This repository was archived by the owner on Sep 11, 2019. It is now read-only.
This repository was archived by the owner on Sep 11, 2019. It is now read-only.
False positive Potential SQL injection with MsSQL Data Provider #87
Description
class MyFoo {
const string stringConst = "";
void Do() {
var s = "select * from Products";
var sqlCommand = new SqlCommand(s + stringConst);
}
}This reports potential sql injection that is not. Note, that there is no warning in case local const.