Dart Raw Sql Injection
Description
Detects SQL injection vulnerabilities in Dart code where raw SQL queries are constructed using unsafe user input or string concatenation. This can allow attackers to manipulate the SQL query structure and execute malicious database operations.
Detection Strategy
• Check if SQL-related method names (like 'rawQuery', 'rawDelete', etc.) are being called in the code
• Examine function arguments to identify if queries are constructed using string concatenation or variables
• Look for suspicious method calls that end with known SQL operation names
• Verify if query strings contain potentially unsafe variables or concatenated values
• Flag instances where SQL queries are built using non-parameterized user inputs
Vulnerable code example
import 'package:sqflite/sqflite.dart';
Future<List<Map<String, Object?>>> getUserData(String userInput) async {
Database db;
// VULNERABLE: Direct string concatenation of user input in SQL query
final sql = "SELECT * FROM users WHERE name = '$userInput'";
return await db.rawQuery(sql);
}✅ Secure code example
import 'package:sqflite/sqflite.dart';
Future<List<Map<String, Object?>>> getUserData(String userInput) async {
Database db;
// Safe: Using parameterized query with ? placeholder and arguments list
return await db.rawQuery(
'SELECT * FROM users WHERE name = ?',
[userInput]...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.