Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Raw SQL query flagged in vulnerability testing #242

Open
MohitIH opened this issue Jun 23, 2020 · 1 comment
Open

Raw SQL query flagged in vulnerability testing #242

MohitIH opened this issue Jun 23, 2020 · 1 comment

Comments

@MohitIH
Copy link

MohitIH commented Jun 23, 2020
edited

When testing my application for vulnerabilities using MobSF it flagged com\amplitude\api\DatabaseHelper.java for using raw SQL queries which can lead to SQL injection attacks. Here's the report :

App uses SQLite Database and execute raw SQL query. Untrusted user input in raw SQL queries can cause SQL Injection. Also sensitive information should be encrypted and written to the database.

Severity : High

CVSS V2: 5.9 (medium)
CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10: M7: Client Code Quality
@qingzhuozhen
Copy link
Contributor

We now have a new Android Kotlin SDK now! Feel free to check it out and let us know if any feedback! That library is not using any SQLite so should get rid of this warning then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MohitIH @qingzhuozhen