ejohn20
commented
5 years ago Looks like a false positive that should be suppressed. We can file this and see if the code block analyzer can be enhanced to address the reassignment locally.
Open projectrvce opened 5 years ago
ejohn20
commented
5 years ago Looks like a false positive that should be suppressed. We can file this and see if the code block analyzer can be enhanced to address the reassignment locally.
Consider the following code snippet:
string id1 = Console.ReadLine(); string query1 = "Select from families where id = "+id1; SqlCommand cmd = new SqlCommand(query1); //shows diagnostic since id1 is tainted query1 = "select from families"; // query1 redefined SqlCommand cmd1 = new SqlCommand(query1); //still shows diagnostic even though query1
doesnt have any user input now(redefined) i.e if the querystring(query) has tainted value and is redefined, it still considers the first assigned value. Can you please let me know how to resolve this issue ? It would be great help for our project. Thanks in advance!!!