Hello VB.NET developers,
We’re excited to share another major milestone with you. Following our recent support for Go and Kotlin, we’re now bringing our taint analysis technology to VB.NET. With this update, SonarQube (both Server and Cloud editions) can now detect 24 types of injection vulnerabilities in your VB.NET projects helping you keep your code even more secure.
Supported Security Rules
The VB.NET Taint Analysis supports the following 24 rules:
- Database queries should not be vulnerable to injection attacks
- Regular expressions should not be vulnerable to Denial of Service attacks
- XPath expressions should not be vulnerable to injection attacks
- I/O function calls should not be vulnerable to path injection attacks
- LDAP queries should not be vulnerable to injection attacks
- OS commands should not be vulnerable to command injection attacks
- Server-side requests should not be vulnerable to traversing attacks
- Loop boundaries should not be vulnerable to injection attacks
- Connection strings should not be vulnerable to injections attacks
- Memory allocations should not be vulnerable to Denial of Service attacks
- Accessing files should not lead to filesystem oracle attacks
- Environment variables should not be defined from untrusted input
- XML operations should not be vulnerable to injection attacks
- Constructing arguments of system commands from user input is security-sensitive
- Applications should not create session cookies from untrusted input
- Reflection should not be vulnerable to injection attacks
- Extracting archives should not lead to zip slip vulnerabilities
- OS commands should not be vulnerable to argument injection attacks
- Dynamic code execution should not be vulnerable to injection attacks
- NoSQL operations should not be vulnerable to injection attacks
- HTTP request redirections should not be open to forging attacks
- Logging should not be vulnerable to injection attacks
- Server-side requests should not be vulnerable to forging attacks
- Deserialization should not be vulnerable to injection attacks
All these rules are available in SonarQube Server 2025.4 (released in July 2025) and in SonarQube Cloud.
Enjoy
Alex