Swift Tainted Sql Injection
Description
Detects SQL injection vulnerabilities in Swift applications where unsanitized user input could be used in SQL queries. This creates a risk of malicious SQL commands being executed through manipulated input data, potentially allowing unauthorized database access or manipulation.
Detection Strategy
• Identifies calls to SQL query execution methods in Swift code
• Analyzes the arguments passed to these SQL methods to check if they contain user-controlled data
• Reports a vulnerability when SQL queries are constructed using unsanitized/tainted input
• Focuses on dangerous patterns like directly concatenating user input into SQL strings
• Looks for missing input validation or sanitization before SQL query execution
Vulnerable code example
import SQLite3
func queryUser(db: OpaquePointer?, username: String) -> Int32 {
// VULNERABLE: Direct string interpolation allows SQL injection through username parameter
let sql = "SELECT * FROM users WHERE username = '\(username)'"
let rc = sqlite3_exec(db, sql, nil, nil, nil)
return rc
}✅ Secure code example
import SQLite3
func queryUser(db: OpaquePointer?, username: String) -> Int32 {
// SAFE: Use prepared statement with placeholder to prevent SQL injection
let sql = "SELECT * FROM users WHERE username = ?"
var stmt: OpaquePointer? = nil
let rcPrepare = sqlite3_prepare_v2(db, sql, -1, &stmt, nil)...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.