Info Call to SQLite query API

Description

Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting of an SQL query via the input data from the client to the application

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase$2.newCursor() calling method android.database.sqlite.SQLiteCursor.<init>()


    public android.database.Cursor newCursor(android.database.sqlite.SQLiteDatabase p3, android.database.sqlite.SQLiteCursorDriver p4, String p5, android.database.sqlite.SQLiteQuery p6)
    {
        this.val$supportQuery.bindTo(new android.arch.persistence.db.framework.FrameworkSQLiteProgram(p6));
        return new android.database.sqlite.SQLiteCursor(p4, p5, p6);
    }

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase$1.newCursor() calling method android.database.sqlite.SQLiteCursor.<init>()


    public android.database.Cursor newCursor(android.database.sqlite.SQLiteDatabase p3, android.database.sqlite.SQLiteCursorDriver p4, String p5, android.database.sqlite.SQLiteQuery p6)
    {
        this.val$supportQuery.bindTo(new android.arch.persistence.db.framework.FrameworkSQLiteProgram(p6));
        return new android.database.sqlite.SQLiteCursor(p4, p5, p6);
    }

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase.query() calling method android.database.sqlite.SQLiteDatabase.rawQueryWithFactory()


    public android.database.Cursor query(android.arch.persistence.db.SupportSQLiteQuery p7, android.os.CancellationSignal p8)
    {
        return this.mDelegate.rawQueryWithFactory(new android.arch.persistence.db.framework.FrameworkSQLiteDatabase$2(this, p7), p7.getSql(), android.arch.persistence.db.framework.FrameworkSQLiteDatabase.EMPTY_STRING_ARRAY, 0, p8);
    }

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase.query() calling method android.database.sqlite.SQLiteDatabase.rawQueryWithFactory()


    public android.database.Cursor query(android.arch.persistence.db.SupportSQLiteQuery p6)
    {
        return this.mDelegate.rawQueryWithFactory(new android.arch.persistence.db.framework.FrameworkSQLiteDatabase$1(this, p6), p6.getSql(), android.arch.persistence.db.framework.FrameworkSQLiteDatabase.EMPTY_STRING_ARRAY, 0);
    }

Method io.fabric.sdk.android.FabricContext.openOrCreateDatabase() calling method android.database.sqlite.SQLiteDatabase.openOrCreateDatabase()


    public android.database.sqlite.SQLiteDatabase openOrCreateDatabase(String p2, int p3, android.database.sqlite.SQLiteDatabase$CursorFactory p4, android.database.DatabaseErrorHandler p5)
    {
        return android.database.sqlite.SQLiteDatabase.openOrCreateDatabase(this.getDatabasePath(p2).getPath(), p4, p5);
    }

Method io.fabric.sdk.android.FabricContext.openOrCreateDatabase() calling method android.database.sqlite.SQLiteDatabase.openOrCreateDatabase()


    public android.database.sqlite.SQLiteDatabase openOrCreateDatabase(String p2, int p3, android.database.sqlite.SQLiteDatabase$CursorFactory p4)
    {
        return android.database.sqlite.SQLiteDatabase.openOrCreateDatabase(this.getDatabasePath(p2), p4);
    }

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase.execSQL() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void execSQL(String p2, Object[] p3)
    {
        this.mDelegate.execSQL(p2, p3);
        return;
    }

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase.execSQL() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void execSQL(String p2)
    {
        this.mDelegate.execSQL(p2);
        return;
    }

Method com.google.android.gms.common.util.DbUtils.zza() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    private static varargs void zza(android.database.sqlite.SQLiteDatabase p11, String p12, String[] p13)
    {
        if ((!"table".equals(p12)) && ((!"view".equals(p12)) && (!"trigger".equals(p12)))) {
            int v0_3 = 0;
        } else {
            v0_3 = 1;
        }
        com.google.android.gms.common.internal.Preconditions.checkArgument(v0_3);
        String[] v7 = new String[1];
        v7[0] = p12;
        int v0_6 = p11.query("SQLITE_MASTER", new String[] {"name"}), "type == ?", v7, 0, 0, 0);
        Throwable v1_1 = 0;
        try {
            java.util.Set v13_1 = com.google.android.gms.common.util.CollectionUtils.setOf(p13);
        } catch (Throwable v11_2) {
            if (v0_6 != 0) {
                if (v1_1 == null) {
                    v0_6.close();
                } else {
                    try {
                        v0_6.close();
                    } catch (Throwable v12_1) {
                        com.google.android.gms.internal.stable.zzk.zza(v1_1, v12_1);
                    }
                }
            }
            throw v11_2;
        } catch (Throwable v11_1) {
            v1_1 = v11_1;
            throw v1_1;
        }
        while (v0_6.moveToNext()) {
            String v3_2 = v0_6.getString(0);
            if (!v13_1.contains(v3_2)) {
                StringBuilder v5_4 = new StringBuilder(((String.valueOf(p12).length() + 8) + String.valueOf(v3_2).length()));
                v5_4.append("DROP ");
                v5_4.append(p12);
                v5_4.append(" \'");
                v5_4.append(v3_2);
                v5_4.append("\'");
                p11.execSQL(v5_4.toString());
            }
        }
        if (v0_6 != 0) {
            v0_6.close();
        }
        return;
    }

Method android.arch.persistence.db.framework.FrameworkSQLiteDatabase.compileStatement() calling method android.database.sqlite.SQLiteDatabase.compileStatement()


    public android.arch.persistence.db.SupportSQLiteStatement compileStatement(String p3)
    {
        return new android.arch.persistence.db.framework.FrameworkSQLiteStatement(this.mDelegate.compileStatement(p3));
    }

Method com.google.android.gms.common.util.DbUtils.zza() calling method android.database.sqlite.SQLiteDatabase.query()


    private static varargs void zza(android.database.sqlite.SQLiteDatabase p11, String p12, String[] p13)
    {
        if ((!"table".equals(p12)) && ((!"view".equals(p12)) && (!"trigger".equals(p12)))) {
            int v0_3 = 0;
        } else {
            v0_3 = 1;
        }
        com.google.android.gms.common.internal.Preconditions.checkArgument(v0_3);
        String[] v7 = new String[1];
        v7[0] = p12;
        int v0_6 = p11.query("SQLITE_MASTER", new String[] {"name"}), "type == ?", v7, 0, 0, 0);
        Throwable v1_1 = 0;
        try {
            java.util.Set v13_1 = com.google.android.gms.common.util.CollectionUtils.setOf(p13);
        } catch (Throwable v11_2) {
            if (v0_6 != 0) {
                if (v1_1 == null) {
                    v0_6.close();
                } else {
                    try {
                        v0_6.close();
                    } catch (Throwable v12_1) {
                        com.google.android.gms.internal.stable.zzk.zza(v1_1, v12_1);
                    }
                }
            }
            throw v11_2;
        } catch (Throwable v11_1) {
            v1_1 = v11_1;
            throw v1_1;
        }
        while (v0_6.moveToNext()) {
            String v3_2 = v0_6.getString(0);
            if (!v13_1.contains(v3_2)) {
                StringBuilder v5_4 = new StringBuilder(((String.valueOf(p12).length() + 8) + String.valueOf(v3_2).length()));
                v5_4.append("DROP ");
                v5_4.append(p12);
                v5_4.append(" \'");
                v5_4.append(v3_2);
                v5_4.append("\'");
                p11.execSQL(v5_4.toString());
            }
        }
        if (v0_6 != 0) {
            v0_6.close();
        }
        return;
    }