search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Dynamic_SQL_Queries @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/Views/YapDatabaseViewTransaction.m [master] #26

Open tsunez opened 3 years ago

tsunez commented 3 years ago

Dynamic_SQL_Queries issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/Views/YapDatabaseViewTransaction.m in branch master

Severity: Information

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 1315 1317 278 552 1320 507 558 1310 527

Code (Line #1315):

                    [query appendFormat:@"?"];

Code (Line #1317):

                    [query appendFormat:@", ?"];

Code (Line #278):

        NSString *string = [NSString stringWithFormat:

Code (Line #552):

        NSString *createMapTable = [NSString stringWithFormat:

Code (Line #1320):

            [query appendString:@");"];

Code (Line #507):

        NSString *dropKeyTable = [NSString stringWithFormat:@"DROP TABLE IF EXISTS \"%@\";", keyTableName];

Code (Line #558):

        NSString *createPageTable = [NSString stringWithFormat:

Code (Line #1310):

            [query appendFormat:@"SELECT \"rowid\", \"pageKey\" FROM \"%@\" WHERE \"rowid\" IN (", [self mapTableName]];

Code (Line #527):

        NSString *dropPageTable = [NSString stringWithFormat:@"DROP TABLE IF EXISTS \"%@\";", [self pageTableName]];
tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 9 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 9 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)