Added Cap::DATA_EXFIL and taint fp and fn fixes on real repos (#59)

* feat: Enhance data exfiltration detection with source sensitivity gating for cookies and headers

* feat: Implement cross-file data exfiltration detection with parameter-specific gate filters

* feat: Add calibration tests and refine DATA_EXFIL severity scoring logic

* feat: Introduce per-detector configuration for data exfiltration suppression

* feat: Enhance DATA_EXFIL findings with destination field tracking in diagnostics and SARIF output

* feat: Add tainted body and URL handling for data exfiltration detection

* feat: Add integration tests and fixtures for DATA_EXFIL and SSRF detection in Go

* feat: Add Java integration tests and fixtures for DATA_EXFIL detection across multiple HTTP clients

* feat: Add synthetic externals handling for closure-captured variables in SSA

* feat: Implement closure-based suppression for resource leak findings

* feat: Add regression guards for shell-injection and taint propagation in for-of destructure patterns

* feat: Implement constructor cap narrowing for data exfiltration detection in HTTP request builders

* feat: Add gated sinks for data exfiltration detection in C and C++ using curl_easy_setopt

* feat: Implement DATA_EXFIL cap parity for backwards analysis and add integration tests

* feat: Add data exfiltration sinks for various languages and enhance documentation

* refactor: Simplify formatting and improve readability in various files

* refactor: Improve readability by simplifying conditional statements and adding clippy linting

* docs: Update CHANGELOG and comments for data exfiltration features and configuration

* docs: Clarify configuration instructions for data exfiltration trusted destinations

* docs: Enhance comments for evidence routing logic in data exfiltration

src/server/owasp.rs

@@ -104,6 +104,14 @@ pub fn issue_categories(
 }
 
 fn issue_category_label(rule_id: &str) -> &'static str {
+    // `taint-data-exfiltration` and the legacy `taint-unsanitised-flow`
+    // share the `taint` family token, but the exfil class targets a
+    // different threat (sensitive data leaving the trust boundary, not
+    // attacker payload entering it).  Surface it as its own bucket so the
+    // dashboard category badge matches the rule semantics.
+    if rule_id.starts_with("taint-data-exfiltration") {
+        return "Data Exfiltration";
+    }
     match extract_family(rule_id) {
         "sqli" => "SQL Injection",
         "xss" => "Cross-Site Scripting",
@@ -221,6 +229,26 @@ mod tests {
         assert_eq!(out[2].count, 2);
     }
 
+    #[test]
+    fn issue_category_label_routes_data_exfil_to_dedicated_bucket() {
+        // `taint-data-exfiltration` shares the `taint` family token with
+        // `taint-unsanitised-flow`, but exfil findings need their own
+        // dashboard badge so analysts can pivot on the leak class.
+        assert_eq!(
+            issue_category_label("taint-data-exfiltration"),
+            "Data Exfiltration"
+        );
+        assert_eq!(
+            issue_category_label("taint-data-exfiltration (source 1:1)"),
+            "Data Exfiltration"
+        );
+        // Generic taint findings stay in the broader bucket.
+        assert_eq!(
+            issue_category_label("taint-unsanitised-flow"),
+            "Tainted Flow"
+        );
+    }
+
     #[test]
     fn issue_category_label_recognises_simple_families() {
         assert_eq!(