I was looking at the rules (Sonarcloud) in C++ and C languages and realized that neither of these language have any kind of “Injection” rules available (OWASP top 10 - category) where as languages like C# and PHP have some Injection rules available.
Can someone please help me know where how we can enable these rules for C & C++ as well (as majority of our code is in C++ and C)
Injection flows are very popular in Languages used for web development like PHP. Hence the exhaustive and explicit coverage.
They are existing but are less common and take a different shape, like buffer overflow using tainted access, in languages like C and C++. That is why we don’t currently dedicate a section for them.
We might do that once our coverage is more comprehensive.