hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: Exclude Microsoft.Data.SqlClient.SqlCommand from the best effort SqlSink creation.

Browse Source
This commit is contained in:
Michael Nebel
2025-06-25 14:59:10 +02:00
parent ed7f68279f
commit f3eafd33ff
2 changed files with 5 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
csharp/ql/test/query-tests/Security Features/CWE-089-2/SqlInjection.expected
View File

@@ -1,21 +1,11 @@
#select
| SqlInjection.cs:19:42:19:52 | access to local variable queryString | SqlInjection.cs:18:21:18:29 | access to property Text : String | SqlInjection.cs:19:42:19:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:18:21:18:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:28:42:28:52 | access to local variable queryString | SqlInjection.cs:27:21:27:38 | call to method ReadLine : String | SqlInjection.cs:28:42:28:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:27:21:27:38 | call to method ReadLine : String | this read from stdin |
edges
| SqlInjection.cs:17:21:17:31 | access to local variable queryString : String | SqlInjection.cs:19:42:19:52 | access to local variable queryString | provenance | |
| SqlInjection.cs:18:21:18:29 | access to property Text : String | SqlInjection.cs:17:21:17:31 | access to local variable queryString : String | provenance | |
| SqlInjection.cs:26:21:26:31 | access to local variable queryString : String | SqlInjection.cs:28:42:28:52 | access to local variable queryString | provenance | |
| SqlInjection.cs:27:21:27:38 | call to method ReadLine : String | SqlInjection.cs:26:21:26:31 | access to local variable queryString : String | provenance | Src:MaD:1 |
models
| 1 | Source: System; Console; false; ReadLine; ; ; ReturnValue; stdin; manual |
nodes
| SqlInjection.cs:17:21:17:31 | access to local variable queryString : String | semmle.label | access to local variable queryString : String |
| SqlInjection.cs:18:21:18:29 | access to property Text : String | semmle.label | access to property Text : String |
| SqlInjection.cs:19:42:19:52 | access to local variable queryString | semmle.label | access to local variable queryString |
| SqlInjection.cs:26:21:26:31 | access to local variable queryString : String | semmle.label | access to local variable queryString : String |
| SqlInjection.cs:27:21:27:38 | call to method ReadLine : String | semmle.label | call to method ReadLine : String |
| SqlInjection.cs:28:42:28:52 | access to local variable queryString | semmle.label | access to local variable queryString |
subpaths
testFailures
| SqlInjection.cs:18:53:18:81 | // ... | Missing result: Source[cs/sql-injection] |
| SqlInjection.cs:19:56:19:83 | // ... | Missing result: Alert[cs/sql-injection] |
| SqlInjection.cs:20:56:20:83 | // ... | Missing result: Alert[cs/sql-injection] |
| SqlInjection.cs:27:62:27:90 | // ... | Missing result: Source[cs/sql-injection] |
| SqlInjection.cs:28:56:28:83 | // ... | Missing result: Alert[cs/sql-injection] |
| SqlInjection.cs:29:56:29:83 | // ... | Missing result: Alert[cs/sql-injection] |