Info Call to SQLite query API

Description

Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting of an SQL query via the input data from the client to the application

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method WA.b() calling method android.database.sqlite.SQLiteDatabase.update()


    public void b(TB p7)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = p7.a(1);
        android.content.ContentValues v2_1 = this.b;
        String[] v3_1 = new String[2];
        v3_1[0] = p7.b();
        v3_1[1] = p7.c();
        v0.update("userinfo", v2_1, "serverid = ? AND userid = ? ", v3_1);
        v0.close();
        return;
    }

Method WA.b() calling method android.database.sqlite.SQLiteDatabase.update()


    public void b(SB p7)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = p7.a(1);
        android.content.ContentValues v2_1 = this.b;
        String[] v3_1 = new String[5];
        v3_1[0] = p7.h();
        v3_1[1] = p7.j();
        v3_1[2] = p7.a();
        v3_1[3] = p7.c();
        v3_1[4] = p7.f();
        v0.update("user_details", v2_1, "serverid = ? AND userid = ? AND language = ? AND ou = ? AND role = ? ", v3_1);
        v0.close();
        return;
    }

Method WA.b() calling method android.database.sqlite.SQLiteDatabase.update()


    public void b(OB p5)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = p5.a(1);
        android.content.ContentValues v2_1 = this.b;
        String[] v1_1 = new String[1];
        v1_1[0] = p5.e();
        v0.update("serverList", v2_1, "name = ?", v1_1);
        v0.close();
        return;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.update()


    public void a(String p5, String p6)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = new android.content.ContentValues();
        this.b.put("current", "0");
        android.content.ContentValues v1_3 = this.b;
        String[] v2_1 = new String[2];
        v2_1[0] = p5;
        v2_1[1] = p6;
        v0.update("user_details", v1_3, "serverid = ? AND userid = ? ", v2_1);
        v0.close();
        return;
    }

Method WA.j() calling method android.database.sqlite.SQLiteDatabase.rawQuery()


    public boolean j(String p5)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getReadableDatabase();
        int v1 = 1;
        int v2_1 = new String[1];
        v2_1[0] = p5;
        android.database.Cursor v5_2 = v0.rawQuery("SELECT  * FROM serverList WHERE  UPPER(name) =  UPPER(?)", v2_1);
        int v2_0 = v5_2.getCount();
        v5_2.close();
        v0.close();
        if (v2_0 <= 0) {
            v1 = 0;
        }
        return v1;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.rawQuery()


    public java.util.List a()
    {
        java.util.ArrayList v0_1 = new java.util.ArrayList();
        android.database.sqlite.SQLiteDatabase v1 = this.getReadableDatabase();
        android.database.Cursor v2_1 = v1.rawQuery("SELECT  id , name , apptitle , url , platform , version , ssin , wssourl , spwd , hashcode , userid , other , selected FROM serverList", 0);
        if (v2_1 != null) {
            if ((v2_1.getCount() > 0) && (v2_1.moveToFirst())) {
                do {
                    boolean v3_2 = new OB;
                    v3_2(v2_1.getString(0), v2_1.getString(1), v2_1.getString(2), v2_1.getString(3), v2_1.getString(4), v2_1.getString(5), v2_1.getString(6), v2_1.getString(7), v2_1.getString(8), v2_1.getString(9), v2_1.getString(10), v2_1.getString(11), v2_1.getInt(12));
                    v0_1.add(v3_2);
                } while(v2_1.moveToNext());
            }
            v2_1.close();
        }
        v1.close();
        return v0_1;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.insert()


    public void a(TB p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = p4.a(0);
        v0.insert("userinfo", 0, this.b);
        v0.close();
        return;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.insert()


    public void a(SB p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = p4.a(0);
        v0.insert("user_details", 0, this.b);
        v0.close();
        return;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.insert()


    public void a(OB p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        this.b = p4.a(0);
        v0.insert("serverList", 0, this.b);
        v0.close();
        return;
    }

Method WA.onUpgrade() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void onUpgrade(android.database.sqlite.SQLiteDatabase p1, int p2, int p3)
    {
        p1.execSQL("DROP TABLE IF EXISTS notes");
        p1.execSQL("DROP TABLE IF EXISTS serverList");
        p1.execSQL("DROP TABLE IF EXISTS uicustomstyle");
        p1.execSQL("DROP TABLE IF EXISTS userinfo");
        p1.execSQL("DROP TABLE IF EXISTS user_details");
        p1.execSQL("DROP TABLE IF EXISTS myList");
        p1.execSQL("DROP TABLE IF EXISTS recentActivities");
        this.onCreate(p1);
        return;
    }

Method WA.onCreate() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void onCreate(android.database.sqlite.SQLiteDatabase p2)
    {
        p2.execSQL("CREATE TABLE notes(serverid TEXT,userid TEXT,noteid TEXT, notedesc TEXT )");
        p2.execSQL("CREATE TABLE serverList(id TEXT ,name TEXT,apptitle TEXT,url TEXT,platform TEXT,version TEXT,ssin TEXT,wssourl TEXT,spwd TEXT,hashcode TEXT,selected INTEGER,userid TEXT,other TEXT )");
        p2.execSQL("CREATE TABLE uicustomstyle(serverid TEXT,type TEXT,controlname TEXT,styletype TEXT,value TEXT )");
        p2.execSQL("CREATE TABLE userinfo(serverid TEXT,userid TEXT,username TEXT,userfullname TEXT,imageid TEXT, password TEXT )");
        p2.execSQL("CREATE TABLE user_details(serverid TEXT,userid TEXT,language TEXT,languagedesc TEXT,ou TEXT,oudesc TEXT,role TEXT,roledesc TEXT,pref TEXT,menu TEXT,sysmenu TEXT,current INTEGER,lastlogin TEXT )");
        p2.execSQL("CREATE TABLE myList(serverid TEXT, userid TEXT, sequence TEXT, name TEXT, desc TEXT, imageid TEXT, ui TEXT, uigroup TEXT, pkgroup TEXT, quickcode TEXT, isedk INTEGER, value TEXT )");
        p2.execSQL("CREATE TABLE recentActivities(serverid TEXT, userid TEXT, sequence TEXT, name TEXT, desc TEXT, imageid TEXT, ui TEXT, uigroup TEXT, pkgroup TEXT, quickcode TEXT, isedk INTEGER, value TEXT )");
        return;
    }

Method WA.g() calling method android.database.sqlite.SQLiteDatabase.execSQL()


    public void g(String p2)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        v0.execSQL(p2);
        v0.close();
        return;
    }

Method WA.f() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void f(String p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        String[] v1_1 = new String[1];
        v1_1[0] = p4;
        v0.delete("userinfo", "serverid = ?", v1_1);
        v0.close();
        return;
    }

Method WA.e() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void e(String p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        String[] v1_1 = new String[1];
        v1_1[0] = p4;
        v0.delete("user_details", "serverid = ?", v1_1);
        v0.close();
        return;
    }

Method WA.d() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void d(String p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        String[] v1_1 = new String[1];
        v1_1[0] = p4;
        v0.delete("uicustomstyle", "serverid = ? ", v1_1);
        v0.close();
        return;
    }

Method WA.c() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void c(String p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        String[] v1_1 = new String[1];
        v1_1[0] = p4;
        v0.delete("recentActivities", "serverid = ? ", v1_1);
        v0.close();
        return;
    }

Method WA.b() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void b(String p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        String[] v1_1 = new String[1];
        v1_1[0] = p4;
        v0.delete("notes", "userid = ?", v1_1);
        v0.close();
        return;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void a(java.util.List p6)
    {
        android.database.sqlite.SQLiteDatabase v0_2 = new String[p6.size()];
        String v6_4 = p6.iterator();
        int v1_3 = 0;
        while (v6_4.hasNext()) {
            String v2_3 = ((OB) v6_4.next());
            StringBuilder v3_1 = new StringBuilder();
            v3_1.append("\"");
            v3_1.append(v2_3.e());
            v3_1.append("\"");
            v0_2[v1_3] = v3_1.toString();
            v1_3++;
        }
        String v6_1 = android.text.TextUtils.join(",", v0_2);
        android.database.sqlite.SQLiteDatabase v0_1 = this.getWritableDatabase();
        int v1_1 = new StringBuilder();
        v1_1.append("name in (");
        v1_1.append(v6_1);
        v1_1.append(")");
        v0_1.delete("serverList", v1_1.toString(), 0);
        v0_1.close();
        return;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.delete()


    public void a(String p4)
    {
        android.database.sqlite.SQLiteDatabase v0 = this.getWritableDatabase();
        String[] v1_1 = new String[1];
        v1_1[0] = p4;
        v0.delete("myList", "serverid = ? ", v1_1);
        v0.close();
        return;
    }

Method WA.i() calling method android.database.sqlite.SQLiteDatabase.query()


    public OB i(String p25)
    {
        android.database.sqlite.SQLiteDatabase v9 = this.getReadableDatabase();
        String v12 = "apptitle";
        String v14 = "platform";
        String v16 = "ssin";
        String v18 = "spwd";
        String v20 = "userid";
        android.database.Cursor v0_1 = new StringBuilder();
        v0_1.append("lower(url)=\'");
        v0_1.append(p25.toLowerCase(java.util.Locale.getDefault()));
        v0_1.append("\'");
        android.database.Cursor v0_3 = v9.query("serverList", new String[] {"id", "other"}), v0_1.toString(), 0, 0, 0, 0, 0);
        OB v1_5 = 0;
        if (v0_3 != null) {
            if (v0_3.getCount() > 0) {
                v0_3.moveToFirst();
                v1_5 = new OB;
                v1_5(v0_3.getString(0), v0_3.getString(1), v0_3.getString(2), v0_3.getString(3), v0_3.getString(4), v0_3.getString(5), v0_3.getString(6), v0_3.getString(7), v0_3.getString(8), v0_3.getString(9), v0_3.getString(10), v0_3.getString(11), 1);
            }
            v0_3.close();
        }
        v9.close();
        return v1_5;
    }

Method WA.h() calling method android.database.sqlite.SQLiteDatabase.query()


    public OB h(String p25)
    {
        android.database.sqlite.SQLiteDatabase v9 = this.getReadableDatabase();
        String v12 = "apptitle";
        String v14 = "platform";
        String v16 = "ssin";
        String v18 = "spwd";
        String v20 = "userid";
        android.database.Cursor v0_1 = new StringBuilder();
        v0_1.append("lower(name)=\'");
        v0_1.append(p25.toLowerCase(java.util.Locale.getDefault()));
        v0_1.append("\'");
        android.database.Cursor v0_3 = v9.query("serverList", new String[] {"id", "other"}), v0_1.toString(), 0, 0, 0, 0, 0);
        OB v1_5 = 0;
        if (v0_3 != null) {
            if (v0_3.getCount() > 0) {
                v0_3.moveToFirst();
                v1_5 = new OB;
                v1_5(v0_3.getString(0), v0_3.getString(1), v0_3.getString(2), v0_3.getString(3), v0_3.getString(4), v0_3.getString(5), v0_3.getString(6), v0_3.getString(7), v0_3.getString(8), v0_3.getString(9), v0_3.getString(10), v0_3.getString(11), 1);
            }
            v0_3.close();
        }
        v9.close();
        return v1_5;
    }

Method WA.c() calling method android.database.sqlite.SQLiteDatabase.query()


    public TB c(String p14, String p15)
    {
        android.database.sqlite.SQLiteDatabase v9 = this.getReadableDatabase();
        String v4_1 = new String[2];
        v4_1[0] = p14;
        v4_1[1] = p15;
        android.database.Cursor v15_1 = v9.query("userinfo", new String[] {"username", "userfullname", "imageid", "password"}), "serverid= ? AND userid = ?", v4_1, 0, 0, 0, 0);
        TB v0_2 = 0;
        if (v15_1 != null) {
            if ((v15_1.getCount() > 0) && (v15_1.moveToFirst())) {
                v0_2 = new TB;
                v0_2(p14, v15_1.getString(0), v15_1.getString(1), v15_1.getString(2), v15_1.getString(3));
            }
            v15_1.close();
        }
        v9.close();
        return v0_2;
    }

Method WA.b() calling method android.database.sqlite.SQLiteDatabase.query()


    public SB b(String p27, String p28)
    {
        android.database.sqlite.SQLiteDatabase v9 = this.getReadableDatabase();
        SB v12 = "ou";
        String v14 = "role";
        String v16 = "pref";
        String v18 = "sysmenu";
        String[] v4 = new String[3];
        v4[0] = p27;
        v4[1] = p28;
        v4[2] = "1";
        android.database.Cursor v0_2 = v9.query("user_details", new String[] {"language", "lastlogin"}), "serverid=? AND userid=? AND current=? ", v4, 0, 0, 0, 0);
        SB v1_1 = 0;
        if (v0_2 != null) {
            if ((v0_2.getCount() > 0) && (v0_2.moveToFirst())) {
                v1_1 = new SB;
                v1_1(p27, p28, v0_2.getString(0), v0_2.getString(1), v0_2.getString(2), v0_2.getString(3), v0_2.getString(4), v0_2.getString(5), v0_2.getString(6), v0_2.getString(7), v0_2.getString(8), v0_2.getInt(9), v0_2.getString(10));
            }
            v0_2.close();
        }
        v9.close();
        return v1_1;
    }

Method WA.b() calling method android.database.sqlite.SQLiteDatabase.query()


    public OB b()
    {
        android.database.sqlite.SQLiteDatabase v9 = this.getReadableDatabase();
        String v12 = "apptitle";
        String v14 = "platform";
        String v16 = "ssin";
        String v18 = "spwd";
        String v20 = "userid";
        android.database.Cursor v0_1 = v9.query("serverList", new String[] {"id", "other"}), "selected=1", 0, 0, 0, 0, 0);
        OB v1_1 = 0;
        if (v0_1 != null) {
            if (v0_1.getCount() > 0) {
                v0_1.moveToFirst();
                v1_1 = new OB;
                v1_1(v0_1.getString(0), v0_1.getString(1), v0_1.getString(2), v0_1.getString(3), v0_1.getString(4), v0_1.getString(5), v0_1.getString(6), v0_1.getString(7), v0_1.getString(8), v0_1.getString(9), v0_1.getString(10), v0_1.getString(11), 1);
            }
            v0_1.close();
        }
        v9.close();
        return v1_1;
    }

Method WA.a() calling method android.database.sqlite.SQLiteDatabase.query()


    public SB a(String p27, String p28, String p29, String p30, String p31)
    {
        android.database.sqlite.SQLiteDatabase v9 = this.getReadableDatabase();
        SB v12 = "ou";
        String v14 = "role";
        String v16 = "pref";
        String v18 = "sysmenu";
        String[] v4 = new String[5];
        v4[0] = p27;
        v4[1] = p28;
        v4[2] = p29;
        v4[3] = p30;
        v4[4] = p31;
        android.database.Cursor v0_1 = v9.query("user_details", new String[] {"language", "lastlogin"}), "serverid=? AND userid=? AND language=? AND ou=? AND role=?", v4, 0, 0, 0, 0);
        SB v1_1 = 0;
        if (v0_1 != null) {
            if ((v0_1.getCount() > 0) && (v0_1.moveToFirst())) {
                v1_1 = new SB;
                v1_1(p27, p28, v0_1.getString(0), v0_1.getString(1), v0_1.getString(2), v0_1.getString(3), v0_1.getString(4), v0_1.getString(5), v0_1.getString(6), v0_1.getString(7), v0_1.getString(8), v0_1.getInt(9), v0_1.getString(10));
            }
            v0_1.close();
        }
        v9.close();
        return v1_1;
    }