search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Dynamic_SQL_Queries @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/YapDatabase.m [master] #67

Open tsunez opened 3 years ago

tsunez commented 3 years ago

Dynamic_SQL_Queries issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/YapDatabase.m in branch master

Severity: Information

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 867 963 1011 1109

Code (Line #867):

    NSString *pragma = [NSString stringWithFormat:@"PRAGMA %@;", pragmaSetting];

Code (Line #963):

    NSString *pragma = [NSString stringWithFormat:@"PRAGMA table_info('%@');", tableName];

Code (Line #1011):

    NSString *pragma = [NSString stringWithFormat:@"PRAGMA table_info('%@');", tableName];

Code (Line #1109):

    NSString *query = [NSString stringWithFormat:@"PRAGMA user_version = %d;", user_version];
tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 4 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 3 years ago

Issue still exists.

SUMMARY

Issue has 4 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)