Ioritz1993
(Ioritz Urrestarazu Simon)
March 1, 2023, 6:12pm
1
Hi!
I have carried out an analysis on a project that has the following code:
It does not detect any vulnerabilities or any security hostpots. The next rule, shouldn’t it test positive?
Below is the project information and the versions of sonarqube and sonarscanner used.
Language: C#
Use: Sonarqube community 9.9.0.65466
SonarScanner for MSBuild 5.8
Thank you very much in advance,
Ioritz
1 Like
Colin
(Colin)
March 2, 2023, 3:59pm
2
Hey there.
Thanks for the report. In the future, please provide a text-based snippet of code, rather than a screenshot.
Are you using Microsoft.Data.SqlClient
? There’s a known false-negative tracked here: FN S2077: Add support for Microsoft SqlClient Data Provider for SQL Server · Issue #6205 · SonarSource/sonar-dotnet · GitHub
1 Like
Ioritz1993
(Ioritz Urrestarazu Simon)
March 3, 2023, 3:22pm
3
Thank you very much for your response, Colin.
I forgot to include the code in the text. I am attaching a Github repository with the vulnerability commented. The vulnerability is located between lines 73-100.
I am using the Microsoft.Data.SqlClient library. It seems that there is a false negative reported for that library. Hopefully, they will fix it as soon as possible.
Thanks again!
1 Like
system
(system)
Closed
March 10, 2023, 3:23pm
4
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.