Entity Framework calling stored procs async and Checkmarx

  • Thread starter Thread starter Cheesebread
  • Start date Start date
C

Cheesebread

Guest
Our company recently discovered Checkmarx and started testing existing applications. In the generated report, Checkmarx is reporting a SQL Injection issue. We are using Entity Framework 6 and we have code performing existing Stored Proc calls using

context.Database.SqlQuery<[RESPONSEOBJECT]>(query).ToListAsync();

where query is a string and looks like

"EXEC [STOREDPROCNAME]"

Admittedly there are a couple like $"EXEC [STOREDPROCNAME] '{param}'"

Question If I needed to execute the .SqlQuery method to leverage the procs and the ToListAsync(), how would I get this past Checkmarx review? We could go backwards and add every proc to the .edmx manually (a scaffold-dbcontext would be even better). This is EF 6.


Thank you


Thank you.

Continue reading...
 
Back
Top