Skip to content
This repository has been archived by the owner on Sep 11, 2019. It is now read-only.

False positive Potential SQL injection with MsSQL Data Provider #87

Open
sady4850 opened this issue Aug 22, 2017 · 0 comments
Open

False positive Potential SQL injection with MsSQL Data Provider #87

sady4850 opened this issue Aug 22, 2017 · 0 comments
Labels
false-positive

Comments

@sady4850
Copy link

sady4850 commented Aug 22, 2017
edited by h3xstream
Loading 

    class MyFoo {
        const string stringConst = "";
        void Do() {
            var s = "select * from Products";
            var sqlCommand = new SqlCommand(s + stringConst);
        }
    }

This reports potential sql injection that is not. Note, that there is no warning in case local const.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
false-positive
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@h3xstream @sady4850