SQL Taint rules missing in Sonar (SQL Injection)

We are missing SQL taint rules in Sonar.

We are migrating from Coverity to Sonar and we have observed for example this kind of high impact security issues are not detected in Sonar. What can we do to detect such issues in Sonar. We are using Sonarqube enterprise 9.9 version

Issue snipped covered by Coverity but not Sonar.
sql_taint: Insecure concatenation of a SQL statement. The value X is tainted.
Perform one of the following to guard against SQL injection attacks.

  • Parameterize the SQL statement, binding tainted values to parameters within the statement.
  • Validate user-supplied values against predefined constant values. Concatenate these constant values into the SQL statement.
  • Cast tainted values to safe types such as integers. Concatenate these type safe values into the statement.

Hey there.

I suggest you include a full code sample where you expect an issue to be raised (or where Coverity is raising an issue) but Sonar iis not.