CX SQL_Injection @ iGoat-Swift/iGoat-Swift/Source/Exercises/Injection Flaws/SQL Injection/SQLInjectionExerciseVC.swift [master]

[tsunez]

SQL_Injection issue exists @ iGoat-Swift/iGoat-Swift/Source/Exercises/Injection Flaws/SQL Injection/SQLInjectionExerciseVC.swift in branch master

Method search at line 7 of iGoat-Swift\iGoat-Swift\Source\Exercises\Injection Flaws\SQL Injection\SQLInjectionExerciseVC.swift gets user input from the text element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method search at line 7 of iGoat-Swift\iGoat-Swift\Source\Exercises\Injection Flaws\SQL Injection\SQLInjectionExerciseVC.swift. This may enable an SQL Injection attack.

Severity: High

CWE:89

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: [17](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Injection Flaws/SQL Injection/SQLInjectionExerciseVC.swift#L17)

---

[Code (Line #17):](https://github.com/Custodela/iGoat-Swift/blob/master/iGoat-Swift/iGoat-Swift/Source/Exercises/Injection Flaws/SQL Injection/SQLInjectionExerciseVC.swift#L17)

             searchStr = "%" + "\(searchField.text!)" + "%"

---

[tsunez]

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

[tsunez]

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

[tsunez]

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)