<tfoot id='mLVsH'></tfoot>
    <i id='mLVsH'><tr id='mLVsH'><dt id='mLVsH'><q id='mLVsH'><span id='mLVsH'><b id='mLVsH'><form id='mLVsH'><ins id='mLVsH'></ins><ul id='mLVsH'></ul><sub id='mLVsH'></sub></form><legend id='mLVsH'></legend><bdo id='mLVsH'><pre id='mLVsH'><center id='mLVsH'></center></pre></bdo></b><th id='mLVsH'></th></span></q></dt></tr></i><div id='mLVsH'><tfoot id='mLVsH'></tfoot><dl id='mLVsH'><fieldset id='mLVsH'></fieldset></dl></div>

    • <bdo id='mLVsH'></bdo><ul id='mLVsH'></ul>
  1. <small id='mLVsH'></small><noframes id='mLVsH'>

    1. <legend id='mLVsH'><style id='mLVsH'><dir id='mLVsH'><q id='mLVsH'></q></dir></style></legend>

      Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理

      Sonarqube indicates violation of csharpsquid:S3649 - User-provided values should be sanitized before use in SQL statements(Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理)
      <tfoot id='DDcmT'></tfoot>
        <tbody id='DDcmT'></tbody>
      • <legend id='DDcmT'><style id='DDcmT'><dir id='DDcmT'><q id='DDcmT'></q></dir></style></legend>

          • <bdo id='DDcmT'></bdo><ul id='DDcmT'></ul>

            1. <small id='DDcmT'></small><noframes id='DDcmT'>

              <i id='DDcmT'><tr id='DDcmT'><dt id='DDcmT'><q id='DDcmT'><span id='DDcmT'><b id='DDcmT'><form id='DDcmT'><ins id='DDcmT'></ins><ul id='DDcmT'></ul><sub id='DDcmT'></sub></form><legend id='DDcmT'></legend><bdo id='DDcmT'><pre id='DDcmT'><center id='DDcmT'></center></pre></bdo></b><th id='DDcmT'></th></span></q></dt></tr></i><div id='DDcmT'><tfoot id='DDcmT'></tfoot><dl id='DDcmT'><fieldset id='DDcmT'></fieldset></dl></div>

              1. 本文介绍了Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                问题描述

                在我们的代码的 sonarqube 扫描中,我发现了一些违反 csharpsquid:S3649 的问题 - 用户提供的值在用于 SQL 语句之前应该进行清理.我认为我的代码是合规的,其他人能否解释一下为什么它被标记为不合规?

                In a sonarqube scan of our code, I have a number of violations of csharpsquid:S3649 - User-provided values should be sanitized before use in SQL statements. I think that my code is compliant, can anyone else shed some light as to why this is flagged as non-compliant?

                string connectionString = DatabaseContext.GetiXDataConnectionString();
                
                string sql = "SELECT UserID FROM SystemUsers " +
                             "Where WindowsLogonName = @WindowsLogon and DomainName = @WindowsDomain and " +
                              "[Disabled] = 0";
                
                using (SqlConnection conn = new SqlConnection(connectionString))
                {
                 conn.Open();
                
                 using (SqlCommand cmd = new SqlCommand(sql, conn))
                 {
                  cmd.Parameters.Add(new SqlParameter("@WindowsLogon", windowsUsername));
                  cmd.Parameters.Add(new SqlParameter("@WindowsDomain", userDomain));
                  object queryResult = cmd.ExecuteScalar();
                
                  if (queryResult != null)
                     return queryResult.ToString();
                  }
                }
                

                推荐答案

                报错是因为sql 变量不是常量.如果您将代码更改为(这通常不是一件坏事),问题就会消失:

                It complains because the sql variable is not a constant. The issue will disappear if you change your code to (which in general is not a bad thing):

                <代码>常量字符串 sql = "..." + "..." + "...";

                S3649 是一个非常简单的规则,当执行的 SQL 不是常量字符串时引发.它远非真正的污点分析检查,但它可以捕捉到最简单、最明显的错误.

                S3649 is a very simple rule that raises when the executed SQL is not constant string. It is far from a real taint analysis check, but it can catch the simplest and most obvious mistakes.

                这篇关于Sonarqube 表示违反 csharpsquid:S3649 - 用户提供的值应在用于 SQL 语句之前进行清理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

                相关文档推荐

                Adding and removing users from Active Directory groups in .NET(在 .NET 中的 Active Directory 组中添加和删除用户)
                set equality in linq(在 linq 中设置相等)
                HashSet conversion to List(HashSet 转换为 List)
                How to set timeout for webBrowser navigate event(如何为 webBrowser 导航事件设置超时)
                Test whether two IEnumerablelt;Tgt; have the same values with the same frequencies(测试两个IEnumerablelt;Tgt;具有相同频率的相同值)
                How do you determine if two HashSets are equal (by value, not by reference)?(您如何确定两个 HashSet 是否相等(按值,而不是按引用)?)

                  <tbody id='73jEV'></tbody>

                    <small id='73jEV'></small><noframes id='73jEV'>

                    <i id='73jEV'><tr id='73jEV'><dt id='73jEV'><q id='73jEV'><span id='73jEV'><b id='73jEV'><form id='73jEV'><ins id='73jEV'></ins><ul id='73jEV'></ul><sub id='73jEV'></sub></form><legend id='73jEV'></legend><bdo id='73jEV'><pre id='73jEV'><center id='73jEV'></center></pre></bdo></b><th id='73jEV'></th></span></q></dt></tr></i><div id='73jEV'><tfoot id='73jEV'></tfoot><dl id='73jEV'><fieldset id='73jEV'></fieldset></dl></div>

                    <tfoot id='73jEV'></tfoot>

                    1. <legend id='73jEV'><style id='73jEV'><dir id='73jEV'><q id='73jEV'></q></dir></style></legend>

                      • <bdo id='73jEV'></bdo><ul id='73jEV'></ul>