search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Dynamic_SQL_Queries @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/FullTextSearch/YapDatabaseFullTextSearchConnection.m [master] #78

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Dynamic_SQL_Queries issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Extensions/FullTextSearch/YapDatabaseFullTextSearchConnection.m in branch master

Severity: Information

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 160 289 164 196 167 231 200 330 203 173 269 176 209 212 310 250

Code (Line #160):

        [string appendFormat:@"INSERT INTO \"%@\" (\"rowid\"", [fts tableName]];

Code (Line #289):

        NSString *string = [NSString stringWithFormat:

Code (Line #164):

            [string appendFormat:@", \"%@\"", columnName];

Code (Line #196):

        [string appendFormat:@"INSERT OR REPLACE INTO \"%@\" (\"rowid\"", [fts tableName]];

Code (Line #167):

        [string appendString:@") VALUES (?"];

Code (Line #231):

        NSString *string = [NSString stringWithFormat:@"DELETE FROM \"%@\" WHERE \"rowid\" = ?;", [fts tableName]];

Code (Line #200):

            [string appendFormat:@", \"%@\"", columnName];

Code (Line #330):

        NSString *string = [NSString stringWithFormat:

Code (Line #203):

        [string appendString:@") VALUES (?"];

Code (Line #173):

            [string appendString:@", ?"];

Code (Line #269):

        NSString *string = [NSString stringWithFormat:

Code (Line #176):

        [string appendString:@");"];

Code (Line #209):

            [string appendString:@", ?"];

Code (Line #212):

        [string appendString:@");"];

Code (Line #310):

        NSString *string = [NSString stringWithFormat:

Code (Line #250):

        NSString *string = [NSString stringWithFormat:@"DELETE FROM \"%@\";", [fts tableName]];
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 16 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 16 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)