From 21018727011ec2c80c96bfd15ebe91fb1ebabc50 Mon Sep 17 00:00:00 2001
From: Costin Zaharia <costin.zaharia@sonarsource.com>
Date: Thu, 20 Jan 2022 14:25:18 +0100
Subject: [PATCH 1/3] Cleanup around ExecutingSqlQueries

---
 .../Rules/Hotspots/ExecutingSqlQueries.cs     |  5 +-
 .../Rules/Hotspots/ExecutingSqlQueriesBase.cs | 67 +++++++++----------
 .../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 54 +++++++--------
 3 files changed, 61 insertions(+), 65 deletions(-)

diff --git a/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs b/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs
index 96150e1c75e..ada9e461477 100644
--- a/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs
+++ b/analyzers/src/SonarAnalyzer.CSharp/Rules/Hotspots/ExecutingSqlQueries.cs
@@ -71,8 +71,7 @@ protected override Location SecondaryLocationForExpression(ExpressionSyntax node
                 return Location.None;
             }
 
-            if (node.Parent is EqualsValueClauseSyntax equalsValueClause
-                && equalsValueClause.Parent is VariableDeclaratorSyntax declarationSyntax)
+            if (node.Parent is EqualsValueClauseSyntax {Parent: VariableDeclaratorSyntax declarationSyntax})
             {
                 return declarationSyntax.Identifier.GetLocation();
             }
@@ -95,7 +94,7 @@ private static bool AllConstants(IEnumerable<ArgumentSyntax> arguments, Semantic
         private static bool IsConcatenationOfConstants(BinaryExpressionSyntax binaryExpression, SemanticModel semanticModel)
         {
             System.Diagnostics.Debug.Assert(binaryExpression.IsKind(SyntaxKind.AddExpression), "Binary expression should be of syntax kind add expression.");
-            if ((semanticModel.GetTypeInfo(binaryExpression).Type is ITypeSymbol) && binaryExpression.Right.HasConstantValue(semanticModel))
+            if ((semanticModel.GetTypeInfo(binaryExpression).Type != null) && binaryExpression.Right.HasConstantValue(semanticModel))
             {
                 var nestedLeft = binaryExpression.Left;
                 var nestedBinary = nestedLeft as BinaryExpressionSyntax;
diff --git a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
index dd7d7837244..6f5bd046eaf 100644
--- a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
+++ b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
@@ -29,7 +29,7 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
         where TExpressionSyntax : SyntaxNode
         where TIdentifierNameSyntax : SyntaxNode
     {
-        protected const string DiagnosticId = "S2077";
+        private const string DiagnosticId = "S2077";
         private const string AssignmentWithFormattingMessage = "SQL Query is dynamically formatted and assigned to {0}.";
         private const string AssignmentMessage = "SQL query is assigned to {0}.";
         private const string MessageFormat = "Make sure using a dynamically formatted SQL query is safe here.";
@@ -38,11 +38,12 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
 
         private readonly KnownType[] constructorsForFirstArgument =
             {
-                KnownType.Microsoft_EntityFrameworkCore_RawSqlString,
-                KnownType.System_Data_SqlClient_SqlCommand,
-                KnownType.System_Data_SqlClient_SqlDataAdapter,
                 KnownType.System_Data_Odbc_OdbcCommand,
                 KnownType.System_Data_Odbc_OdbcDataAdapter,
+                KnownType.System_Data_SqlClient_SqlCommand,
+                KnownType.System_Data_SqlClient_SqlDataAdapter,
+                KnownType.System_Data_Sqlite_SqliteCommand,
+                KnownType.System_Data_Sqlite_SQLiteDataAdapter,
                 KnownType.System_Data_SqlServerCe_SqlCeCommand,
                 KnownType.System_Data_SqlServerCe_SqlCeDataAdapter,
                 KnownType.System_Data_OracleClient_OracleCommand,
@@ -51,52 +52,51 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
                 KnownType.MySql_Data_MySqlClient_MySqlDataAdapter,
                 KnownType.MySql_Data_MySqlClient_MySqlScript,
                 KnownType.Microsoft_Data_Sqlite_SqliteCommand,
-                KnownType.System_Data_Sqlite_SqliteCommand,
-                KnownType.System_Data_Sqlite_SQLiteDataAdapter,
+                KnownType.Microsoft_EntityFrameworkCore_RawSqlString
             };
 
         private readonly KnownType[] constructorsForSecondArgument =
             {
-                KnownType.MySql_Data_MySqlClient_MySqlScript,
+                KnownType.MySql_Data_MySqlClient_MySqlScript
             };
 
         private readonly MemberDescriptor[] invocationsForFirstTwoArguments =
             {
-                new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"),
-                new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand"),
-                new MemberDescriptor(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql"),
+                new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommandAsync"),
+                new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlCommand"),
+                new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql")
             };
 
         private readonly MemberDescriptor[] invocationsForFirstArgument =
             {
-                new MemberDescriptor(KnownType.System_Data_Sqlite_SqliteCommand, "Execute"),
+                new(KnownType.System_Data_Sqlite_SqliteCommand, "Execute")
             };
 
         private readonly MemberDescriptor[] invocationsForSecondArgument =
             {
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRow"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRowAsync"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataset"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDatasetAsync"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQuery"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQueryAsync"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReader"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReaderAsync"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalar"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalarAsync"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSet"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSetAsync"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRow"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataRowAsync"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDataset"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteDatasetAsync"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQuery"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteNonQueryAsync"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReader"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteReaderAsync"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalar"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "ExecuteScalarAsync"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSet"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlHelper, "UpdateDataSetAsync")
             };
 
         private readonly MemberDescriptor[] properties =
             {
-                new MemberDescriptor(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"),
-                new MemberDescriptor(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"),
-                new MemberDescriptor(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"),
-                new MemberDescriptor(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText"),
-                new MemberDescriptor(KnownType.MySql_Data_MySqlClient_MySqlCommand, "CommandText"),
-                new MemberDescriptor(KnownType.Microsoft_Data_Sqlite_SqliteCommand, "CommandText"),
-                new MemberDescriptor(KnownType.System_Data_Sqlite_SqliteCommand, "CommandText"),
+                new(KnownType.System_Data_Odbc_OdbcCommand, "CommandText"),
+                new(KnownType.System_Data_OracleClient_OracleCommand, "CommandText"),
+                new(KnownType.System_Data_SqlClient_SqlCommand, "CommandText"),
+                new(KnownType.System_Data_Sqlite_SqliteCommand, "CommandText"),
+                new(KnownType.System_Data_SqlServerCe_SqlCeCommand, "CommandText"),
+                new(KnownType.Microsoft_Data_Sqlite_SqliteCommand, "CommandText"),
+                new(KnownType.MySql_Data_MySqlClient_MySqlCommand, "CommandText")
             };
 
         protected abstract TExpressionSyntax GetArgumentAtIndex(InvocationContext context, int index);
@@ -113,10 +113,7 @@ protected override void Initialize(TrackerInput input)
             var inv = Language.Tracker.Invocation;
             inv.Track(input,
                 inv.MatchMethod(invocationsForFirstTwoArguments),
-                inv.And(
-                    MethodHasRawSqlQueryParameter(),
-                    inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))
-                ),
+                inv.And(MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))),
                 inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
 
             TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex);
@@ -161,7 +158,7 @@ private void TrackObjectCreation(TrackerInput input, KnownType[] objectCreationT
             t.Track(input,
                 t.MatchConstructor(objectCreationTypes),
                 t.ArgumentAtIndexIs(argumentIndex, KnownType.System_String),
-                    c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c),
+                c => IsTracked(GetArgumentAtIndex(c, argumentIndex), c),
                 t.ExceptWhen(t.ArgumentAtIndexIsConst(argumentIndex)));
         }
 
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
index 5b574c7f916..5a6b16d2838 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
@@ -33,22 +33,23 @@ namespace SonarAnalyzer.UnitTest.Rules
     [TestClass]
     public class ExecutingSqlQueriesTest
     {
+        private readonly VerifierBuilder builderCs = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
+        private readonly VerifierBuilder builderVb = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
+
 #if NETFRAMEWORK // System.Data.OracleClient.dll is not available on .Net Core
 
         [TestMethod]
         public void ExecutingSqlQueries_CS_Net46() =>
-            OldVerifier.VerifyAnalyzer(
-                @"TestCases\Hotspots\ExecutingSqlQueries_Net46.cs",
-                new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
-                GetReferencesNet46(Constants.NuGetLatestVersion));
+            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
+                .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
+                .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_VB_Net46() =>
-            OldVerifier.VerifyAnalyzer(
-                @"TestCases\Hotspots\ExecutingSqlQueries_Net46.vb",
-                new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
-                ParseOptionsHelper.FromVisualBasic15,
-                GetReferencesNet46(Constants.NuGetLatestVersion));
+            builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
+                .WithOptions(ParseOptionsHelper.FromVisualBasic15)
+                .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
+                .Verify();
 
         internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServerCeVersion) =>
             NetStandardMetadataReference.Netstandard
@@ -63,33 +64,32 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ
 
         [TestMethod]
         public void ExecutingSqlQueries_CS_NetCore() =>
-            OldVerifier.VerifyAnalyzer(
-                @"TestCases\Hotspots\ExecutingSqlQueries_NetCore.cs",
-                new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
-                ParseOptionsHelper.FromCSharp8,
-                GetReferencesNetCore(Constants.DotNetCore220Version));
+            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.cs")
+                .WithOptions(ParseOptionsHelper.FromCSharp8)
+                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+                .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CSharp9() =>
-            OldVerifier.VerifyAnalyzerFromCSharp9Console(
-                @"TestCases\Hotspots\ExecutingSqlQueries.CSharp9.cs",
-                new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
-                GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()));
+            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
+                .WithTopLevelStatements()
+                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+                .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CSharp10() =>
-            OldVerifier.VerifyAnalyzerFromCSharp10Console(
-                @"TestCases\Hotspots\ExecutingSqlQueries.CSharp10.cs",
-                new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
-                GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()));
+            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
+                .WithOptions(ParseOptionsHelper.FromCSharp10)
+                .WithTopLevelStatements()
+                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+                .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_VB_NetCore() =>
-            OldVerifier.VerifyAnalyzer(
-                @"TestCases\Hotspots\ExecutingSqlQueries_NetCore.vb",
-                new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled),
-                ParseOptionsHelper.FromVisualBasic15,
-                GetReferencesNetCore(Constants.DotNetCore220Version));
+            builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.vb")
+                .WithOptions(ParseOptionsHelper.FromVisualBasic15)
+                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+                .Verify();
 
         internal static IEnumerable<MetadataReference> GetReferencesNetCore(string entityFrameworkVersion) =>
             Enumerable.Empty<MetadataReference>()

From f63cb8e85bf8ee8c5472415391098506a163320c Mon Sep 17 00:00:00 2001
From: Costin Zaharia <costin.zaharia@sonarsource.com>
Date: Fri, 21 Jan 2022 09:43:21 +0100
Subject: [PATCH 2/3] Add test cases with the latest version of
 EntityFrameworkCore

---
 .../Rules/Hotspots/ExecutingSqlQueriesBase.cs |  12 ++
 .../Trackers/VisualBasicInvocationTracker.cs  |   2 +-
 .../Common/SecurityHotspotTest.cs             |   4 +-
 .../Rules/Hotspots/ExecutingSqlQueriesTest.cs |  48 +++++---
 ...ecutingSqlQueries_EntityFrameworkCore2.cs} |   0
 ...ecutingSqlQueries_EntityFrameworkCore2.vb} |   0
 ...ingSqlQueries_EntityFrameworkCoreLatest.cs |  96 ++++++++++++++++
 ...ingSqlQueries_EntityFrameworkCoreLatest.vb | 104 ++++++++++++++++++
 8 files changed, 250 insertions(+), 16 deletions(-)
 rename analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/{ExecutingSqlQueries_NetCore.cs => ExecutingSqlQueries_EntityFrameworkCore2.cs} (100%)
 rename analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/{ExecutingSqlQueries_NetCore.vb => ExecutingSqlQueries_EntityFrameworkCore2.vb} (100%)
 create mode 100644 analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs
 create mode 100644 analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb

diff --git a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
index 6f5bd046eaf..a90dc62cae8 100644
--- a/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
+++ b/analyzers/src/SonarAnalyzer.Common/Rules/Hotspots/ExecutingSqlQueriesBase.cs
@@ -67,6 +67,13 @@ public abstract class ExecutingSqlQueriesBase<TSyntaxKind, TExpressionSyntax, TI
                 new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSql")
             };
 
+        private readonly MemberDescriptor[] invocationsForFirstTwoArgumentsAfterV2 =
+            {
+                new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlRaw"),
+                new(KnownType.Microsoft_EntityFrameworkCore_RelationalDatabaseFacadeExtensions, "ExecuteSqlRawAsync"),
+                new(KnownType.Microsoft_EntityFrameworkCore_RelationalQueryableExtensions, "FromSqlRaw")
+            };
+
         private readonly MemberDescriptor[] invocationsForFirstArgument =
             {
                 new(KnownType.System_Data_Sqlite_SqliteCommand, "Execute")
@@ -116,6 +123,11 @@ protected override void Initialize(TrackerInput input)
                 inv.And(MethodHasRawSqlQueryParameter(), inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1))),
                 inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
 
+            inv.Track(input,
+                inv.MatchMethod(invocationsForFirstTwoArgumentsAfterV2),
+                inv.Or(ArgumentAtIndexIsTracked(0), ArgumentAtIndexIsTracked(1)),
+                inv.ExceptWhen(inv.ArgumentAtIndexIsConstant(0)));
+
             TrackInvocations(input, invocationsForFirstArgument, FirstArgumentIndex);
             TrackInvocations(input, invocationsForSecondArgument, SecondArgumentIndex);
 
diff --git a/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs b/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs
index 883665f1978..808b936aec0 100644
--- a/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs
+++ b/analyzers/src/SonarAnalyzer.VisualBasic/Trackers/VisualBasicInvocationTracker.cs
@@ -29,7 +29,7 @@ namespace SonarAnalyzer.Helpers.Trackers
     public class VisualBasicInvocationTracker : InvocationTracker<SyntaxKind>
     {
         protected override ILanguageFacade<SyntaxKind> Language => VisualBasicFacade.Instance;
-        protected override SyntaxKind[] TrackedSyntaxKinds { get; } = new[] { SyntaxKind.InvocationExpression };
+        protected override SyntaxKind[] TrackedSyntaxKinds { get; } = { SyntaxKind.InvocationExpression };
 
         public override Condition ArgumentAtIndexIsConstant(int index) =>
             context => ((InvocationExpressionSyntax)context.Node).ArgumentList is { } argumentList
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs
index eefdd027ccd..f23d2cc1e3e 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Common/SecurityHotspotTest.cs
@@ -85,7 +85,7 @@ private static string GetTestCaseFileName(string analyzerName) =>
                 "UsingCookies" => "UsingCookies_Net46",
                 "LooseFilePermissions" => "LooseFilePermissions.Windows",
 #else
-                "ExecutingSqlQueries" => "ExecutingSqlQueries_NetCore",
+                "ExecutingSqlQueries" => "ExecutingSqlQueries_EntityFrameworkCoreLatest",
                 "UsingCookies" => "UsingCookies_NetCore",
                 "LooseFilePermissions" => "LooseFilePermissions.Unix",
                 "PermissiveCors" => "PermissiveCors.Net",
@@ -120,7 +120,7 @@ private static IEnumerable<MetadataReference> GetAdditionalReferences(string ana
                 nameof(UsingRegularExpressions) => MetadataReferenceFacade.RegularExpressions,
 #if NET
                 nameof(DisablingCsrfProtection) => DisablingCsrfProtectionTest.AdditionalReferences(),
-                nameof(ExecutingSqlQueries) => ExecutingSqlQueriesTest.GetReferencesNetCore(Constants.DotNetCore220Version),
+                nameof(ExecutingSqlQueries) => ExecutingSqlQueriesTest.GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion),
                 nameof(LooseFilePermissions) => NuGetMetadataReference.MonoPosixNetStandard(),
                 nameof(PermissiveCors) => PermissiveCorsTest.AdditionalReferences,
                 nameof(UsingCookies) => UsingCookies.GetAdditionalReferencesForNetCore(Constants.DotNetCore220Version),
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
index 5a6b16d2838..644c3acc2b8 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
@@ -40,13 +40,15 @@ public class ExecutingSqlQueriesTest
 
         [TestMethod]
         public void ExecutingSqlQueries_CS_Net46() =>
-            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
+            builderCs
+                .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
                 .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_VB_Net46() =>
-            builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
+            builderVb
+                .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
                 .WithOptions(ParseOptionsHelper.FromVisualBasic15)
                 .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
                 .Verify();
@@ -63,35 +65,55 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ
 #else
 
         [TestMethod]
-        public void ExecutingSqlQueries_CS_NetCore() =>
-            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.cs")
+        public void ExecutingSqlQueries_CS_EntityFrameworkCore2() =>
+            builderCs
+                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.cs")
                 .WithOptions(ParseOptionsHelper.FromCSharp8)
-                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+                .AddReferences(GetReferencesEntityFrameworkNetCore("2.2.6"))
+                .Verify();
+
+        [TestMethod]
+        public void ExecutingSqlQueries_CS_EntityFrameworkCoreLatest() =>
+            builderCs
+                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.cs")
+                .WithOptions(ParseOptionsHelper.FromCSharp8)
+                .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CSharp9() =>
-            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
+            builderCs
+                .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
                 .WithTopLevelStatements()
-                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+                .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CSharp10() =>
-            builderCs.AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
+            builderCs
+                .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
                 .WithOptions(ParseOptionsHelper.FromCSharp10)
                 .WithTopLevelStatements()
-                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+                .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
+                .Verify();
+
+        [TestMethod]
+        public void ExecutingSqlQueries_VB_EntityFrameworkCore2() =>
+            builderVb
+                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.vb")
+                .WithOptions(ParseOptionsHelper.FromVisualBasic15)
+                .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version))
                 .Verify();
 
         [TestMethod]
-        public void ExecutingSqlQueries_VB_NetCore() =>
-            builderVb.AddPaths(@"Hotspots\ExecutingSqlQueries_NetCore.vb")
+        public void ExecutingSqlQueries_VB_EntityFrameworkCoreLatest() =>
+            builderVb
+                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.vb")
                 .WithOptions(ParseOptionsHelper.FromVisualBasic15)
-                .AddReferences(GetReferencesNetCore(Constants.DotNetCore220Version))
+                .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
                 .Verify();
 
-        internal static IEnumerable<MetadataReference> GetReferencesNetCore(string entityFrameworkVersion) =>
+        internal static IEnumerable<MetadataReference> GetReferencesEntityFrameworkNetCore(string entityFrameworkVersion) =>
             Enumerable.Empty<MetadataReference>()
                       .Concat(NuGetMetadataReference.MicrosoftEntityFrameworkCore(entityFrameworkVersion))
                       .Concat(NuGetMetadataReference.MicrosoftEntityFrameworkCoreRelational(entityFrameworkVersion));
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.cs b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.cs
similarity index 100%
rename from analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.cs
rename to analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.cs
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.vb b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.vb
similarity index 100%
rename from analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_NetCore.vb
rename to analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCore2.vb
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs
new file mode 100644
index 00000000000..aceda2bec7c
--- /dev/null
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.cs
@@ -0,0 +1,96 @@
+using System;
+using Microsoft.EntityFrameworkCore;
+
+namespace Tests.Diagnostics
+{
+    class Program
+    {
+        private const string ConstQuery = "";
+
+        public void Foo(DbContext context, string query, int x, Guid guid, params object[] parameters)
+        {
+            context.Database.ExecuteSqlRaw($""); // Compliant
+            context.Database.ExecuteSqlRaw(""); // Compliant, constants are safe
+            context.Database.ExecuteSqlRaw(ConstQuery); // Compliant, constants are safe
+            context.Database.ExecuteSqlRaw("" + ""); // Compliant, constants are safe
+            context.Database.ExecuteSqlRaw(query); // Compliant, not concat or format
+            context.Database.ExecuteSqlRaw("" + query); // Noncompliant
+            context.Database.ExecuteSqlRaw($"", parameters); // Compliant
+            context.Database.ExecuteSqlRaw(query, parameters); // Compliant, not concat or format
+
+            context.Database.ExecuteSqlRaw("" + query, parameters); // Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query} AND mycol2={0}", parameters[0]); // Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+            context.Database.ExecuteSqlRaw(@$"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+            context.Database.ExecuteSqlRaw($@"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}"); // Noncompliant
+
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, query); // Compliant
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, $"SELECT * FROM mytable WHERE mycol={query}{query}", x, guid); // Noncompliant
+
+            context.Database.ExecuteSqlRawAsync($""); // Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync(""); // Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync(ConstQuery); // Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync("" + ""); // Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync(query); // Compliant, not concat
+            context.Database.ExecuteSqlRawAsync("" + query); // Noncompliant
+            context.Database.ExecuteSqlRawAsync(query + ""); // Noncompliant
+            context.Database.ExecuteSqlRawAsync("" + query + ""); // Noncompliant
+            context.Database.ExecuteSqlRawAsync($"", parameters); // Compliant
+            context.Database.ExecuteSqlRawAsync(query, parameters); // Compliant, not concat or format
+
+            context.Database.ExecuteSqlRawAsync("" + query, parameters); // Noncompliant
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" + query, parameters);  // Noncompliant
+
+            context.Set<User>().FromSqlRaw($""); // Compliant
+            context.Set<User>().FromSqlRaw(""); // Compliant, constants are safe
+            context.Set<User>().FromSqlRaw(ConstQuery); // Compliant, constants are safe
+            context.Set<User>().FromSqlRaw(query); // Compliant, not concat/format
+            context.Set<User>().FromSqlRaw("" + ""); // Compliant
+            context.Set<User>().FromSqlRaw($"", parameters); // Compliant
+            context.Set<User>().FromSqlRaw("", parameters); // Compliant, the parameters are sanitized
+            context.Set<User>().FromSqlRaw(query, parameters); // Compliant
+            context.Set<User>().FromSqlRaw("" + query, parameters); // Noncompliant
+            RelationalQueryableExtensions.FromSqlRaw(context.Set<User>(), "" + query, parameters); // Noncompliant
+        }
+
+        public void ConcatAndFormat(DbContext context, string query, params object[] parameters)
+        {
+            var concatenated = string.Concat(query, parameters);                                    // Secondary [1,2,3]
+            var formatted = string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters); // Secondary [4,5,6]
+            var interpolated = $"SELECT * FROM mytable WHERE mycol={parameters[0]}";                // Secondary [7,8,9]
+
+            context.Database.ExecuteSqlRaw(string.Concat(query, parameters)); // Noncompliant
+            context.Database.ExecuteSqlRaw(string.Format(query, parameters)); // Noncompliant
+            context.Database.ExecuteSqlRaw(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant
+            context.Database.ExecuteSqlRaw("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant
+            context.Database.ExecuteSqlRaw(formatted);    // Noncompliant [4]
+            context.Database.ExecuteSqlRaw(concatenated); // Noncompliant [1]
+            context.Database.ExecuteSqlRaw(interpolated); // Noncompliant [7]
+
+            context.Database.ExecuteSqlRawAsync(string.Concat(query, parameters)); // Noncompliant
+            context.Database.ExecuteSqlRawAsync(string.Format(query, parameters)); // Noncompliant
+            context.Database.ExecuteSqlRawAsync(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant
+            context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant
+            context.Database.ExecuteSqlRawAsync("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant
+            context.Database.ExecuteSqlRawAsync(formatted);    // Noncompliant [5]
+            context.Database.ExecuteSqlRawAsync(concatenated); // Noncompliant [2]
+            context.Database.ExecuteSqlRawAsync(interpolated); // Noncompliant [8]
+
+            context.Set<User>().FromSqlRaw(string.Concat(query, parameters)); // Noncompliant
+            context.Set<User>().FromSqlRaw(string.Format("INSERT INTO Users (name) VALUES (\"{0}\")", parameters)); // Noncompliant
+            context.Set<User>().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters[0]}"); // Noncompliant
+            context.Set<User>().FromSqlRaw("SELECT * FROM mytable WHERE mycol=" + parameters[0]); // Noncompliant
+            context.Set<User>().FromSqlRaw(formatted);    // Noncompliant [6]
+            context.Set<User>().FromSqlRaw(concatenated); // Noncompliant [3]
+            context.Set<User>().FromSqlRaw(interpolated); // Noncompliant [9]
+        }
+    }
+
+    class User
+    {
+        string Id { get; set; }
+        string Name { get; set; }
+    }
+}
diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb
new file mode 100644
index 00000000000..d48deab5ce3
--- /dev/null
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/TestCases/Hotspots/ExecutingSqlQueries_EntityFrameworkCoreLatest.vb
@@ -0,0 +1,104 @@
+Imports System
+Imports System.Linq
+Imports Microsoft.EntityFrameworkCore
+
+Namespace Tests.Diagnostics
+    Class Program
+        Private Const ConstQuery As String = ""
+
+        Public Sub Foo(ByVal context As DbContext, ByVal query As String, ByVal x As Int32, ParamArray parameters As Object())
+            context.Database.ExecuteSqlRaw($"") ' Noncompliant
+            context.Database.ExecuteSqlRaw("") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRaw(ConstQuery) ' Compliant, constants are safe
+            context.Database.ExecuteSqlRaw("" & "") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRaw("" + "") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRaw(query) ' Compliant, not concat or format
+            context.Database.ExecuteSqlRaw("" & query) ' Noncompliant
+            context.Database.ExecuteSqlRaw("" + query) ' Noncompliant
+            context.Database.ExecuteSqlRaw($"", parameters) ' Noncompliant
+            context.Database.ExecuteSqlRaw(query, parameters) ' Compliant, not concat or format
+            context.Database.ExecuteSqlRaw("" & query, parameters) ' Noncompliant
+            context.Database.ExecuteSqlRaw("" + query, parameters) ' Noncompliant
+
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", parameters(0)) ' Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
+
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, query) ' Compliant
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRaw(context.Database, $"SELECT * FROM mytable WHERE mycol={query} AND col2={0}", x) ' Noncompliant
+
+            context.Database.ExecuteSqlRawAsync($"") ' Noncompliant
+            context.Database.ExecuteSqlRawAsync("") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync(ConstQuery) ' Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync("" & "") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync("" + "") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync("" + "" & "") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync("" & "" + "") ' Compliant, constants are safe
+            context.Database.ExecuteSqlRawAsync(query) ' Compliant, not concat or format
+            context.Database.ExecuteSqlRawAsync("" & query) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync("" + query) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync($"", parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync(query, parameters) ' Compliant, not concat or format
+            context.Database.ExecuteSqlRawAsync("" & query, parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync("" + query, parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync(query + "", parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync(query & "", parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync("" & query + "", parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync("" + query & "", parameters) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
+            context.Database.ExecuteSqlRawAsync($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" & query, parameters) ' Noncompliant
+            RelationalDatabaseFacadeExtensions.ExecuteSqlRawAsync(context.Database, "" + query, parameters) ' Noncompliant
+
+            context.Set(Of User)().FromSqlRaw($"") ' Noncompliant
+            context.Set(Of User)().FromSqlRaw("") ' Compliant, constants are safe
+            context.Set(Of User)().FromSqlRaw(ConstQuery) ' Compliant, constants are safe
+            context.Set(Of User)().FromSqlRaw(query) ' Compliant, not concat or format
+            context.Set(Of User)().FromSqlRaw("" & "") ' Compliant, constants are safe
+            context.Set(Of User)().FromSqlRaw("" + "") ' Compliant, constants are safe
+            context.Set(Of User)().FromSqlRaw($"", parameters) ' Noncompliant
+            context.Set(Of User)().FromSqlRaw("", parameters) ' Compliant, the parameters are sanitized
+            context.Set(Of User)().FromSqlRaw(query, parameters) ' Compliant, not concat or format
+            context.Set(Of User)().FromSqlRaw("" & query, parameters) ' Noncompliant
+            context.Set(Of User)().FromSqlRaw("" + query, parameters) ' Noncompliant
+            context.Set(Of User)().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={query}") ' Noncompliant
+            context.Set(Of User)().FromSqlRaw($"SELECT * FROM mytable WHERE mycol={query}", x) ' Noncompliant
+            RelationalQueryableExtensions.FromSqlRaw(context.Set(Of User)(), "" & query, parameters) ' Noncompliant
+            RelationalQueryableExtensions.FromSqlRaw(context.Set(Of User)(), "" + query, parameters) ' Noncompliant
+
+        End Sub
+
+        Public Sub ConcatAndFormat(ByVal context As DbContext, ByVal query As String, ParamArray parameters As Object())
+            Dim formatted = String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters) ' Secondary [1,2,3]
+            Dim concatenated = String.Concat(query, parameters)                                    ' Secondary [4,5,6]
+            Dim interpolated = $"SELECT * FROM mytable WHERE mycol={query}"                        ' Secondary [7,8,9]
+
+            context.Database.ExecuteSqlRaw(String.Concat(query, parameters)) ' Noncompliant
+            context.Database.ExecuteSqlRaw(String.Format(query, parameters)) ' Noncompliant
+            context.Database.ExecuteSqlRaw(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant
+            context.Database.ExecuteSqlRaw($"SELECT * FROM mytable WHERE mycol={parameters(0)}") ' Noncompliant
+            context.Database.ExecuteSqlRaw(formatted)    ' Noncompliant [1]
+            context.Database.ExecuteSqlRaw(concatenated) ' Noncompliant [4]
+            context.Database.ExecuteSqlRaw(interpolated) ' Noncompliant [7]
+
+            context.Database.ExecuteSqlRawAsync(String.Concat(query, parameters)) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync(String.Format(query, parameters)) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant
+            context.Database.ExecuteSqlRawAsync(formatted)    ' Noncompliant [2]
+            context.Database.ExecuteSqlRawAsync(concatenated) ' Noncompliant [5]
+            context.Database.ExecuteSqlRawAsync(interpolated) ' Noncompliant [8]
+
+            context.Set(Of User)().FromSqlRaw(String.Concat(query, parameters)) ' Noncompliant
+            context.Set(Of User)().FromSqlRaw(String.Format("INSERT INTO Users (name) VALUES (""{0}"")", parameters)) ' Noncompliant
+            context.Set(Of User)().FromSqlRaw(formatted)    ' Noncompliant [3]
+            context.Set(Of User)().FromSqlRaw(concatenated) ' Noncompliant [6]
+            context.Set(Of User)().FromSqlRaw(interpolated) ' Noncompliant [9]
+        End Sub
+
+    End Class
+
+    Class User
+        Private Property Id As String
+        Private Property Name As String
+    End Class
+End Namespace

From af03a3cb5babf3e184ad9e31badf623727ff76d8 Mon Sep 17 00:00:00 2001
From: Costin Zaharia <costin.zaharia@sonarsource.com>
Date: Mon, 24 Jan 2022 16:44:49 +0100
Subject: [PATCH 3/3] Address code review comments

---
 .../Rules/Hotspots/ExecutingSqlQueriesTest.cs | 36 +++++++++----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
index 644c3acc2b8..3c6804dcaf8 100644
--- a/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
+++ b/analyzers/tests/SonarAnalyzer.UnitTest/Rules/Hotspots/ExecutingSqlQueriesTest.cs
@@ -33,22 +33,22 @@ namespace SonarAnalyzer.UnitTest.Rules
     [TestClass]
     public class ExecutingSqlQueriesTest
     {
-        private readonly VerifierBuilder builderCs = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
-        private readonly VerifierBuilder builderVb = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled));
+        private readonly VerifierBuilder builderCS = new VerifierBuilder().AddAnalyzer(() => new CS.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)).WithBasePath("Hotspots");
+        private readonly VerifierBuilder builderVB = new VerifierBuilder().AddAnalyzer(() => new VB.ExecutingSqlQueries(AnalyzerConfiguration.AlwaysEnabled)).WithBasePath("Hotspots");
 
 #if NETFRAMEWORK // System.Data.OracleClient.dll is not available on .Net Core
 
         [TestMethod]
         public void ExecutingSqlQueries_CS_Net46() =>
-            builderCs
-                .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.cs")
+            builderCS
+                .AddPaths(@"ExecutingSqlQueries_Net46.cs")
                 .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_VB_Net46() =>
-            builderVb
-                .AddPaths(@"Hotspots\ExecutingSqlQueries_Net46.vb")
+            builderVB
+                .AddPaths(@"ExecutingSqlQueries_Net46.vb")
                 .WithOptions(ParseOptionsHelper.FromVisualBasic15)
                 .AddReferences(GetReferencesNet46(Constants.NuGetLatestVersion))
                 .Verify();
@@ -66,32 +66,32 @@ internal static IEnumerable<MetadataReference> GetReferencesNet46(string sqlServ
 
         [TestMethod]
         public void ExecutingSqlQueries_CS_EntityFrameworkCore2() =>
-            builderCs
-                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.cs")
+            builderCS
+                .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCore2.cs")
                 .WithOptions(ParseOptionsHelper.FromCSharp8)
                 .AddReferences(GetReferencesEntityFrameworkNetCore("2.2.6"))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CS_EntityFrameworkCoreLatest() =>
-            builderCs
-                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.cs")
+            builderCS
+                .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCoreLatest.cs")
                 .WithOptions(ParseOptionsHelper.FromCSharp8)
                 .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CSharp9() =>
-            builderCs
-                .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp9.cs")
+            builderCS
+                .AddPaths(@"ExecutingSqlQueries.CSharp9.cs")
                 .WithTopLevelStatements()
                 .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_CSharp10() =>
-            builderCs
-                .AddPaths(@"Hotspots\ExecutingSqlQueries.CSharp10.cs")
+            builderCS
+                .AddPaths(@"ExecutingSqlQueries.CSharp10.cs")
                 .WithOptions(ParseOptionsHelper.FromCSharp10)
                 .WithTopLevelStatements()
                 .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version).Concat(NuGetMetadataReference.MicrosoftDataSqliteCore()))
@@ -99,16 +99,16 @@ public void ExecutingSqlQueries_CSharp10() =>
 
         [TestMethod]
         public void ExecutingSqlQueries_VB_EntityFrameworkCore2() =>
-            builderVb
-                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCore2.vb")
+            builderVB
+                .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCore2.vb")
                 .WithOptions(ParseOptionsHelper.FromVisualBasic15)
                 .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.DotNetCore220Version))
                 .Verify();
 
         [TestMethod]
         public void ExecutingSqlQueries_VB_EntityFrameworkCoreLatest() =>
-            builderVb
-                .AddPaths(@"Hotspots\ExecutingSqlQueries_EntityFrameworkCoreLatest.vb")
+            builderVB
+                .AddPaths(@"ExecutingSqlQueries_EntityFrameworkCoreLatest.vb")
                 .WithOptions(ParseOptionsHelper.FromVisualBasic15)
                 .AddReferences(GetReferencesEntityFrameworkNetCore(Constants.NuGetLatestVersion))
                 .Verify();