search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Dynamic_SQL_Queries @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/FullTextSearch/YapDatabaseFullTextSearchTransaction.m [master] #14

Open tsunez opened 3 years ago

tsunez commented 3 years ago

Dynamic_SQL_Queries issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/FullTextSearch/YapDatabaseFullTextSearchTransaction.m in branch master

Severity: Information

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 434 179 181 200 440 442 171 445 142

Code (Line #434):

    [query appendFormat:@"DELETE FROM \"%@\" WHERE \"rowid\" IN (", [self tableName]];

Code (Line #179):

            [createTable appendFormat:@"\"%@\"", columnName];

Code (Line #181):

            [createTable appendFormat:@", \"%@\"", columnName];

Code (Line #200):

    [createTable appendString:@");"];

Code (Line #440):

            [query appendFormat:@"?"];

Code (Line #442):

            [query appendFormat:@", ?"];

Code (Line #171):

    [createTable appendFormat:@"CREATE VIRTUAL TABLE IF NOT EXISTS \"%@\" USING fts4(", tableName];

Code (Line #445):

    [query appendString:@");"];

Code (Line #142):

    NSString *dropTable = [NSString stringWithFormat:@"DROP TABLE IF EXISTS \"%@\";", tableName];
tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 9 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 9 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)