Dart Insecure Storage Sql Injection
Description
This detector identifies SQL injection vulnerabilities in Dart applications using SQLite through the sqflite package. It flags dangerous database operations where user-controlled data is directly concatenated into SQL queries without proper parameterization, allowing attackers to manipulate database queries and potentially access or modify sensitive data stored locally.
Detection Strategy
• The application must import the sqflite package (package:sqflite) for database operations
• The application must also import either path_provider or shared_preferences packages, indicating local data storage usage
• A method call to dangerous sqflite operations (like execute, rawQuery, rawInsert, rawUpdate, rawDelete) is identified
• The first argument to the database method (the SQL query string) contains unsafe user input without proper sanitization
• The query does not use safe parameterized placeholders (? markers) to separate SQL code from data
• The unsafe input is traced back to its source to confirm it originates from user-controllable data
Vulnerable code example
import 'dart:io';
import 'package:sqflite/sqflite.dart';
import 'package:shared_preferences/shared_preferences.dart';
late Database db;
// VULNERABLE: User-controllable SharedPreferences data flows into raw SQL
Future<List<Map<String, Object?>>> getUserData() async {...✅ Secure code example
import 'dart:io';
import 'package:sqflite/sqflite.dart';
import 'package:shared_preferences/shared_preferences.dart';
late Database db;
// SAFE: Use parameterized query with ? placeholder to prevent SQL injection
Future<List<Map<String, Object?>>> getUserData() async {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.