Sboxr captures and displays every step involved in the journey of potentially untrusted data from the Source to the Sink that causes Code Evaluation.

Sometimes the same data is used in multiple steps, in these cases to simplify the display of data Sboxr will group all such duplicate data into one Tainted data. An index is assigned to this Tainted Data and clicking on the Tainted data step will take you to another section of the page where all the details of the Tainted data are present.

Tainted data are given an id, starting from 1. In complex cases you will find more than one Tainted data, so this id is used to differentiate them.