Advanced SAST missing C# SQL Injection

Proposal

Currently SQL Injections are missed in C# scans. This aims to add a ruleset to detect this type of weakness.

From Meir:

Most probably we don't cover this case in our rules. Can you please open an issue for that?

Example project: https://gitlab.com/regrabneffop-ultimate/TestProject/-/blob/master/WebApplication1/WebApplication1/Program.cs#L36

Vulnerability Report with Missing Vulnerability: https://gitlab.com/regrabneffop-ultimate/TestProject/-/pipelines/1500684101/security

Vulnerability Report with Vulnerability: https://gitlab.com/regrabneffop-ultimate/TestProject/-/pipelines/1584442831/security (after fix was implemented)

https://documentation.blackduck.com/bundle/remediation/page/CWE-89_c\_.html