:[0,2]` returns the issues that have the values of the first three analysis values, 0, 1, and 2 (Not an Issue, Reliability Issue, and Bad Practice). To search for a specific date in a date-type custom tag, specify the date in the format: yyyy-mm-dd. To search for issues that have no value set for a custom tag, use `<none>` for the search term. For example, to search for all issues that have no value set in the custom tag labeled Target Date, type: `[Target Date]:<none>`.
`dynamic`	Searches for issues that have the specified dynamic hot spot ranking value.
`[engine priority]`	Searches for issues based on the original priority value determined by the engine that identified the issue.
`file`	Searches for issues where the primary location or sink node function call occurs in the specified file path.
`filetype`	Searches for issues based on the file type such as `asp`, `csharp`, `java`, `jsp`, `xml`, and so on.
`[fortify priority order]`	Searches for issues that have a priority level that matches the specified issue priority. Valid values are `critical`, `high`, `medium`, and `low`.
`headers`	Searches for issues that contain the search term in the request header for penetration test results.
`historyuser`	Searches for issues that have audit data modified by the specified user.
`[http version]`	Searches for issues based on the specified HTTP version such as `HTTP/1.1`.
`impact`	Searches for issues based on the impact value specified (0.1 through 5.0).
`[instance id]`	Searches for an issue based on the specified instance ID.
`[issue age]`	Searches for the issue age, which is `new`, `updated`, `reintroduced`, or `removed`.
`[issue state]`	Searches for audited issues based on whether the issue is an open issue or not an issue (determined by the level of analysis set for the primary tag).
`kingdom`	Searches for all issues in the specified kingdom.
`likelihood`	Searches for issues based on the specified likelihood value (0.1 through 5.0).
`line`	Searches for issues on the primary location line number. For dataflow issues, the value is the sink line number. See also sourceline.
`manual`	Searches for issues that were manually created by penetration test tools, and not automatically produced by a web crawler such as OpenText™ Dynamic Application Security Testing.
`[mapped category]`	Searches for issues based on the specified category that is mapped across the various analyzers (OpenText SAST, OpenText DAST, and OpenText DAST Agent).
`maxconf`	Searches for all issues that have a confidence value equal to or less than the number specified as the search term.
`maxVirtConf`	Searches for dataflow issues that have a virtual call confidence value equal to or less than the number specified as the search term.
`<metadata_listname>`	Searches for issues based on the value of the specified metadata external list. Metadata external lists include `[owasp top ten <year>]`, `[cwe top 25 <version>]`, `[pci ssf <version>]`, `[stig <version>]`, and others.
`method`	Searches for issues based on the method, such as `GET`, `POST`, `DELETE`, and so on.
`minconf`	Searches for all issues that have a confidence value equal to or greater than the number specified as the search term.
`min_virtual_call_confidence` (`virtconf`, `minVirtConf`)	Searches for dataflow issues that have a virtual call confidence value equal to or greater than the number specified as the search term.
`package`	Searches for issues where the primary location occurs in the specified package or namespace. For dataflow issues, the primary location is the sink function.
`parameters`	Searches for issues that contain the search term in the HTTP query parameters.
`primary`	Searches for issues that have the specified primary tag value. By default, the primary tag is the Analysis tag.
`[primary context]`	Searches for issues where the primary location or sink node function call occurs in the specified code context. See also sink and [source context].
`primaryrule` (`rule`)	Searches for all issues related to the specified sink rule.
`probability`	Searches for issues based on the probability value specified (1.0 through 5.0).
`[remediation effort]`	Searches for issues based on the remediation effort value specified. The valid values are whole numbers from 1.0 to 12.0.
`[request id]`	This attribute is not currently used.
`response`	Searches for issues that contain the search term in the response from the protocol used in penetration test results.
`ruleid`	Searches for all issues reported by the specified rule IDs used to generate the issue source, sink and all passthroughs.
`[secondary requests]`	This attribute is not currently used.
`severity` (`sev`)	Searches for issues based on the specified severity value (legacy metadata).
`shortfilename`	Searches for issues where the primary location or sink node function call occurs in file names that contain the specified search term, but not anywhere in its full path. For full path matches, use the modifier file.
`sink`	Searches for issues that have the specified sink function name. See also [primary context].
`source`	Searches for dataflow issues that have the specified source function name. See also [source context].
`[source context]`	Searches for dataflow issues that have the source function call contained in the specified code context. See also source and [primary context].
`sourcefile`	Searches for dataflow issues with the source function call that the specified file contains. See also file.
`sourceline`	Searches for dataflow issues having taint source entering the flow on the specified line. See also line.
`status`	Searches issues that have the status reviewed, not reviewed, or under review.
`suppressed`	Searches for issues based on whether they are suppressed.
`taint`	Searches for issues that have the specified taint flag.
`trace`	Searches for issues that have the specified string in the dataflow trace.
`tracenode`	Enables you to search on the nodes within an issue's analysis trace. Each tracenode search value is a concatenation of the tracenode's file path, line number, and additional information.
`tracenodeAllPaths`	Searches for the specified value in all the steps of analysis trace.
`trigger`	Searches for issues that contain the search term in the part of the response that shows that a vulnerability occurred for penetration test results.
`url`	Searches for issues based on the specified web address.
`user`	Searches for issues assigned to the specified user.