G201 G202 is not check

[onepiece-dz]

Summary

G201 G202 is not check. risk code:
func GetUserByID(id string) ([]User, error) {
var users []User
// 直接拼接字符串生成 SQL 查询，存在注入风险
db2.Raw(fmt.Sprintf("SELECT * FROM users WHERE id = '%s'", id)).Find(&users)

_, _ = GetUserByID2(db2, id)
return users, nil

}

func GetUserByID2(db *gorm.DB, id string) ([]User, error) {
var users []User
// 直接拼接查询字符串，存在注入风险
db.Raw("SELECT * FROM users WHERE id = " + id + "").Find(&users)
return users, nil
}

Steps to reproduce the behavior

gosec version

v2

Go version (output of 'go version')

Operating system / Environment

Expected behavior

Actual behavior

[ccojocar]

This rule only supports the standard library. Not sure from which module/package the db2.Raw is originating.