search

transistorsoft / react-native-background-geolocation

Sophisticated, battery-conscious background-geolocation with motion-detection
http://shop.transistorsoft.com/pages/react-native-background-geolocation
MIT License
2.66k stars 426 forks source link

High Severity Vulnerability: Raw SQL Queries in SQLite Database #2176

Closed Manikandan-saminathan closed 1 month ago

Manikandan-saminathan commented 1 month ago

Description:

We have identified critical vulnerabilities in our application related to the use of raw SQL queries within the SQLite database. These vulnerabilities can potentially expose the application to SQL injection attacks, allowing unauthorized access and manipulation of sensitive data.

Severity: High

Vulnerability Details:

• Vulnerability Type: Raw SQL Queries in SQLite • OWASP MASVS Compliance: 6.2 [L1, L2] • Common Weakness Enumeration (CWE): CWE-89 (SQL Injection) • Known Exploits: • CVE-2019-5454: CVSS 3.0 Score 9.8 (Critical) • CVE-2020-0060: CVSS 3.0 Score 4.4 (Medium)

Impact:

SQL injection vulnerabilities can lead to serious consequences, including:

• Unauthorized access to sensitive information. • Data manipulation or corruption. • Execution of arbitrary SQL commands, potentially allowing for system compromise.

Affected Files and Code Snippets:

  1. DatabasePersistence.java 
    
public void onCreate(SQLiteDatabase db) {
db.execSQL(DatabasePersistence.CREATE_PRIORITY_INDEX_LOGS); // Line 72
}

public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) { db.execSQL(DatabasePersistence.DROP_LOGS_SQL); // Line 77 db.execSQL(DatabasePersistence.CREATE_LOGS_SQL); // Line 78 db.execSQL(DatabasePersistence.CREATE_PRIORITY_INDEX_LOGS); // Line 79 }


2.  GeofenceDAO.java

try { cursor = b.rawQuery("SELECT identifier, radius, latitude, longitude, notifyOnEntry, notifyOnExit, ...", null); // Line 142 } catch (SQLiteException e) { // Handle exception }


3.  SQLiteLocationDAO.java

cursor = a.rawQuery(z ? "SELECT count() FROM locations WHERE locked=0" : "SELECT count() FROM locations", null); // Line 200


4.  LocationOpenHelper.java

public void onCreate(SQLiteDatabase sQLiteDatabase) { sQLiteDatabase.execSQL(e); // Line 59 sQLiteDatabase.execSQL(h); // Line 60 }


5.  TSSQLiteAppender.java

cursor = this.a.rawQuery("SELECT sql FROM sqlite_master WHERE name='" + this.f.getTableName(TableName.LOGGING_EVENT_PROPERTY) + "'", null); // Line 322


Recommended Actions:

To mitigate these vulnerabilities, we recommend implementing the following best practices:

1.  Use Prepared Statements:
    •   Replace all raw SQL queries with prepared statements to prevent SQL injection attacks.
    •   Example of a prepared statement:

String query = "SELECT * FROM geofences WHERE identifier = ?"; Cursor cursor = db.rawQuery(query, new String[]{identifier});



2.  Input Validation and Sanitization:
    •   Ensure all user inputs are validated and sanitized before being used in SQL queries. Implement whitelists for acceptable values.
3.  Encrypt Sensitive Data:
    •   Encrypt sensitive information stored in the SQLite database to protect it from unauthorized access.
4.  Code Review and Security Audits:
    •   Conduct regular code reviews and security audits focusing on database operations to identify and resolve vulnerabilities proactively.
5.  Update Third-Party Libraries:
    •   Monitor and update third-party libraries to ensure they are patched for known vulnerabilities.

Conclusion:

The presence of raw SQL queries in our codebase poses a significant security risk. Immediate action is required to implement prepared statements and validate user inputs to safeguard the application from potential SQL injection attacks.

Additional Notes:
•   Please treat this issue with high priority due to its potential impact on user data security.
christocracy commented 1 month ago

These are not critical security issues for your app. The plugin offers only a limited API to its small database.