Potentially SQL injection

Description

Improper SQL query construction could lead to SQL injection. An SQL injection attack consists of injecting of an SQL query via the input data from the client to the application

Recommendation

Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks or access unauthorized content.

Technical details
[TAINT] Parameter '1' ==>>> Sink '['Landroid/database/sqlite/SQLiteDatabase;', 'delete', '(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String;)I', '1', 'SQL_SINK']' [[('Lcom/android/insecurebankv2/TrackUserContentProvider;', 'delete', '(Landroid/net/Uri; Ljava/lang/String; [Ljava/lang/String;)I'), ('Landroid/database/sqlite/SQLiteDatabase;', 'delete', '(Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String;)I')]]

User controlled parameter is used to construct an SQL parameter vulnerable to SQL injection

Method com.android.insecurebankv2.TrackUserContentProvider.delete():


    public int delete(android.net.Uri p5, String p6, String[] p7)
    {
        if (com.android.insecurebankv2.TrackUserContentProvider.uriMatcher.match(p5) == 1) {
            int v0 = this.db.delete("names", p6, p7);
            this.getContext().getContentResolver().notifyChange(p5, 0);
            return v0;
        } else {
            int v2_2 = new StringBuilder();
            v2_2.append("Unknown URI ");
            v2_2.append(p5);
            throw new IllegalArgumentException(v2_2.toString());
        }
    }

Method android.database.sqlite.SQLiteDatabase.delete() not found.

[TAINT] Parameter '1' ==>>> Sink '['Landroid/database/sqlite/SQLiteQueryBuilder;', 'query', '(Landroid/database/sqlite/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;', '1', 'SQL_SINK']' [[('Lcom/android/insecurebankv2/TrackUserContentProvider;', 'query', '(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;'), ('Landroid/database/sqlite/SQLiteQueryBuilder;', 'query', '(Landroid/database/sqlite/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;')]]

User controlled parameter is used to construct an SQL parameter vulnerable to SQL injection

Method com.android.insecurebankv2.TrackUserContentProvider.query():


    public android.database.Cursor query(android.net.Uri p10, String[] p11, String p12, String[] p13, String p14)
    {
        android.database.sqlite.SQLiteQueryBuilder v0_1 = new android.database.sqlite.SQLiteQueryBuilder();
        v0_1.setTables("names");
        if (com.android.insecurebankv2.TrackUserContentProvider.uriMatcher.match(p10) == 1) {
            v0_1.setProjectionMap(com.android.insecurebankv2.TrackUserContentProvider.values);
            if ((p14 == null) || (p14 == "")) {
                p14 = "name";
            }
            android.database.Cursor v1_3 = v0_1.query(this.db, p11, p12, p13, 0, 0, p14);
            v1_3.setNotificationUri(this.getContext().getContentResolver(), p10);
            return v1_3;
        } else {
            android.content.ContentResolver v2_4 = new StringBuilder();
            v2_4.append("Unknown URI ");
            v2_4.append(p10);
            throw new IllegalArgumentException(v2_4.toString());
        }
    }

Method android.database.sqlite.SQLiteQueryBuilder.query() not found.

[TAINT] Parameter '2' ==>>> Sink '['Landroid/database/sqlite/SQLiteQueryBuilder;', 'query', '(Landroid/database/sqlite/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;', '2', 'SQL_SINK']' [[('Lcom/android/insecurebankv2/TrackUserContentProvider;', 'query', '(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;'), ('Landroid/database/sqlite/SQLiteQueryBuilder;', 'query', '(Landroid/database/sqlite/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;')]]

User controlled parameter is used to construct an SQL parameter vulnerable to SQL injection

Method com.android.insecurebankv2.TrackUserContentProvider.query():


    public android.database.Cursor query(android.net.Uri p10, String[] p11, String p12, String[] p13, String p14)
    {
        android.database.sqlite.SQLiteQueryBuilder v0_1 = new android.database.sqlite.SQLiteQueryBuilder();
        v0_1.setTables("names");
        if (com.android.insecurebankv2.TrackUserContentProvider.uriMatcher.match(p10) == 1) {
            v0_1.setProjectionMap(com.android.insecurebankv2.TrackUserContentProvider.values);
            if ((p14 == null) || (p14 == "")) {
                p14 = "name";
            }
            android.database.Cursor v1_3 = v0_1.query(this.db, p11, p12, p13, 0, 0, p14);
            v1_3.setNotificationUri(this.getContext().getContentResolver(), p10);
            return v1_3;
        } else {
            android.content.ContentResolver v2_4 = new StringBuilder();
            v2_4.append("Unknown URI ");
            v2_4.append(p10);
            throw new IllegalArgumentException(v2_4.toString());
        }
    }

Method android.database.sqlite.SQLiteQueryBuilder.query() not found.

[TAINT] Parameter '3' ==>>> Sink '['Landroid/database/sqlite/SQLiteQueryBuilder;', 'query', '(Landroid/database/sqlite/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;', '3', 'SQL_SINK']' [[('Lcom/android/insecurebankv2/TrackUserContentProvider;', 'query', '(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;'), ('Landroid/database/sqlite/SQLiteQueryBuilder;', 'query', '(Landroid/database/sqlite/SQLiteDatabase; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;')]]

User controlled parameter is used to construct an SQL parameter vulnerable to SQL injection

Method com.android.insecurebankv2.TrackUserContentProvider.query():


    public android.database.Cursor query(android.net.Uri p10, String[] p11, String p12, String[] p13, String p14)
    {
        android.database.sqlite.SQLiteQueryBuilder v0_1 = new android.database.sqlite.SQLiteQueryBuilder();
        v0_1.setTables("names");
        if (com.android.insecurebankv2.TrackUserContentProvider.uriMatcher.match(p10) == 1) {
            v0_1.setProjectionMap(com.android.insecurebankv2.TrackUserContentProvider.values);
            if ((p14 == null) || (p14 == "")) {
                p14 = "name";
            }
            android.database.Cursor v1_3 = v0_1.query(this.db, p11, p12, p13, 0, 0, p14);
            v1_3.setNotificationUri(this.getContext().getContentResolver(), p10);
            return v1_3;
        } else {
            android.content.ContentResolver v2_4 = new StringBuilder();
            v2_4.append("Unknown URI ");
            v2_4.append(p10);
            throw new IllegalArgumentException(v2_4.toString());
        }
    }

Method android.database.sqlite.SQLiteQueryBuilder.query() not found.

[TAINT] Parameter '2' ==>>> Sink '['Landroid/database/sqlite/SQLiteDatabase;', 'update', '(Ljava/lang/String; Landroid/content/ContentValues; Ljava/lang/String; [Ljava/lang/String;)I', '2', 'SQL_SINK']' [[('Lcom/android/insecurebankv2/TrackUserContentProvider;', 'update', '(Landroid/net/Uri; Landroid/content/ContentValues; Ljava/lang/String; [Ljava/lang/String;)I'), ('Landroid/database/sqlite/SQLiteDatabase;', 'update', '(Ljava/lang/String; Landroid/content/ContentValues; Ljava/lang/String; [Ljava/lang/String;)I')]]

User controlled parameter is used to construct an SQL parameter vulnerable to SQL injection

Method com.android.insecurebankv2.TrackUserContentProvider.update():


    public int update(android.net.Uri p5, android.content.ContentValues p6, String p7, String[] p8)
    {
        if (com.android.insecurebankv2.TrackUserContentProvider.uriMatcher.match(p5) == 1) {
            int v0 = this.db.update("names", p6, p7, p8);
            this.getContext().getContentResolver().notifyChange(p5, 0);
            return v0;
        } else {
            int v2_2 = new StringBuilder();
            v2_2.append("Unknown URI ");
            v2_2.append(p5);
            throw new IllegalArgumentException(v2_2.toString());
        }
    }

Method android.database.sqlite.SQLiteDatabase.update() not found.