Info Call to SQLite query API

Description

Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting of an SQL query via the input data from the client to the application

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method com.jumptap.adtag.db.DBManager$JtSQLiteOpenHelper.onUpgrade() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void onUpgrade(android.database.sqlite.SQLiteDatabase p3, int p4, int p5)
    {
        android.util.Log.w("JtAd", "Upgrading database, this will drop tables and recreate.");
        p3.execSQL("DROP TABLE IF EXISTS pending_events; DROP TABLE IF EXISTS video_cache;");
        this.onCreate(p3);
        return;
    }

Method com.jumptap.adtag.db.DBManager$JtSQLiteOpenHelper.onCreate() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void onCreate(android.database.sqlite.SQLiteDatabase p3)
    {
        android.util.Log.w("JtAd", "Creating database.");
        p3.execSQL("CREATE TABLE IF NOT EXISTS pending_events(id INTEGER PRIMARY KEY, eventType TEXT, date TEXT, url TEXT);");
        p3.execSQL("CREATE TABLE IF NOT EXISTS video_cache(id INTEGER PRIMARY KEY, adid INTEGER,date TEXT);");
        return;
    }

Method com.jumptap.adtag.db.DBManager.deleteVideoCacheItemById() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void deleteVideoCacheItemById(int p10)
    {
        try {
            if (this.db.isOpen()) {
                android.database.sqlite.SQLiteDatabase v2_3 = this.db;
                String[] v6_0 = new String[1];
                v6_0[0] = Integer.toString(p10);
                v2_3.delete("video_cache", "id=?", v6_0);
            } else {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteDatabase v2_2) {
            throw v2_2;
        }
        return;
    }

Method com.jumptap.adtag.db.DBManager.deleteVideoCacheItemByAdId() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void deleteVideoCacheItemByAdId(String p9)
    {
        try {
            if (this.db.isOpen()) {
                android.database.sqlite.SQLiteDatabase v2_3 = this.db;
                String[] v6_0 = new String[1];
                v6_0[0] = p9;
                v2_3.delete("video_cache", "adid=?", v6_0);
            } else {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteDatabase v2_2) {
            throw v2_2;
        }
        return;
    }

Method com.jumptap.adtag.db.DBManager.deleteEventById() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void deleteEventById(int p10)
    {
        try {
            if (this.db.isOpen()) {
                android.database.sqlite.SQLiteDatabase v2_3 = this.db;
                String[] v6_0 = new String[1];
                v6_0[0] = Integer.toString(p10);
                v2_3.delete("pending_events", "id=?", v6_0);
            } else {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteDatabase v2_2) {
            throw v2_2;
        }
        return;
    }

Method com.jumptap.adtag.db.DBManager.deleteAllVideoCacheItems() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void deleteAllVideoCacheItems()
    {
        try {
            if (this.db.isOpen()) {
                this.db.delete("video_cache", 0, 0);
            } else {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteDatabase v2_2) {
            throw v2_2;
        }
        return;
    }

Method com.jumptap.adtag.db.DBManager.deleteAllPendingEvents() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void deleteAllPendingEvents()
    {
        try {
            if (this.db.isOpen()) {
                this.db.delete("pending_events", 0, 0);
            } else {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteDatabase v2_2) {
            throw v2_2;
        }
        return;
    }

Method com.jumptap.adtag.db.DBManager.insertVideoCacheItem() calling method android.database.sqlite.SQLiteDatabase.compileStatement()


    public long insertVideoCacheItem(com.jumptap.adtag.media.VideoCacheItem p6)
    {
        try {
            if (!this.db.isOpen()) {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteStatement v1_4) {
            throw v1_4;
        }
        this.insertStmt = this.db.compileStatement("insert into video_cache(adid,date) values (?,?)");
        this.insertStmt.bindString(1, p6.getAdID());
        this.insertStmt.bindString(2, p6.getDate());
        return this.insertStmt.executeInsert();
    }

Method com.jumptap.adtag.db.DBManager.insertEvent() calling method android.database.sqlite.SQLiteDatabase.compileStatement()


    public long insertEvent(com.jumptap.adtag.events.JtEvent p6)
    {
        try {
            if (!this.db.isOpen()) {
                this.openDB();
            }
        } catch (android.database.sqlite.SQLiteStatement v1_5) {
            throw v1_5;
        }
        this.insertStmt = this.db.compileStatement("insert into pending_events(eventType,date,url) values (?,?,?)");
        this.insertStmt.bindString(1, p6.getEventType().name());
        this.insertStmt.bindString(2, p6.getDate());
        this.insertStmt.bindString(3, p6.getUrl());
        return this.insertStmt.executeInsert();
    }

Method com.jumptap.adtag.db.DBManager.selectAllVideoCacheItems() calling method android.database.sqlite.SQLiteDatabase.query()


    public java.util.List selectAllVideoCacheItems()
    {
        try {
            java.util.ArrayList v13_1 = new java.util.ArrayList();
        } catch (boolean v0_9) {
            throw v0_9;
        }
        if (!this.db.isOpen()) {
            this.openDB();
        }
        boolean v0_10 = this.db;
        String[] v2_1 = new String[3];
        v2_1[0] = "id";
        v2_1[1] = "adid";
        v2_1[2] = "date";
        android.database.Cursor v9 = v0_10.query("video_cache", v2_1, 0, 0, 0, 0, "id desc");
        if (v9.moveToFirst()) {
            do {
                v13_1.add(new com.jumptap.adtag.media.VideoCacheItem(v9.getInt(0), v9.getString(1), v9.getString(2)));
            } while(v9.moveToNext());
        }
        if ((v9 != null) && (!v9.isClosed())) {
            v9.close();
        }
        return v13_1;
    }

Method com.jumptap.adtag.db.DBManager.selectAllEvents() calling method android.database.sqlite.SQLiteDatabase.query()


    public java.util.List selectAllEvents()
    {
        android.database.Cursor v12 = 0;
        int v10_0 = 0;
        try {
            java.util.ArrayList v19_1 = new java.util.ArrayList();
        } catch (int v2_9) {
            if (v12 != null) {
                if (!v12.isClosed()) {
                    v12.close();
                }
            }
            if (v10_0 != 0) {
                if (v10_0.size() > 10) {
                    java.util.Iterator v16_1 = v10_0.iterator();
                }
            }
            throw v2_9;
        } catch (int v2_5) {
            throw v2_5;
        }
        if (!this.db.isOpen()) {
            this = this.openDB();
        }
        int v2_3 = this.db;
        int v4_1 = new String[4];
        v4_1[0] = "id";
        v4_1[1] = "eventType";
        v4_1[2] = "date";
        v4_1[3] = "url";
        v12 = v2_3.query("pending_events", v4_1, 0, 0, 0, 0, "id asc");
        if (v12.moveToFirst()) {
            do {
                int v11 = v10_0;
                int v17 = v12.getInt(0);
                if (v12.getString(1) == null) {
                    if (v11 != 0) {
                        v10_0 = v11;
                    } else {
                        v10_0 = new java.util.ArrayList();
                    }
                    v10_0.add(new Integer(v17));
                } else {
                    v19_1.add(new com.jumptap.adtag.events.JtEvent(v17, v12.getString(3), com.jumptap.adtag.events.EventType.valueOf(v12.getString(1)), v12.getString(2)));
                    v10_0 = v11;
                }
            } while(v12.moveToNext());
        }
        if ((v12 != null) && (!v12.isClosed())) {
            v12.close();
        }
        if ((v10_0 != 0) && (v10_0.size() > 10)) {
            java.util.Iterator v16_0 = v10_0.iterator();
            while (v16_0.hasNext()) {
                this.deleteEventById(((Integer) v16_0.next()).intValue());
            }
        }
        return v19_1;
    }