There are a few cases where anonymous functions are used in reported findings. The current tool misreports them either as third-party, or, if their signature matches a declared function, yields a false-positive.
In theory, these could be tracked, if the anonymous function being used appears as an argument in a function declaration. That would allow us to match up the function signatures and consider each anonymous function declared in the codebase with a matching signature as a candidate "declaration". We could then trace any calls found whose signature matches the argument with the candidate declarations.
This probably won't be implemented as it's a substantial change, but it's a possibility in case we find a lot of reports that could use it.
There are a few cases where anonymous functions are used in reported findings. The current tool misreports them either as third-party, or, if their signature matches a declared function, yields a false-positive.
In theory, these could be tracked, if the anonymous function being used appears as an argument in a function declaration. That would allow us to match up the function signatures and consider each anonymous function declared in the codebase with a matching signature as a candidate "declaration". We could then trace any calls found whose signature matches the argument with the candidate declarations.
This probably won't be implemented as it's a substantial change, but it's a possibility in case we find a lot of reports that could use it.