Unable to detect SQL Injection Issue

hkelectric-apj-001d · January 7, 2025, 8:54am

Must-share information (formatted with Markdown):

Community Edition Version 9.9 (build 65466)
Deploy on Azure Cloud VM.
Able to detect issues related to SQL Injection.

I made a simple web application to scan for vulnerabilities.

Colin · January 8, 2025, 10:46am

SQL Injection vulnerabilities cannot be detected with SonarQube’s Community Build – those capabilities are available in SonarQube Server Developer Edition+, or all tiers of SonarQube Cloud.

I wanted to test this out in SonarQube Cloud, but it looks like the sample project you attached doesn’t contain the code you shared a screenshot of.

hkelectric-apj-001d · January 13, 2025, 6:12am

demoproject.zip (2.3 MB)

Sorry, my mistake. I have re-uploaded the sample code.

Colin · January 13, 2025, 8:52am

You can see this code raises plenty of SQL Injection issues on SonarQube Cloud – SonarQube Cloud

These are the same rules applied in SonarQube Server Developer Edition +!