Skip to main content

Similarity ID

Similarity ID is an identifier used to determine if a finding is Recurrent, Fixed, or New. A hashing algorithm generates the Similarity ID, which is then used to compare the results between two scans and identify equivalent ones to expedite the triage process.

The Similarity ID provides labels (State, Severity, Comment, Ticket ID, Assignee) for results across all scans. The Similarity ID is identical if a result in the first scan is equivalent to one in the second. Select the two scans to compare results and click Compare Scans to perform the comparison and review your results as either Recurrent, Fixed, or New.



Results that share the first node, last node, and query ID will be identified as equivalent even if their node paths differ.

Source Node:

  • String representation content: return "UPDATE Users SET Name = '" + name.Text + "' WHERE UID = '" + ViewState["UID"].ToString() + "'";

  • Encapsulating method: private String getQuery()

  • File name: a.cs

  • SimHash of string representation: 854 (approximation)

Sink Node:

  • String representation content: command.ExecuteNonQuery()

  • Encapsulating method: private void doUpdate(String query)

  • File name: a.cs

  • SimHash of string representation: 1015(approximation)

Query ID (SQL Injection in Java) = 594

Similarity ID will be calculated on the 3 data points above.