unpwnddocs
Open app

Source → sink traces

conceptsUpdated Jul 2026

A source → sink trace is the evidence behind a finding — the exact path a value takes from where it enters your code to the dangerous operation it eventually reaches.

From entry point to sink

Every finding shows that path hop by hop, across files and functions, down to the file and line at each step — from the untrusted source (a request parameter, an upload, anything outside your code's control) to the dangerous sink it reaches (a query, a shell call, a redirect). Each finding is also classified against CWE and the OWASP Top 10.

Why a trace, not just a score

A bare severity score asks you to take a finding on faith. A trace lets you review the actual reasoning — you can follow the same path unpwnd did and judge for yourself whether it's exploitable, instead of starting from a black-box number.