Recorded calls to SQLite query API

Recorded calls to SQLite query API

Risk: info

Description

Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting of an SQL query via the input data from the client to the application.

Recommendation

This entry is informative, no recommendations applicable.

Links

• SQL Injection (OWASP)
• Security Tips (Android developer)
• CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Standards

• CWE_TOP_25:
  • CWE_89
• OWASP_MASVS_L1:
  • MSTG_STORAGE_3
• OWASP_MASVS_L2:
  • MSTG_STORAGE_3
• OWASP_MASVS_v2_1:
  • MASVS_STORAGE_2