Drop the rule S3649

[dbolkensteyn]

The following rule as currently implemented in SonarCSharp is generating too many false-positives:

• RSPEC-3649 SQL queries should not be vulnerable to injection attacks

It is about to be re-implemented using the taint analysis technique in SonarSecurity, for which we expect better results. However, because the same rule key will be re-used, it is a pre-requisite to first remove it from SonarCSharp prior to be able to ship SonarSecurity in SonarQube 7.2.

[agigleux]

It also means SonarC# 7.2 (the version match is a coincidence) must be released before SonarQube 7.2 so that SonarC# can be embedded into it without S3649.

[dbolkensteyn]

Of course @agigleux , and most importantly we need the UCFG producing code to be released as well

[Evangelink]

We will need to fix the FIX ME inside CSharpSonarWayProfileTest.java after this ticket is done.

[dbolkensteyn]

@Evangelink can you add a link to that FIXME? I don't see any in CSharpSonarWayProfileTest.java nor CSharpSonarWayProfile.java

[Evangelink]

@dbolkensteyn It's linked to @benzonico PR that's about to be merged.

[benzonico]

@Evangelink I would expect the FIXME to be removed by dropping the rule. The drop of the rule should lead this test to fail and as such to be fixed.