How SonarQube traces a SQL injection your AI coding agent produced

SonarQube's taint analysis effectively tracks user-controlled data through an application's codebase to identify and mitigate injection vulnerabilities, such as SQL injections, across multiple files and methods. This approach is critical because AI coding agents often replicate insecure patterns from training data, leading to vulnerabilities like SQL injection, which remains a persistent problem in production code as highlighted by its inclusion in the OWASP Top 10 for over a decade. By building a data flow graph, SonarQube traces how data moves from entry points, such as HTTP request parameters, through various method calls, to potentially dangerous operations, providing detailed execution flow annotations that explain the vulnerability's path. An example illustrates how a SQL injection vulnerability in a Spring Boot application is identified by tracing data from a user input to a SQL query execution without sanitization, prompting a fix with a prepared statement to prevent malicious injections. SonarQube's taint analysis is versatile, applicable to multiple languages and frameworks, and it offers actionable insights for addressing vulnerabilities, thus enhancing code security without requiring developers to navigate away from the issue page.