Open DavidJFowler opened 8 months ago
Thank you for reporting this issue. The reason for not finding the SQL injection is that we don't have any models for Azure Functions, so we don't find the req
parameter as a flow source. I created an internal issue to model Azure Function libraries.
Description of the issue
CodeQL scan is not picking up SQL Injection vulnerability in the following Azure Function trigger:
Tested in GitHub actions and also locally using CLI: