User controlled value gets propagated even though it should be whitelisted


I am on a project that uses sonarQube for Code Analysis and we struggle getting rid of blockers with respect to propagated user data.

In the attached code snipped we included an if statement to whitelist the parameter ‘date’ which is a user controlled value. However the report still complains in item 6 and 7 (see code snippet) that user controlled data is propagated. Why does SnoarQube still think it is a critical issue even though the situation should be mitigated by whitelisting.


Welcome to the community!

Would you mind specifying the language and rule, please?