Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzer: warn (and code fix) for use of interpolation in SQL methods accepting raw strings #30965

Closed
Tracked by #22086
roji opened this issue May 24, 2023 · 0 comments · Fixed by #30835
Closed
Tracked by #22086

Analyzer: warn (and code fix) for use of interpolation in SQL methods accepting raw strings #30965

roji opened this issue May 24, 2023 · 0 comments · Fixed by #30835
Labels
area-analyzer area-query closed-fixed The issue has been fixed and is/will be included in the release indicated by the issue milestone. community-contribution type-enhancement
Milestone
8.0.0

Comments

@roji
Copy link
Member

roji commented May 24, 2023

When using overloads accepting FormattableString, interpolated values are sent as SQL parameters; but the raw overloads are vulnerable to SQL injection. Warn about these, and offer to fix to the interpolated versions
@roji roji mentioned this issue May 24, 2023
Open
14 tasks
@roji roji mentioned this issue May 24, 2023
Merged
roji pushed a commit that referenced this issue May 24, 2023
@DoctorKrolic
Add analyzer/codefix for usage of interpolated strings in raw query m…
3df1899 
…ethods (#30835)

Closes #30965
@ajcvickers ajcvickers added the closed-fixed The issue has been fixed and is/will be included in the release indicated by the issue milestone. label May 26, 2023
@ajcvickers ajcvickers added this to the 8.0.0 milestone May 26, 2023
@ajcvickers ajcvickers modified the milestones: 8.0.0, 8.0.0-preview6 May 26, 2023
@ajcvickers ajcvickers modified the milestones: 8.0.0-preview6, 8.0.0 Nov 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-analyzer area-query closed-fixed The issue has been fixed and is/will be included in the release indicated by the issue milestone. community-contribution type-enhancement
Projects
None yet
Milestone
8.0.0
Development

Successfully merging a pull request may close this issue.

Add analyzer/codefix for usage of interpolated strings in raw query methods
2 participants
@ajcvickers @roji