Apr 09, 2019 06:24 AM|Ackerly Xu|LINK
Hi demoninside9 ,
According to your code, you have used a stored procedure or a parameterized SQL query, and your variable procName will not from user's input.
So you could omit this warning.
If you don't want to see this warning, you could right click the warning , select suppress choose either of two options(global or in source).
Then you will not see this warning.
Below is what you could see when choosing in source
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA2100:Review SQL queries for security vulnerabilities")]
public int Insert_Update_Delete(string procName, Hashtable parms)
Below is what you could see when choosing global in GlobalSuppressions.cs.
[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA2100:Review SQL queries for security vulnerabilities", Scope = "member", Target = "WebFormCases2.sqldbexe.DBHelper.#GetDatatable(System.String)")]
You could also change the ruleset for analysis.
Right click your project , choose properties, choose code analysis , then click open, expand managed binary analysis, then uncheck CA2100.
Then use ctrl + S to save the ruleset , a ruleset file should appear at root path of your project. If you want to change this ruleset ,just delete it or edit it.