-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Flow sensitive analysis #58
Labels
Comments
Looks like a false positive that should be suppressed. We can file this and see if the code block analyzer can be enhanced to address the reassignment locally. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Consider the following code snippet:
string id1 = Console.ReadLine();
string query1 = "Select *from families where id = "+id1;
SqlCommand cmd = new SqlCommand(query1); //shows diagnostic since id1 is tainted
query1 = "select *from families"; // query1 redefined
SqlCommand cmd1 = new SqlCommand(query1); //still shows diagnostic even though query1
doesnt have any user input now(redefined)
i.e if the querystring(query) has tainted value and is redefined, it still considers the first assigned value.
Can you please let me know how to resolve this issue ? It would be great help for our project.
Thanks in advance!!!
The text was updated successfully, but these errors were encountered: