Draft: support C# DbBatch (since .NET 6.0) (!111) · Merge requests · GitLab.org / security-products / sast-rules

Tomo Masakura requested to merge masakura/sast-rules:csharp-batch-command into main Dec 28, 2022

DbBatch has been added since .NET 6.

var batch = new NpgsqlBatch(new NpgsqlConnection());
batch.BatchCommands.Add(new NpgsqlBatchCommand("select count(*) from customers where id = " + id));
var count = batch.ExecuteScalar();

Like DbCommand, DbBatchCommand is also vulnerable to SQL Injection.

Draft: support C# DbBatch (since .NET 6.0)

Merge request reports