pumasecurity / puma-scan

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.
https://www.pumascan.com
Mozilla Public License 2.0
446 stars 79 forks source link

Flow sensitive analysis #58

Open projectrvce opened 5 years ago

projectrvce commented 5 years ago

Consider the following code snippet:

string id1 = Console.ReadLine(); string query1 = "Select from families where id = "+id1; SqlCommand cmd = new SqlCommand(query1); //shows diagnostic since id1 is tainted query1 = "select from families"; // query1 redefined SqlCommand cmd1 = new SqlCommand(query1); //still shows diagnostic even though query1
doesnt have any user input now(redefined) i.e if the querystring(query) has tainted value and is redefined, it still considers the first assigned value. Can you please let me know how to resolve this issue ? It would be great help for our project. Thanks in advance!!!

ejohn20 commented 5 years ago

Looks like a false positive that should be suppressed. We can file this and see if the code block analyzer can be enhanced to address the reassignment locally.