Taint Analysis

[ShriShalini]

Puma gives false positives at times. In the following example:

string sq = "select * from tab";
SqlCommand sqll = new SqlCommand(sq);
SqlDataAdapter sqa = new SqlDataAdapter(sqll);

I tried modifying the SqlCommandInjectionObjectCreationExpressionAnalyzer.cs for detecting and raising warnings if the first argument of SqlCommand and SqlDataAdapter are tainted. So if they are tainted , diagnostics are raised properly. String "sq" in this case is not tainted. But still diagnostics are raised for SqlDataAdapter.

[ejohn20]

This is likely something that can be handled in the general code block analyzer. @meadisu27 and I can take a look at this to see if this FP can be eliminated.

[ShriShalini]

I am stuck at this for quite some time. So any help is appreciated!

[ejohn20]

For now, I would recommend suppressing the false positive. We'll see if we can address this in a future release. @meadisu27 any recommendation on the best place in the code block analyzer to look at for fixing this across the board instead of in the sql expression analyzer specifically?

[meadisu27]

Is the issue here trying to get warnings raised on the SqlDataAdapter? As it appears the code block analyzer is correctly suppressing the warning for the SqlCommand.