C
Cheesebread
Guest
Our company recently discovered Checkmarx and started testing existing applications. In the generated report, Checkmarx is reporting a SQL Injection issue. We are using Entity Framework 6 and we have code performing existing Stored Proc calls using
context.Database.SqlQuery<[RESPONSEOBJECT]>(query).ToListAsync();
where query is a string and looks like
"EXEC [STOREDPROCNAME]"
Admittedly there are a couple like $"EXEC [STOREDPROCNAME] '{param}'"
Question If I needed to execute the .SqlQuery method to leverage the procs and the ToListAsync(), how would I get this past Checkmarx review? We could go backwards and add every proc to the .edmx manually (a scaffold-dbcontext would be even better). This is EF 6.
Thank you
Thank you.
Continue reading...
context.Database.SqlQuery<[RESPONSEOBJECT]>(query).ToListAsync();
where query is a string and looks like
"EXEC [STOREDPROCNAME]"
Admittedly there are a couple like $"EXEC [STOREDPROCNAME] '{param}'"
Question If I needed to execute the .SqlQuery method to leverage the procs and the ToListAsync(), how would I get this past Checkmarx review? We could go backwards and add every proc to the .edmx manually (a scaffold-dbcontext would be even better). This is EF 6.
Thank you
Thank you.
Continue reading...