CX SQL_Injection @ app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java [master]

**SQL_Injection** issue exists @ **app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java** in branch **master**

*Method saveCredentials at line 63 of app\src\main\java\jakhar\aseem\diva\InsecureDataStorage2Activity.java gets user input from the getText element. This element&#8217;s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method saveCredentials at line 63 of app\src\main\java\jakhar\aseem\diva\InsecureDataStorage2Activity.java. This may enable an SQL Injection attack.*

Severity: High
CWE:89
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/89.html)
[Internal Guidance](https://custodela.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)
Lines: [67](https://github.com/Custodela/diva-android//blob/master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java#L67) 

---
[Code (Line #67):](https://github.com/Custodela/diva-android//blob/master/app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java#L67)
```
            mDB.execSQL("INSERT INTO myuser VALUES ('"+ usr.getText().toString() +"', '"+ pwd.getText().toString() +"');");
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX SQL_Injection @ app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java [master] #1

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX SQL_Injection @ app/src/main/java/jakhar/aseem/diva/InsecureDataStorage2Activity.java [master] #1

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions