From ebd449acea64a2d975ec01c528c84d601abca3e1 Mon Sep 17 00:00:00 2001 From: LewisArdern Date: Wed, 9 Aug 2023 11:32:50 -0700 Subject: [PATCH] fix name conflict --- swift/sqllite/sqllite-injection-audit.swift | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/swift/sqllite/sqllite-injection-audit.swift b/swift/sqllite/sqllite-injection-audit.swift index 9a4e5c32d2..62ab22b89a 100644 --- a/swift/sqllite/sqllite-injection-audit.swift +++ b/swift/sqllite/sqllite-injection-audit.swift @@ -3,19 +3,19 @@ let password = a.text() let sql = "SELECT * FROM semgrep_users WHERE username = '\(username)' AND password = '\(password)'" -// ruleid:swift-sqlite-injection +// ruleid:swift-potential-sqlite-injection let result = sqlite3_exec(db, sql, nil, nil, nil) sqlite3_close(db) let sql = "SELECT * FROM semgrep_users WHERE username = 'admin' AND password = '\(password)'" -// ruleid:swift-sqlite-injection +// ruleid:swift-potential-sqlite-injection let result = sqlite3_exec(db, sql, nil, nil, nil) sqlite3_close(db) let sql = "SELECT * FROM semgrep_users WHERE username = ? AND password = ?" var stmt: OpaquePointer? -// okid:swift-sqlite-injection +// okid:swift-potential-sqlite-injection if sqlite3_prepare_v2(db, sql, -1, &stmt, nil) == SQLITE_OK { sqlite3_bind_text(stmt, 1, username, -1, nil) sqlite3_bind_text(stmt, 2, password, -1, nil) @@ -28,7 +28,7 @@ sqlite3_finalize(stmt) sqlite3_close(db) let sql = "SELECT * FROM semgrep_users WHERE username = 'admin' AND password = 'admin'" -// okid:swift-sqlite-injection +// okid:swift-potential-sqlite-injection let result = sqlite3_exec(db, sql, nil, nil, nil) sqlite3_close(db) @@ -36,25 +36,25 @@ sqlite3_close(db) let theUsername = "admin" let sql = "SELECT * FROM semgrep_users WHERE username = '" + theUsername + "' AND password = 'admin'" // FP but cant do much about this I dont think -// ruleid:swift-sqlite-injection +// ruleid:swift-potential-sqlite-injection let result = sqlite3_exec(db, sql, nil, nil, nil) sqlite3_close(db) let newUser = getUsernameFromServer() let sql = "SELECT * FROM semgrep_users WHERE username = '" + newUser + "' AND password = 'admin'" -// ruleid:swift-sqlite-injection +// ruleid:swift-potential-sqlite-injection let result = sqlite3_exec(db, sql, nil, nil, nil) sqlite3_close(db) let sql = "SELECT * FROM semgrep_users WHERE username = 'admin' AND password = '" + password + "'" -// ruleid:swift-sqlite-injection +// ruleid:swift-potential-sqlite-injection let result = sqlite3_exec(db, sql, nil, nil, nil) sqlite3_close(db) let sql = "SELECT * FROM semgrep_users WHERE username = ? AND password = '" + password + "'" -// ruleid:swift-sqlite-injection +// ruleid:swift-potential-sqlite-injection if sqlite3_prepare_v2(db, sql, -1, &stmt, nil) == SQLITE_OK { sqlite3_bind_text(stmt, 1, username, -1, nil) if sqlite3_step(stmt) == SQLITE_DONE {