search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Dynamic_SQL_Queries @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/YapDatabaseTransaction.m [master] #64

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Dynamic_SQL_Queries issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/YapDatabaseTransaction.m in branch master

Severity: Information

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 1795 1797 1800 1999 5135 2000 5202 2006 5142 2008 5144 5208 5210 2011 5147 5213 2223 2224 5492 2230 2232 5498 2235 1788 5500 1789 5503

Code (Line #1795):

                [query appendFormat:@"?"];

Code (Line #1797):

                [query appendFormat:@", ?"];

Code (Line #1800):

        [query appendString:@");"];

Code (Line #1999):

        [query appendString:@"SELECT \"key\", \"data\" FROM \"database2\""];

Code (Line #5135):

            [query appendString:

Code (Line #2000):

        [query appendString:@" WHERE \"collection\" = ? AND \"key\" IN ("];

Code (Line #5202):

            [query appendString:@"DELETE FROM \"database2\" WHERE \"rowid\" IN ("];

Code (Line #2006):

                [query appendFormat:@"?"];

Code (Line #5142):

                    [query appendFormat:@"?"];

Code (Line #2008):

                [query appendFormat:@", ?"];

Code (Line #5144):

                    [query appendFormat:@", ?"];

Code (Line #5208):

                    [query appendFormat:@"?"];

Code (Line #5210):

                    [query appendFormat:@", ?"];

Code (Line #2011):

        [query appendString:@");"];

Code (Line #5147):

            [query appendString:@");"];

Code (Line #5213):

            [query appendString:@");"];

Code (Line #2223):

        [query appendString:@"SELECT \"key\", \"data\", \"metadata\" FROM \"database2\""];

Code (Line #2224):

        [query appendString:@" WHERE \"collection\" = ? AND \"key\" IN ("];

Code (Line #5492):

            [query appendString:@"DELETE FROM \"database2\" WHERE \"rowid\" IN ("];

Code (Line #2230):

                [query appendFormat:@"?"];

Code (Line #2232):

                [query appendFormat:@", ?"];

Code (Line #5498):

                    [query appendFormat:@"?"];

Code (Line #2235):

        [query appendString:@");"];

Code (Line #1788):

        [query appendString:@"SELECT \"key\", \"metadata\" FROM \"database2\""];

Code (Line #5500):

                    [query appendFormat:@", ?"];

Code (Line #1789):

        [query appendString:@" WHERE \"collection\" = ? AND \"key\" IN ("];

Code (Line #5503):

            [query appendString:@");"];
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 27 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 27 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)