This code does not trigger jssecurity:S3649 check.(it should do)
Simply copied from the rule’s example.
var db = require('./mysql/dbConnection.js');
function (req, res) {
var name = req.query.name; // user controlled input
var password = crypto.createHash('sha256').update(req.query.password).digest('base64');
var sql = "select * from user where name = '" + name + "' and password = '" + password + "'";
db.query(sql, function(err, result) { // Noncompliant
// something
})
}
Rules are enabled.
But do not trigger.
There are attachments of code and scan-log.
sonar-scanner-X.log (33.8 KB)
demo.js.txt (401 Bytes)
We use Developer Edition.
- Developer Edition
- Version 8.9.6 (build 50800)