search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Dynamic_SQL_Queries @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/SecondaryIndex/YapDatabaseSecondaryIndexTransaction.m [master] #39

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Dynamic_SQL_Queries issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/SecondaryIndex/YapDatabaseSecondaryIndexTransaction.m in branch master

Severity: Information

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 608 226 610 613 1061 230 234 238 1262 602 251 220 190

Code (Line #608):

            [query appendFormat:@"?"];

Code (Line #226):

            [createTable appendFormat:@", \"%@\" INTEGER", column.name];

Code (Line #610):

            [query appendFormat:@", ?"];

Code (Line #613):

    [query appendString:@");"];

Code (Line #1061):

        [NSString stringWithFormat:@"SELECT \"rowid\" FROM \"%@\" %@;", [self tableName], query.queryString];

Code (Line #230):

            [createTable appendFormat:@", \"%@\" REAL", column.name];

Code (Line #234):

            [createTable appendFormat:@", \"%@\" TEXT", column.name];

Code (Line #238):

    [createTable appendString:@");"];

Code (Line #1262):

        [NSString stringWithFormat:@"SELECT COUNT(*) AS NumberOfRows FROM \"%@\" %@;",

Code (Line #602):

    [query appendFormat:@"DELETE FROM \"%@\" WHERE \"rowid\" IN (", [self tableName]];

Code (Line #251):

            [NSString stringWithFormat:@"CREATE INDEX IF NOT EXISTS \"%@\" ON \"%@\" (\"%@\");",

Code (Line #220):

    [createTable appendFormat:@"CREATE TABLE IF NOT EXISTS \"%@\" (\"rowid\" INTEGER PRIMARY KEY", tableName];

Code (Line #190):

    NSString *dropTable = [NSString stringWithFormat:@"DROP TABLE IF EXISTS \"%@\";", tableName];
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 13 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 13 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)