Evaluation of SonarLint

a2stein · October 4, 2023, 12:48pm

Hi,

Operating system: Window 11
SonarLint plugin version: 7.3.0.77872
Programming language you’re coding in: C#
Is connected mode used: No

I started evaluation of SonarLint. We don’t have SonarCube or SonarCloud at the moment, so I am using disconnected mode. I tried some of the examples in the rules overview for C# ( C# static code analysis (sonarsource.com)), but none of them seems to provide the expected results.

E.g. the following snippet does not produce a result although SonarLint analysed it:

        static object GetData(string user)
        {
            // TODO

            var sql = $"select * from dbo.users where user = '{user}'";
            using (var cn = new SqlConnection())
            {
                cn.Open();
                using (var cmd = new SqlCommand(sql, cn))
                {
                    var result = cmd.ExecuteScalar();
                    return result;
                }
            }
        }

Is there something I am doing wrong?

ganncamp · October 5, 2023, 4:16pm

Hi,

Welcome to the community!

Could you share what rule(s) you expected to see an issue from? Not all rules are run in SonarLint (on purpose!). So I want to check if it is one of those.

Ann

a2stein · October 18, 2023, 1:44pm

Hi,

thanks for your warm welcome and your reply to my post.

My understanding from the SonarLint features that the rules linked there are all evaluated by SonarLint. After scrolling down the complete description of “Dynamic code execution should not be vulnerable to injection attacks” I found this hint:

Thanks you, my question is answered.

Thank you very much.

Michael

system · October 25, 2023, 1:45pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.