Hi!
I have carried out an analysis on a project that has the following code:
It does not detect any vulnerabilities or any security hostpots. The next rule, shouldn’t it test positive?
Below is the project information and the versions of sonarqube and sonarscanner used.
Language: C#
Use: Sonarqube community 9.9.0.65466
SonarScanner for MSBuild 5.8
Thank you very much in advance,
Ioritz
Hey there.
Thanks for the report. In the future, please provide a text-based snippet of code, rather than a screenshot.
Are you using Microsoft.Data.SqlClient? There’s a known false-negative tracked here: FN S2077: Add support for Microsoft SqlClient Data Provider for SQL Server · Issue #6205 · SonarSource/sonar-dotnet · GitHub
Thank you very much for your response, Colin.
I forgot to include the code in the text. I am attaching a Github repository with the vulnerability commented. The vulnerability is located between lines 73-100.
I am using the Microsoft.Data.SqlClient library. It seems that there is a false negative reported for that library. Hopefully, they will fix it as soon as possible.
Thanks again!
