-
Notifications
You must be signed in to change notification settings - Fork 228
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
1 parent
544369e
commit 3475861
Showing
6 changed files
with
80 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
.../tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries.Net46.MonoSqlLite.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
using System; | ||
using System.Linq; | ||
using Mono.Data.Sqlite; | ||
|
||
public class Sample | ||
{ | ||
string ConstQuery = ""; | ||
|
||
void Compliant(SqliteConnection connection) | ||
{ | ||
var command = new SqliteCommand(); // Compliant | ||
command = new SqliteCommand(connection); // Compliant | ||
var adapter = new SqliteDataAdapter(); // Compliant | ||
} | ||
|
||
void Foo(SqliteConnection connection, string query, SqliteTransaction transaction, params object[] parameters) | ||
{ | ||
var command = new SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection); // Noncompliant | ||
command = new SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}"); // Noncompliant | ||
command = new SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection, transaction); // Noncompliant | ||
var adapter = new SqliteDataAdapter(string.Concat(query, parameters), connection); // Noncompliant | ||
adapter = new SqliteDataAdapter(string.Concat(query, parameters), "connection"); // Noncompliant | ||
} | ||
|
||
// https://github.com/SonarSource/sonar-dotnet/issues/7261 | ||
void Reproduce_7261(string connectionString, string query) | ||
{ | ||
string sql = "select * from table where query = '" + query + "';"; // Secondary [adapter, command] | ||
|
||
using (SqliteConnection connection = new SqliteConnection(connectionString)) | ||
{ | ||
connection.Open(); | ||
|
||
var adapter = new SqliteDataAdapter(sql, connection); // Noncompliant [adapter] | ||
var command = new SqliteCommand(sql, connection); // Noncompliant [command] | ||
} | ||
} | ||
} |
21 changes: 21 additions & 0 deletions
21
.../tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries.Net46.MonoSqlLite.vb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
Imports System | ||
Imports System.Linq | ||
Imports Mono.Data.Sqlite | ||
|
||
Public Class Sample | ||
Private ConstQuery As String = "" | ||
|
||
Private Sub Compliant(ByVal connection As SqliteConnection) | ||
Dim command = New SqliteCommand() ' Compliant | ||
command = New SqliteCommand(connection) ' Compliant | ||
Dim adapter = New SqliteDataAdapter() ' Compliant | ||
End Sub | ||
|
||
Private Sub Foo(ByVal connection As SqliteConnection, transaction As SqliteTransaction, ByVal query As String, ParamArray parameters As Object()) | ||
Dim command = New SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection) ' Noncompliant | ||
command = New SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant | ||
command = New SqliteCommand($"SELECT * FROM mytable WHERE mycol={query}", connection, transaction) ' Noncompliant | ||
Dim adapter = New SqliteDataAdapter(String.Concat(query, parameters), connection) ' Noncompliant | ||
adapter = New SqliteDataAdapter(String.Concat(query, parameters), "connection") ' Noncompliant | ||
End Sub | ||
End Class |