Unable to detect SQL Injection Issue

hkelectric-apj-001d · January 7, 2025, 8:54am

Must-share information (formatted with Markdown):

Community Edition Version 9.9 (build 65466)
Deploy on Azure Cloud VM.
Able to detect issues related to SQL Injection.

I made a simple web application to scan for vulnerabilities.

Colin · January 8, 2025, 10:46am

SQL Injection vulnerabilities cannot be detected with SonarQube’s Community Build – those capabilities are available in SonarQube Server Developer Edition+, or all tiers of SonarQube Cloud.

I wanted to test this out in SonarQube Cloud, but it looks like the sample project you attached doesn’t contain the code you shared a screenshot of.

hkelectric-apj-001d · January 13, 2025, 6:12am

demoproject.zip (2.3 MB)

Sorry, my mistake. I have re-uploaded the sample code.

Colin · January 13, 2025, 8:52am

You can see this code raises plenty of SQL Injection issues on SonarQube Cloud – SonarQube Cloud

These are the same rules applied in SonarQube Server Developer Edition +!

Topic		Replies	Views
Does sonarqube detect sql injection vulerabilities? SonarQube Server / Community Build sonarqube	2	618	February 2, 2023
SonarQube isn't detecting SQL injection coding issues SonarQube Server / Community Build sonarqube , scanner	1	19	February 28, 2025
Sonarqube not detecting SQL injection in Java code SonarQube Server / Community Build	2	1136	March 25, 2021
Developer edition not picking up SQL injections SonarQube Server / Community Build plsql , sonarqube , security	6	65	September 18, 2024
Does SonarQube detect SQL injection vulnerabilities in Community Edition? SonarQube Server / Community Build python	1	2502	October 29, 2023

Unable to detect SQL Injection Issue

Related topics