We are using Sonarqube Community Edition Version 8.7 with Sonar way Java built in profile as default rules. Below is the Java code having SQL injection issue:
String query = String.format(“select CPROD from table_name where CUSERID_WEBSEAL = ‘%s’”, username);
But the Sonarqube does not detect and report the SQL injection issue.
Can some one guide as to why the SQL injection issue is not reported?