Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issue: HIGH RISK vulnerables using OneSignal SDK #1452

Closed
faisalmohd83 opened this issue Oct 11, 2021 · 4 comments
Closed

Security Issue: HIGH RISK vulnerables using OneSignal SDK #1452

faisalmohd83 opened this issue Oct 11, 2021 · 4 comments

Comments

@faisalmohd83
Copy link

Description:
Below issues are reported as HIGH RISKs while Mobile Application Security Test. Appreciate it if the below issues can be addressed. Thanks.

  1. EXTERNAL DATA IN SQL QUERIES
    Inclusion of input into raw SQL queries can potentially lead to a local SQL injection vulnerability in the mobile application.
    The correct approach is to use prepared SQL statements beyond user's control.
    Some of it:
    There is 'rawQuery()' found in file 'com/onesignal/OneSignalDbHelper.java':
    Cursor rawQuery = sQLiteDatabase.rawQuery("SELECT name FROM sqlite_master WHERE type='table'", null);
    --
    also, There is 'execSQL()' found in file 'com/onesignal/outcomes/OSOutcomeTableProvider.java':
    sQLiteDatabase.execSQL(stringBuilder.toString());
    sQLiteDatabase.execSQL("DROP TABLE outcome;");
    sQLiteDatabase.execSQL(SQL_CREATE_OUTCOME_ENTRIES_V2);

  2. CLEARTEXT SQLITE DATABASE
    The mobile application uses an unencrypted SQLite database.
    This database can be accessed by an attacker with physical access to the mobile device or a malicious application with
    root access to the device. The application should not store sensitive information in cleartext.

Environment

  1. Android SDK: Android 11
  2. OneSignal SDK: 4+
  3. Add OneSignal using Maven

Steps to Reproduce Issue:

  1. Add the OneSignal SDK to your project
  2. Place your App ID in the application's Gradle file
  3. Run the Mobile Application Security Test

--
@faisalmohd83 faisalmohd83 changed the title Security Issue: Security Issue: HIGH RISK vulnerables using OneSignal SDK Oct 12, 2021
@jkasten2
Copy link
Member

@faisalmohd83 Thanks for reporting this issue. We have reviewed the code and we not able to find any SQL injection vulnerabilities in the code. The local database for OneSignal is not encrypted but other apps can't access due to the permissions and location of the SQL database.

However we will look into seeing what we can do to add a SQL injection test to our CI pipeline to ensure we continue to ensure this isn't a future issue.

@yasht01
Copy link

yasht01 commented Dec 22, 2023
edited
Loading

Hey @jkasten2 this was reported by the SecOps team for our app too. Can you share any update for these SQL injection vulnerabilities?

@chardskarth
Copy link

Hi everyone, this was also reported to us by our VA team, would kindly appreciate a feedback about this issue.

Btw, Awesome opensource project 🎉!

@jsellam
Copy link

jsellam commented Jan 22, 2025

Hi everyone, this was also reported to us by our VA team, would kindly appreciate a feedback about this issue.

Btw, Awesome opensource project 🎉!

there is a new answer : OneSignal/react-native-onesignal#1780 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jkasten2 @faisalmohd83 @chardskarth @jsellam @yasht01