Does SonarQube detect SQL injection vulnerabilities in Community Edition?

253074 · October 28, 2023, 4:54pm

Hi, I would like to ask whether SonarQube detects SQL injection vulnerabilities in such popular examples as in python3:

cursor.execute("SELECT admin FROM users WHERE username = '" + username + '");
cursor.execute("SELECT admin FROM users WHERE username = '%s' % username);
cursor.execute("SELECT admin FROM users WHERE username = '{}'".format(username));
cursor.execute(f"SELECT admin FROM users WHERE username = '{username}'");

Unfortunately, it does not detect these vulnerabilities for me and I wonder if the error is on my side or maybe this version does not support the detection of this type of attacks.

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
sonarqube-10.2.1.78527
Community Edition
how is SonarQube deployed: zip, Docker, Helm
zip

acalero · October 29, 2023, 12:30pm

Hi! Welcome to Sonar Community!

Yes, of course, you can detect issues on that code. But you should upgrade your edition to at least Developer Edition to have all the rules for Taint Analysis and Injection Flaws, and deeper SAST.

There are a few rules in Community Edition related to security that may detect something in the samples you provide, like this one:

Formatting SQL queries is security sensitive

But if you want to know all the rules available take a look at this site:
https://rules.sonarsource.com

There you can search for any rule and language and check for availability.

Best regards.