Info Call to SQLite query API

Description

Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting of an SQL query via the input data from the client to the application

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method com.google.android.gms.measurement.internal.k.onOpen() calling method android.database.sqlite.SQLiteDatabase.rawQuery()


    public void onOpen(android.database.sqlite.SQLiteDatabase p13)
    {
        if (android.os.Build$VERSION.SDK_INT < 15) {
            void v0_5 = p13.rawQuery("PRAGMA journal_mode=memory", 0);
            try {
                v0_5.moveToFirst();
                v0_5.close();
            } catch (Throwable v1_4) {
                v0_5.close();
                throw v1_4;
            }
        }
        this.a(p13, "events", "CREATE TABLE IF NOT EXISTS events ( app_id TEXT NOT NULL, name TEXT NOT NULL, lifetime_count INTEGER NOT NULL, current_bundle_count INTEGER NOT NULL, last_fire_timestamp INTEGER NOT NULL, PRIMARY KEY (app_id, name)) ;", "app_id,name,lifetime_count,current_bundle_count,last_fire_timestamp", 0);
        this.a(p13, "user_attributes", "CREATE TABLE IF NOT EXISTS user_attributes ( app_id TEXT NOT NULL, name TEXT NOT NULL, set_timestamp INTEGER NOT NULL, value BLOB NOT NULL, PRIMARY KEY (app_id, name)) ;", "app_id,name,set_timestamp,value", 0);
        this.a(p13, "apps", "CREATE TABLE IF NOT EXISTS apps ( app_id TEXT NOT NULL, app_instance_id TEXT, gmp_app_id TEXT, resettable_device_id_hash TEXT, last_bundle_index INTEGER NOT NULL, last_bundle_end_timestamp INTEGER NOT NULL, PRIMARY KEY (app_id)) ;", "app_id,app_instance_id,gmp_app_id,resettable_device_id_hash,last_bundle_index,last_bundle_end_timestamp", com.google.android.gms.measurement.internal.j.v());
        this.a(p13, "queue", "CREATE TABLE IF NOT EXISTS queue ( app_id TEXT NOT NULL, bundle_end_timestamp INTEGER NOT NULL, data BLOB NOT NULL);", "app_id,bundle_end_timestamp,data", 0);
        return;
    }

Method com.google.android.gms.measurement.internal.k.b() calling method android.database.sqlite.SQLiteDatabase.rawQuery()


    private java.util.Set b(android.database.sqlite.SQLiteDatabase p4, String p5)
    {
        Throwable v0_1 = new java.util.HashSet();
        android.database.Cursor v1_2 = p4.rawQuery(new StringBuilder().append("SELECT * FROM ").append(p5).append(" LIMIT 0").toString(), 0);
        try {
            java.util.Collections.addAll(v0_1, v1_2.getColumnNames());
            v1_2.close();
            return v0_1;
        } catch (Throwable v0_2) {
            v1_2.close();
            throw v0_2;
        }
    }

Method com.google.android.gms.measurement.internal.j.r() calling method android.database.sqlite.SQLiteDatabase.rawQuery()


    public String r()
    {
        String v0_0 = 0;
        try {
            Throwable v2_0 = this.q().rawQuery("SELECT q.app_id FROM queue q JOIN apps a ON a.app_id=q.app_id WHERE a.measurement_enabled!=0 ORDER BY q.rowid LIMIT 1;", 0);
            try {
                if (!v2_0.moveToFirst()) {
                    if (v2_0 == null) {
                        return v0_0;
                    } else {
                        v2_0.close();
                        return v0_0;
                    }
                } else {
                    v0_0 = v2_0.getString(0);
                    if (v2_0 == null) {
                        return v0_0;
                    } else {
                        v2_0.close();
                        return v0_0;
                    }
                }
            } catch (int v1_1) {
                this.l().b().a("Database error getting next bundle app id", v1_1);
                if (v2_0 == null) {
                    return v0_0;
                } else {
                    v2_0.close();
                    return v0_0;
                }
            }
        } catch (int v1_4) {
            v2_0 = 0;
            String v0_1 = v1_4;
            if (v2_0 != null) {
                v2_0.close();
            }
            throw v0_1;
        } catch (int v1_1) {
            v2_0 = 0;
        } catch (String v0_1) {
        }
    }

Method com.google.android.gms.measurement.internal.j.a() calling method android.database.sqlite.SQLiteDatabase.rawQuery()


    private long a(String p6, String[] p7, long p8)
    {
        try {
            android.database.Cursor v1 = this.q().rawQuery(p6, p7);
        } catch (int v0_4) {
            this.l().b().a("Database error", p6, v0_4);
            throw v0_4;
        } catch (int v0_1) {
            if (v1 != null) {
                v1.close();
            }
            throw v0_1;
        }
        if (!v1.moveToFirst()) {
            if (v1 != null) {
                v1.close();
            }
        } else {
            p8 = v1.getLong(0);
            if (v1 != null) {
                v1.close();
            }
        }
        return p8;
    }

Method com.google.android.gms.measurement.internal.j.a() calling method android.database.sqlite.SQLiteDatabase.insert()


    public void a(com.google.android.gms.b.u p7)
    {
        this.e();
        this.y();
        com.google.android.gms.common.internal.aj.a(p7);
        com.google.android.gms.common.internal.aj.a(p7.o);
        com.google.android.gms.common.internal.aj.a(p7.f);
        this.s();
        com.google.android.gms.measurement.internal.ab v0_0 = this.h().a();
        if ((p7.f.longValue() < (v0_0 - this.n().E())) || (p7.f.longValue() > (this.n().E() + v0_0))) {
            this.l().o().a("Storing bundle outside of the max uploading time span. now, timestamp", Long.valueOf(v0_0), p7.f);
        }
        try {
            com.google.android.gms.measurement.internal.ab v0_4 = new byte[p7.e()];
            String v1_1 = com.google.android.gms.b.ae.a(v0_4);
            p7.a(v1_1);
            v1_1.b();
            com.google.android.gms.measurement.internal.ab v0_6 = this.j().a(v0_4);
            this.l().t().a("Saving bundle, size", Integer.valueOf(v0_6.length));
            String v1_6 = new android.content.ContentValues();
            v1_6.put("app_id", p7.o);
            v1_6.put("bundle_end_timestamp", p7.f);
            v1_6.put("data", v0_6);
            try {
                if (this.q().insert("queue", 0, v1_6) != -1) {
                    return;
                } else {
                    this.l().b().a("Failed to insert bundle (got -1)");
                    return;
                }
            } catch (com.google.android.gms.measurement.internal.ab v0_14) {
                this.l().b().a("Error storing bundle", v0_14);
                return;
            }
        } catch (com.google.android.gms.measurement.internal.ab v0_7) {
            this.l().b().a("Data loss. Failed to serialize bundle", v0_7);
            return;
        }
    }

Method com.google.android.gms.measurement.internal.k.a() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    private void a(android.database.sqlite.SQLiteDatabase p7, String p8, String p9, java.util.Map p10)
    {
        String v1_0 = this.b(p7, p8);
        String v2_3 = p9.split(",");
        String v0_10 = 0;
        while (v0_10 < v2_3.length) {
            String v4 = v2_3[v0_10];
            if (v1_0.remove(v4)) {
                v0_10++;
            } else {
                throw new android.database.sqlite.SQLiteException(new StringBuilder().append("Database ").append(p8).append(" is missing required column: ").append(v4).toString());
            }
        }
        if (p10 != null) {
            String v2_0 = p10.entrySet().iterator();
            while (v2_0.hasNext()) {
                String v0_7 = ((java.util.Map$Entry) v2_0.next());
                if (!v1_0.remove(v0_7.getKey())) {
                    p7.execSQL(((String) v0_7.getValue()));
                }
            }
        }
        if (v1_0.isEmpty()) {
            return;
        } else {
            throw new android.database.sqlite.SQLiteException(new StringBuilder().append("Database ").append(p8).append(" table has extra columns").toString());
        }
    }

Method com.google.android.gms.measurement.internal.k.a() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    private void a(android.database.sqlite.SQLiteDatabase p4, String p5, String p6, String p7, java.util.Map p8)
    {
        if (!this.a(p4, p5)) {
            p4.execSQL(p6);
        }
        try {
            this.a(p4, p5, p7, p8);
            return;
        } catch (android.database.sqlite.SQLiteException v0_1) {
            this.a.l().b().a("Failed to verify columns on table that was just created", p5);
            throw v0_1;
        }
    }

Method com.google.android.gms.measurement.internal.j.t() calling method android.database.sqlite.SQLiteDatabase.delete()


    void t()
    {
        this.e();
        this.y();
        if (this.B()) {
            Integer v0_3 = this.q();
            com.google.android.gms.measurement.internal.ab v1_3 = new String[2];
            v1_3[0] = String.valueOf(this.h().a());
            v1_3[1] = String.valueOf(this.n().E());
            Integer v0_0 = v0_3.delete("queue", "abs(bundle_end_timestamp - ?) > cast(? as integer)", v1_3);
            if (v0_0 > null) {
                this.l().t().a("Deleted stale rows. rowsDeleted", Integer.valueOf(v0_0));
            }
        }
        return;
    }

Method com.google.android.gms.measurement.internal.j.b() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void b(String p6, String p7)
    {
        com.google.android.gms.common.internal.aj.a(p6);
        com.google.android.gms.common.internal.aj.a(p7);
        this.e();
        this.y();
        try {
            android.database.sqlite.SQLiteException v0_3 = this.q();
            String[] v3_1 = new String[2];
            v3_1[0] = p6;
            v3_1[1] = p7;
            this.l().t().a("Deleted user attribute rows:", Integer.valueOf(v0_3.delete("user_attributes", "app_id=? and name=?", v3_1)));
        } catch (android.database.sqlite.SQLiteException v0_2) {
            this.l().b().a("Error deleting user attribute", p6, p7, v0_2);
        }
        return;
    }

Method com.google.android.gms.measurement.internal.j.a() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void a(long p6)
    {
        this.e();
        this.y();
        com.google.android.gms.measurement.internal.ab v0_3 = this.q();
        String v1_1 = new String[1];
        v1_1[0] = String.valueOf(p6);
        if (v0_3.delete("queue", "rowid=?", v1_1) != 1) {
            this.l().b().a("Deleted fewer rows from queue than expected");
        }
        return;
    }

Method com.google.android.gms.measurement.internal.k.a() calling method android.database.sqlite.SQLiteDatabase.query()


    private boolean a(android.database.sqlite.SQLiteDatabase p11, String p12)
    {
        int v9 = 0;
        try {
            com.google.android.gms.measurement.internal.ab v2_3 = new String[1];
            v2_3[0] = "name";
            String[] v4 = new String[1];
            v4[0] = p12;
            int v1_0 = p11.query("SQLITE_MASTER", v2_3, "name=?", v4, 0, 0, 0);
            try {
                int v0_4 = v1_0.moveToFirst();
            } catch (int v0_2) {
                this.a.l().o().a("Error querying for table", p12, v0_2);
                if (v1_0 != 0) {
                    v1_0.close();
                }
                v0_4 = 0;
                return v0_4;
            }
            if (v1_0 == 0) {
                return v0_4;
            } else {
                v1_0.close();
                return v0_4;
            }
        } catch (int v0_3) {
            if (v9 != 0) {
                v9.close();
            }
            throw v0_3;
        } catch (int v0_2) {
            v1_0 = 0;
        } catch (int v0_3) {
            v9 = v1_0;
        }
    }

Method com.google.android.gms.measurement.internal.j.b() calling method android.database.sqlite.SQLiteDatabase.query()


    public com.google.android.gms.measurement.internal.b b(String p21)
    {
        com.google.android.gms.common.internal.aj.a(p21);
        this.e();
        this.y();
        long v10_0 = 0;
        try {
            com.google.android.gms.measurement.internal.ab v2_6 = this.q();
            String v4_4 = new String[10];
            v4_4[0] = "app_instance_id";
            v4_4[1] = "gmp_app_id";
            v4_4[2] = "resettable_device_id_hash";
            v4_4[3] = "last_bundle_index";
            v4_4[4] = "last_bundle_end_timestamp";
            v4_4[5] = "app_version";
            v4_4[6] = "app_store";
            v4_4[7] = "gmp_version";
            v4_4[8] = "dev_cert_hash";
            v4_4[9] = "measurement_enabled";
            String v6_11 = new String[1];
            v6_11[0] = p21;
            android.database.Cursor v19 = v2_6.query("apps", v4_4, "app_id=?", v6_11, 0, 0, 0);
            try {
                com.google.android.gms.measurement.internal.b v3_1;
                if (v19.moveToFirst()) {
                    com.google.android.gms.measurement.internal.ab v2_0;
                    String v5_11 = v19.getString(0);
                    String v6_12 = v19.getString(1);
                    String v7_2 = v19.getString(2);
                    long v8_1 = v19.getLong(3);
                    long v10_1 = v19.getLong(4);
                    String v12 = v19.getString(5);
                    String v13 = v19.getString(6);
                    long v14 = v19.getLong(7);
                    long v16 = v19.getLong(8);
                    if (!v19.isNull(9)) {
                        v2_0 = v19.getInt(9);
                    } else {
                        v2_0 = 1;
                    }
                    int v18;
                    if (v2_0 == null) {
                        v18 = 0;
                    } else {
                        v18 = 1;
                    }
                    v3_1 = new com.google.android.gms.measurement.internal.b(p21, v5_11, v6_12, v7_2, v8_1, v10_1, v12, v13, v14, v16, v18);
                    if (v19.moveToNext()) {
                        this.l().b().a("Got multiple records for app, expected one");
                    }
                    if (v19 == null) {
                        return v3_1;
                    } else {
                        v19.close();
                        return v3_1;
                    }
                } else {
                    v3_1 = 0;
                    if (v19 == null) {
                        return v3_1;
                    } else {
                        v19.close();
                        return v3_1;
                    }
                }
            } catch (com.google.android.gms.measurement.internal.ab v2_5) {
                v10_0 = v19;
                if (v10_0 != 0) {
                    v10_0.close();
                }
                throw v2_5;
            } catch (com.google.android.gms.measurement.internal.ab v2_4) {
                String v4_2 = v19;
                try {
                    this.l().b().a("Error querying app", p21, v2_4);
                    v3_1 = 0;
                } catch (com.google.android.gms.measurement.internal.ab v2_5) {
                    v10_0 = v4_2;
                }
                if (v4_2 == null) {
                    return v3_1;
                } else {
                    v4_2.close();
                    return v3_1;
                }
            }
        } catch (com.google.android.gms.measurement.internal.ab v2_5) {
        } catch (com.google.android.gms.measurement.internal.ab v2_4) {
            v4_2 = 0;
        }
    }

Method com.google.android.gms.measurement.internal.j.a() calling method android.database.sqlite.SQLiteDatabase.query()


    public java.util.List a(String p12, int p13, int p14)
    {
        Throwable v0_6;
        int v1_0 = 1;
        this.e();
        this.y();
        if (p13 <= 0) {
            v0_6 = 0;
        } else {
            v0_6 = 1;
        }
        com.google.android.gms.common.internal.aj.b(v0_6);
        if (p14 <= 0) {
            v1_0 = 0;
        }
        com.google.android.gms.common.internal.aj.b(v1_0);
        com.google.android.gms.common.internal.aj.a(p12);
        try {
            Throwable v0_2 = this.q();
            com.google.android.gms.measurement.internal.ab v2_3 = new String[2];
            v2_3[0] = "rowid";
            v2_3[1] = "data";
            com.google.android.gms.measurement.internal.ab v4_3 = new String[1];
            v4_3[0] = p12;
            com.google.android.gms.measurement.internal.ab v2_1 = v0_2.query("queue", v2_3, "app_id=?", v4_3, 0, 0, "rowid", String.valueOf(p13));
            try {
                Throwable v0_0;
                if (v2_1.moveToFirst()) {
                    v0_0 = new java.util.ArrayList();
                    int v3_4 = 0;
                    while(true) {
                        com.google.android.gms.measurement.internal.ab v4_4 = v2_1.getLong(0);
                        int v1_6 = this.j().b(v2_1.getBlob(1));
                        if ((!v0_0.isEmpty()) && ((v1_6.length + v3_4) > p14)) {
                            break;
                        }
                        com.google.android.gms.b.ad v6_5 = com.google.android.gms.b.ad.a(v1_6);
                        com.google.android.gms.b.u v7_2 = new com.google.android.gms.b.u();
                        try {
                            v7_2.a(v6_5);
                        } catch (int v1_9) {
                            this.l().b().a("Failed to merge queued bundle", p12, v1_9);
                            int v1_8 = v3_4;
                        }
                        v1_8 = (v1_6.length + v3_4);
                        v0_0.add(android.util.Pair.create(v7_2, Long.valueOf(v4_4)));
                        if ((!v2_1.moveToNext()) || (v1_8 > p14)) {
                            break;
                        }
                        v3_4 = v1_8;
                    }
                    if (v2_1 == null) {
                        return v0_0;
                    } else {
                        v2_1.close();
                        return v0_0;
                    }
                } else {
                    v0_0 = java.util.Collections.emptyList();
                    if (v2_1 == null) {
                        return v0_0;
                    } else {
                        v2_1.close();
                        return v0_0;
                    }
                }
            } catch (Throwable v0_1) {
                if (v2_1 != null) {
                    v2_1.close();
                }
                throw v0_1;
            } catch (Throwable v0_3) {
                int v1_2 = v2_1;
                try {
                    this.l().b().a("Error querying bundles", p12, v0_3);
                    v0_0 = java.util.Collections.emptyList();
                } catch (Throwable v0_1) {
                    v2_1 = v1_2;
                }
                if (v1_2 == 0) {
                    return v0_0;
                } else {
                    v1_2.close();
                    return v0_0;
                }
            }
        } catch (Throwable v0_1) {
            v2_1 = 0;
        } catch (Throwable v0_3) {
            v1_2 = 0;
        }
    }

Method com.google.android.gms.measurement.internal.j.a() calling method android.database.sqlite.SQLiteDatabase.query()


    public java.util.List a(String p12)
    {
        com.google.android.gms.common.internal.aj.a(p12);
        this.e();
        this.y();
        java.util.ArrayList v9_1 = new java.util.ArrayList();
        try {
            java.util.ArrayList v0_11 = this.q();
            String v2_0 = new String[3];
            v2_0[0] = "name";
            v2_0[1] = "set_timestamp";
            v2_0[2] = "value";
            long v4_4 = new String[1];
            v4_4[0] = p12;
            int v7_1 = v0_11.query("user_attributes", v2_0, "app_id=?", v4_4, 0, 0, "rowid", String.valueOf((this.n().t() + 1)));
            try {
                java.util.ArrayList v0_0;
                if (!v7_1.moveToFirst()) {
                    if (v7_1 != 0) {
                        v7_1.close();
                    }
                    v0_0 = v9_1;
                    return v0_0;
                }
            } catch (java.util.ArrayList v0_2) {
                if (v7_1 != 0) {
                    v7_1.close();
                }
                throw v0_2;
            } catch (java.util.ArrayList v0_1) {
                String v1_0 = v7_1;
                try {
                    this.l().b().a("Error querying user attributes", p12, v0_1);
                } catch (java.util.ArrayList v0_2) {
                    v7_1 = v1_0;
                }
                if (v1_0 != null) {
                    v1_0.close();
                }
                v0_0 = 0;
                return v0_0;
            }
            do {
                String v3_4 = v7_1.getString(0);
                long v4_5 = v7_1.getLong(1);
                Object v6_1 = this.b(v7_1, 2);
                if (v6_1 != null) {
                    v9_1.add(new com.google.android.gms.measurement.internal.e(p12, v3_4, v4_5, v6_1));
                } else {
                    this.l().b().a("Read invalid user attribute value, ignoring it");
                }
            } while(v7_1.moveToNext());
            if (v9_1.size() > this.n().t()) {
                this.l().b().a("Loaded too many user attributes");
                v9_1.remove(this.n().t());
            }
            if (v7_1 != 0) {
                v7_1.close();
            }
            v0_0 = v9_1;
            return v0_0;
        } catch (java.util.ArrayList v0_2) {
            v7_1 = 0;
        } catch (java.util.ArrayList v0_1) {
            v1_0 = 0;
        }
    }

Method com.google.android.gms.measurement.internal.j.a() calling method android.database.sqlite.SQLiteDatabase.query()


    public com.google.android.gms.measurement.internal.p a(String p13, String p14)
    {
        android.database.Cursor v10 = 0;
        com.google.android.gms.common.internal.aj.a(p13);
        com.google.android.gms.common.internal.aj.a(p14);
        this.e();
        this.y();
        try {
            com.google.android.gms.measurement.internal.ab v0_9 = this.q();
            String v2_5 = new String[3];
            v2_5[0] = "lifetime_count";
            v2_5[1] = "current_bundle_count";
            v2_5[2] = "last_fire_timestamp";
            long v4_4 = new String[2];
            v4_4[0] = p13;
            v4_4[1] = p14;
            android.database.Cursor v11 = v0_9.query("events", v2_5, "app_id=? and name=?", v4_4, 0, 0, 0);
            try {
                com.google.android.gms.measurement.internal.p v1_2;
                if (v11.moveToFirst()) {
                    v1_2 = new com.google.android.gms.measurement.internal.p(p13, p14, v11.getLong(0), v11.getLong(1), v11.getLong(2));
                    if (v11.moveToNext()) {
                        this.l().b().a("Got multiple records for event aggregates, expected one");
                    }
                    if (v11 == null) {
                        return v1_2;
                    } else {
                        v11.close();
                        return v1_2;
                    }
                } else {
                    if (v11 != null) {
                        v11.close();
                    }
                    v1_2 = 0;
                    return v1_2;
                }
            } catch (com.google.android.gms.measurement.internal.ab v0_1) {
                v10 = v11;
                if (v10 != null) {
                    v10.close();
                }
                throw v0_1;
            } catch (com.google.android.gms.measurement.internal.ab v0_0) {
                com.google.android.gms.measurement.internal.p v1_0 = v11;
                try {
                    this.l().b().a("Error querying events", p13, p14, v0_0);
                } catch (com.google.android.gms.measurement.internal.ab v0_1) {
                    v10 = v1_0;
                }
                if (v1_0 != null) {
                    v1_0.close();
                }
                v1_2 = 0;
                return v1_2;
            }
        } catch (com.google.android.gms.measurement.internal.ab v0_1) {
        } catch (com.google.android.gms.measurement.internal.ab v0_0) {
            v1_0 = 0;
        }
    }