CodeQL, C# SQL Injection and detecting that input is validated or sanitized

Question

Can CodeQL recognize that a SQL injection attack is prevented through input sanitization for C#?

It looks like this is possible with Java

        // OK: validate the input first
        {
            String category = args[1];
            Validation.checkIdentifier(category);
            Statement statement = connection.createStatement();
            String query1 = "SELECT ITEM,PRICE FROM PRODUCT WHERE ITEM_CATEGORY='"
                    + category + "' ORDER BY PRICE";
            ResultSet results = statement.executeQuery(query1);
        }

but I haven't been able to find a similar example for C#.

Under normal circumstances of course I would prefer to use bind variables but there are some edge cases where this is not possible.

For example, the Databricks ODBC driver fails with bind variables in non-trivial queries

Is there a solution that will let CodeQL recognize input validation for SQL statements in C#?

So do you have sanitization in your code but CodeQL is not recognizing it and that is why you are asking? In that case it might be best to raise this as issue on https://github.com/github/codeql, I guess — Marcono1234, Aug 02 '23 at 22:58

CodeQL, C# SQL Injection and detecting that input is validated or sanitized

0 Answers0