Replies: 1 comment
-
I didn't work with MVC for quite a long time, but how is the Update: My bad, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello. For the example bellow SCS is not finding any vulnerability because of the use of an interface (I think so). Is there a way to configure the analyzer to propagate the taint to the concrete implementation of the interface in any way, or is it possible at all?
If we change the type of
_sampleRepository
:from
private ISampleRepository _sampleRepository = new SampleRepository();
to
private SampleRepository _sampleRepository = new SampleRepository();
the analyzer will report a vulnerability at
new SampleContext().Database.ExecuteSqlCommand(input);
Beta Was this translation helpful? Give feedback.
All reactions