<tfoot id='mLVsH'></tfoot>
    <i id='mLVsH'><tr id='mLVsH'><dt id='mLVsH'><q id='mLVsH'><span id='mLVsH'><b id='mLVsH'><form id='mLVsH'><ins id='mLVsH'></ins><ul id='mLVsH'></ul><sub id='mLVsH'></sub></form><legend id='mLVsH'></legend><bdo id='mLVsH'><pre id='mLVsH'><center id='mLVsH'></center></pre></bdo></b><th id='mLVsH'></th></span></q></dt></tr></i><div id='mLVsH'><tfoot id='mLVsH'></tfoot><dl id='mLVsH'><fieldset id='mLVsH'></fieldset></dl></div>

    • <bdo id='mLVsH'></bdo><ul id='mLVsH'></ul>
  1. <small id='mLVsH'></small><noframes id='mLVsH'>

    1. <legend id='mLVsH'><style id='mLVsH'><dir id='mLVsH'><q id='mLVsH'></q></dir></style></legend>

      Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理

      时间:2023-10-24
      <tfoot id='DDcmT'></tfoot>
        <tbody id='DDcmT'></tbody>
      • <legend id='DDcmT'><style id='DDcmT'><dir id='DDcmT'><q id='DDcmT'></q></dir></style></legend>

          • <bdo id='DDcmT'></bdo><ul id='DDcmT'></ul>

            1. <small id='DDcmT'></small><noframes id='DDcmT'>

              <i id='DDcmT'><tr id='DDcmT'><dt id='DDcmT'><q id='DDcmT'><span id='DDcmT'><b id='DDcmT'><form id='DDcmT'><ins id='DDcmT'></ins><ul id='DDcmT'></ul><sub id='DDcmT'></sub></form><legend id='DDcmT'></legend><bdo id='DDcmT'><pre id='DDcmT'><center id='DDcmT'></center></pre></bdo></b><th id='DDcmT'></th></span></q></dt></tr></i><div id='DDcmT'><tfoot id='DDcmT'></tfoot><dl id='DDcmT'><fieldset id='DDcmT'></fieldset></dl></div>

              1. 本文介绍了Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                问题描述

                在我们的代码的 sonarqube 扫描中,我发现了一些违反 csharpsquid:S3649 的问题 - 用户提供的值在用于 SQL 语句之前应该进行清理.我认为我的代码是合规的,其他人能否解释一下为什么它被标记为不合规?

                In a sonarqube scan of our code, I have a number of violations of csharpsquid:S3649 - User-provided values should be sanitized before use in SQL statements. I think that my code is compliant, can anyone else shed some light as to why this is flagged as non-compliant?

                string connectionString = DatabaseContext.GetiXDataConnectionString();
                
                string sql = "SELECT UserID FROM SystemUsers " +
                             "Where WindowsLogonName = @WindowsLogon and DomainName = @WindowsDomain and " +
                              "[Disabled] = 0";
                
                using (SqlConnection conn = new SqlConnection(connectionString))
                {
                 conn.Open();
                
                 using (SqlCommand cmd = new SqlCommand(sql, conn))
                 {
                  cmd.Parameters.Add(new SqlParameter("@WindowsLogon", windowsUsername));
                  cmd.Parameters.Add(new SqlParameter("@WindowsDomain", userDomain));
                  object queryResult = cmd.ExecuteScalar();
                
                  if (queryResult != null)
                     return queryResult.ToString();
                  }
                }
                

                推荐答案

                报错是因为sql 变量不是常量.如果您将代码更改为(这通常不是一件坏事),问题就会消失:

                It complains because the sql variable is not a constant. The issue will disappear if you change your code to (which in general is not a bad thing):

                <代码>常量字符串 sql = "..." + "..." + "...";

                S3649 是一个非常简单的规则,当执行的 SQL 不是常量字符串时引发.它远非真正的污点分析检查,但它可以捕捉到最简单、最明显的错误.

                S3649 is a very simple rule that raises when the executed SQL is not constant string. It is far from a real taint analysis check, but it can catch the simplest and most obvious mistakes.

                这篇关于Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                上一篇:sonarqube 中的 C# 项目 下一篇:使用 Gallio 从 VS2012 运行 vstest

                相关文章

                <small id='73jEV'></small><noframes id='73jEV'>

                <i id='73jEV'><tr id='73jEV'><dt id='73jEV'><q id='73jEV'><span id='73jEV'><b id='73jEV'><form id='73jEV'><ins id='73jEV'></ins><ul id='73jEV'></ul><sub id='73jEV'></sub></form><legend id='73jEV'></legend><bdo id='73jEV'><pre id='73jEV'><center id='73jEV'></center></pre></bdo></b><th id='73jEV'></th></span></q></dt></tr></i><div id='73jEV'><tfoot id='73jEV'></tfoot><dl id='73jEV'><fieldset id='73jEV'></fieldset></dl></div>

                <tfoot id='73jEV'></tfoot>

                1. <legend id='73jEV'><style id='73jEV'><dir id='73jEV'><q id='73jEV'></q></dir></style></legend>

                  • <bdo id='73jEV'></bdo><ul id='73jEV'></ul>