Unable to detect SQL Injection Issue

Must-share information (formatted with Markdown):

  • Community Edition Version 9.9 (build 65466)
  • Deploy on Azure Cloud VM.
  • Able to detect issues related to SQL Injection.

I made a simple web application to scan for vulnerabilities.

dotnet6AAD (1).zip (140.6 KB)

Hey @hkelectric-apj-001d

SQL Injection vulnerabilities cannot be detected with SonarQube’s Community Build – those capabilities are available in SonarQube Server Developer Edition+, or all tiers of SonarQube Cloud.

I wanted to test this out in SonarQube Cloud, but it looks like the sample project you attached doesn’t contain the code you shared a screenshot of.

demoproject.zip (2.3 MB)

Sorry, my mistake. I have re-uploaded the sample code.

You can see this code raises plenty of SQL Injection issues on SonarQube Cloud – SonarQube Cloud

These are the same rules applied in SonarQube Server Developer Edition +!