hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add SQLi sinks

Browse Source
This commit is contained in:
Tony Torralba
2022-12-23 17:03:31 +01:00
parent 393a8c2bd8
commit ac39aeb6b6
3 changed files with 655 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
View File

@@ -63,6 +63,80 @@ class SQLiteSwiftSqlSink extends SqlSink {
}
}
/** A sink for the GRDB library. */
class GrdbSqlSink extends SqlSink {
GrdbSqlSink() {
exists(CallExpr call, MethodDecl method |
call.getStaticTarget() = method and
call.getArgument(0).getExpr() = this.asExpr()
|
method
.hasQualifiedName("Database",
[
"allStatements(sql:arguments:)", "cachedStatement(sql:)",
"internalCachedStatement(sql:)", "execute(sql:arguments:)", "makeStatement(sql:)",
"makeStatement(sql:prepFlags:)"
])
or
method
.hasQualifiedName("SQLRequest",
[
"init(stringLiteral:)", "init(unicodeScalarLiteral:)",
"init(extendedGraphemeClusterLiteral:)", "init(stringInterpolation:)",
"init(sql:arguments:adapter:cached:)"
])
or
method
.hasQualifiedName("SQL",
[
"init(stringLiteral:)", "init(unicodeScalarLiteral:)",
"init(extendedGraphemeClusterLiteral:)", "init(stringInterpolation:)",
"init(sql:arguments:)", "append(sql:arguments:)"
])
or
method
.hasQualifiedName("TableDefinition", ["column(sql:)", "check(sql:)", "constraint(sql:)"])
or
method.hasQualifiedName("TableAlteration", "addColumn(sql:)")
or
method
.hasQualifiedName("ColumnDefinition",
["check(sql:)", "defaults(sql:)", "generatedAs(sql:_:)"])
or
method
.hasQualifiedName("TableRecord",
[
"select(sql:arguments:)", "select(sql:arguments:as:)", "filter(sql:arguments:)",
"order(sql:arguments:)"
])
or
method.hasQualifiedName("StatementCache", "statement(_:)")
)
or
exists(CallExpr call, MethodDecl method |
call.getStaticTarget() = method and
call.getArgument(1).getExpr() = this.asExpr()
|
method
.hasQualifiedName(["Row", "DatabaseValueConvertible"],
[
"fetchCursor(_:sql:arguments:adapter:)", "fetchAll(_:sql:arguments:adapter:)",
"fetchSet(_:sql:arguments:adapter:)", "fetchOne(_:sql:arguments:adapter:)"
])
or
method.hasQualifiedName("SQLStatementCursor", "init(database:sql:arguments:prepFlags:)")
)
or
exists(CallExpr call, MethodDecl method |
call.getStaticTarget() = method and
call.getArgument(3).getExpr() = this.asExpr()
|
method
.hasQualifiedName("CommonTableExpression", "init(recursive:named:columns:sql:arguments:)")
)
}
}
/**
* A taint configuration for tainted data that reaches a SQL sink.
*/

339
swift/ql/test/query-tests/Security/CWE-089/GRDB.swift Normal file
View File

@@ -0,0 +1,339 @@
// --- stubs ---
struct URL
{
init?(string: String) {}
}
extension String {
init(contentsOf: URL) throws {
let data = ""
// ...
self.init(data)
}
}
struct StatementArguments {}
class Statement {}
protocol RowAdapter {}
class RowDecoder {}
enum GeneratedColumnQualification { case virtual }
struct QueryInterfaceRequest<T> {}
class Database {
func allStatements(sql: String, arguments: StatementArguments? = nil) -> SQLStatementCursor { return SQLStatementCursor(database: self, sql: "", arguments: nil) }
func cachedStatement(sql: String) -> Statement { return Statement() }
func internalCachedStatement(sql: String) -> Statement { return Statement() }
func execute(sql: String, arguments: StatementArguments = StatementArguments()) {}
func makeStatement(sql: String) -> Statement { return Statement() }
func makeStatement(sql: String, prepFlags: CUnsignedInt) -> Statement { return Statement() }
}
struct SQLRequest {
init(stringLiteral: String) {}
init(unicodeScalarLiteral: String) {}
init(extendedGraphemeClusterLiteral: String) {}
init(stringInterpolation: String) {}
init(sql: String, arguments: StatementArguments = StatementArguments(), adapter: (any RowAdapter)? = nil, cached: Bool = false) {}
}
struct SQL {
init(stringLiteral: String) {}
init(unicodeScalarLiteral: String) {}
init(extendedGraphemeClusterLiteral: String) {}
init(stringInterpolation: String) {}
init(sql: String, arguments: StatementArguments = StatementArguments()) {}
func append(sql: String, arguments: StatementArguments = StatementArguments()) {}
}
class TableDefinition {
func column(sql: String) {}
func check(sql: String) {}
func constraint(sql: String) {}
}
class TableAlteration {
func addColumn(sql: String) {}
}
class ColumnDefinition {
func check(sql: String) -> Self { return self }
func defaults(sql: String) -> Self { return self }
func generatedAs(sql: String, _: GeneratedColumnQualification = .virtual) -> Self { return self }
}
class TableRecord {
static func select(sql: String, arguments: StatementArguments = StatementArguments()) -> QueryInterfaceRequest<TableRecord> { QueryInterfaceRequest<TableRecord>() }
static func select<RowDecoder>(sql: String, arguments: StatementArguments = StatementArguments(), as: RowDecoder.Type = RowDecoder.self) -> QueryInterfaceRequest<TableRecord>{ QueryInterfaceRequest<TableRecord>() }
static func filter(sql: String, arguments: StatementArguments = StatementArguments()) -> QueryInterfaceRequest<TableRecord> { QueryInterfaceRequest<TableRecord>() }
static func order(sql: String, arguments: StatementArguments = StatementArguments()) -> QueryInterfaceRequest<TableRecord> { QueryInterfaceRequest<TableRecord>() }
}
struct StatementCache {
func statement(_: String) -> Statement { return Statement() }
}
class Row {
func fetchCursor(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
func fetchAll(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
func fetchSet(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
func fetchOne(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
}
class DatabaseValueConvertible {
func fetchCursor(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
func fetchAll(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
func fetchSet(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
func fetchOne(_: Statement, sql: String, arguments: StatementArguments? = nil, adapter: (any RowAdapter)? = nil) {}
}
class SQLStatementCursor {
init(database: Database, sql: String, arguments: StatementArguments?, prepFlags: CUnsignedInt = 0) {}
}
class CommonTableExpression {
init(recursive: Bool = false, named: String, columns: [String]? = nil, sql: String, arguments: StatementArguments = StatementArguments()) {}
}
// --- tests ---
func test(database: Database) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = database.allStatements(sql: remoteString) // BAD
let _ = database.allStatements(sql: localString) // GOOD
let _ = database.allStatements(sql: remoteString, arguments: nil) // BAD
let _ = database.allStatements(sql: localString, arguments: nil) // GOOD
let _ = database.cachedStatement(sql: remoteString) // BAD
let _ = database.cachedStatement(sql: localString) // GOOD
let _ = database.internalCachedStatement(sql: remoteString) // BAD
let _ = database.internalCachedStatement(sql: localString) // GOOD
database.execute(sql: remoteString) // BAD
database.execute(sql: localString) // GOOD
database.execute(sql: remoteString, arguments: StatementArguments()) // BAD
database.execute(sql: localString, arguments: StatementArguments()) // GOOD
let _ = database.makeStatement(sql: remoteString) // BAD
let _ = database.makeStatement(sql: localString) // GOOD
let _ = database.makeStatement(sql: remoteString, prepFlags: 0) // BAD
let _ = database.makeStatement(sql: localString, prepFlags: 0) // GOOD
}
func testSqlRequest() throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = SQLRequest(stringLiteral: remoteString) // BAD
let _ = SQLRequest(stringLiteral: localString) // GOOD
let _ = SQLRequest(unicodeScalarLiteral: remoteString) // BAD
let _ = SQLRequest(unicodeScalarLiteral: localString) // GOOD
let _ = SQLRequest(extendedGraphemeClusterLiteral: remoteString) // BAD
let _ = SQLRequest(extendedGraphemeClusterLiteral: localString) // GOOD
let _ = SQLRequest(stringInterpolation: remoteString) // BAD
let _ = SQLRequest(stringInterpolation: localString) // GOOD
let _ = SQLRequest(sql: remoteString) // BAD
let _ = SQLRequest(sql: remoteString, arguments: StatementArguments()) // BAD
let _ = SQLRequest(sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
let _ = SQLRequest(sql: remoteString, arguments: StatementArguments(), cached: false) // BAD
let _ = SQLRequest(sql: remoteString, arguments: StatementArguments(), adapter: nil, cached: false) // BAD
let _ = SQLRequest(sql: remoteString, adapter: nil) // BAD
let _ = SQLRequest(sql: remoteString, adapter: nil, cached: false) // BAD
let _ = SQLRequest(sql: remoteString, cached: false) // BAD
let _ = SQLRequest(sql: localString) // GOOD
let _ = SQLRequest(sql: localString, arguments: StatementArguments()) // GOOD
let _ = SQLRequest(sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
let _ = SQLRequest(sql: localString, arguments: StatementArguments(), cached: false) // GOOD
let _ = SQLRequest(sql: localString, arguments: StatementArguments(), adapter: nil, cached: false) // GOOD
let _ = SQLRequest(sql: localString, adapter: nil) // GOOD
let _ = SQLRequest(sql: localString, adapter: nil, cached: false) // GOOD
let _ = SQLRequest(sql: localString, cached: false) // GOOD
}
func test(tableDefinition: TableDefinition) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
tableDefinition.column(sql: remoteString) // BAD
tableDefinition.column(sql: localString) // GOOD
tableDefinition.check(sql: remoteString) // BAD
tableDefinition.check(sql: localString) // GOOD
tableDefinition.constraint(sql: remoteString) // BAD
tableDefinition.constraint(sql: localString) // GOOD
}
func test(tableAlteration: TableAlteration) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
tableAlteration.addColumn(sql: remoteString) // BAD
tableAlteration.addColumn(sql: localString) // GOOD
}
func test(columnDefinition: ColumnDefinition) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = columnDefinition.check(sql: remoteString) // BAD
let _ = columnDefinition.defaults(sql: remoteString) // BAD
let _ = columnDefinition.generatedAs(sql: remoteString) // BAD
let _ = columnDefinition.generatedAs(sql: remoteString, .virtual) // BAD
let _ = columnDefinition.check(sql: localString) // GOOD
let _ = columnDefinition.defaults(sql: localString) // GOOD
let _ = columnDefinition.generatedAs(sql: localString) // GOOD
let _ = columnDefinition.generatedAs(sql: localString, .virtual) // GOOD
}
func testTableRecord() throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = TableRecord.select(sql: remoteString) // BAD
let _ = TableRecord.select(sql: remoteString, arguments: StatementArguments()) // BAD
let _ = TableRecord.select(sql: localString) // GOOD
let _ = TableRecord.select(sql: localString, arguments: StatementArguments()) // GOOD
let _ = TableRecord.filter(sql: remoteString) // BAD
let _ = TableRecord.filter(sql: remoteString, arguments: StatementArguments()) // BAD
let _ = TableRecord.filter(sql: localString) // GOOD
let _ = TableRecord.filter(sql: localString, arguments: StatementArguments()) // GOOD
let _ = TableRecord.order(sql: remoteString) // BAD
let _ = TableRecord.order(sql: remoteString, arguments: StatementArguments()) // BAD
let _ = TableRecord.order(sql: localString) // GOOD
let _ = TableRecord.order(sql: localString, arguments: StatementArguments()) // GOOD
}
func test(statementCache: StatementCache) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = statementCache.statement(remoteString) // BAD
let _ = statementCache.statement(localString) // GOOD
}
func test(row: Row, stmt: Statement) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
row.fetchCursor(stmt, sql: remoteString) // BAD
row.fetchCursor(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
row.fetchCursor(stmt, sql: remoteString, adapter: nil) // BAD
row.fetchCursor(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
row.fetchCursor(stmt, sql: localString) // GOOD
row.fetchCursor(stmt, sql: localString, arguments: StatementArguments()) // GOOD
row.fetchCursor(stmt, sql: localString, adapter: nil) // GOOD
row.fetchCursor(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
row.fetchAll(stmt, sql: remoteString) // BAD
row.fetchAll(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
row.fetchAll(stmt, sql: remoteString, adapter: nil) // BAD
row.fetchAll(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
row.fetchAll(stmt, sql: localString) // GOOD
row.fetchAll(stmt, sql: localString, arguments: StatementArguments()) // GOOD
row.fetchAll(stmt, sql: localString, adapter: nil) // GOOD
row.fetchAll(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
row.fetchOne(stmt, sql: remoteString) // BAD
row.fetchOne(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
row.fetchOne(stmt, sql: remoteString, adapter: nil) // BAD
row.fetchOne(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
row.fetchOne(stmt, sql: localString) // GOOD
row.fetchOne(stmt, sql: localString, arguments: StatementArguments()) // GOOD
row.fetchOne(stmt, sql: localString, adapter: nil) // GOOD
row.fetchOne(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
row.fetchSet(stmt, sql: remoteString) // BAD
row.fetchSet(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
row.fetchSet(stmt, sql: remoteString, adapter: nil) // BAD
row.fetchSet(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
row.fetchSet(stmt, sql: localString) // GOOD
row.fetchSet(stmt, sql: localString, arguments: StatementArguments()) // GOOD
row.fetchSet(stmt, sql: localString, adapter: nil) // GOOD
row.fetchSet(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
}
func test(databaseValueConvertible: DatabaseValueConvertible, stmt: Statement) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
databaseValueConvertible.fetchCursor(stmt, sql: remoteString) // BAD
databaseValueConvertible.fetchCursor(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
databaseValueConvertible.fetchCursor(stmt, sql: remoteString, adapter: nil) // BAD
databaseValueConvertible.fetchCursor(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
databaseValueConvertible.fetchCursor(stmt, sql: localString) // GOOD
databaseValueConvertible.fetchCursor(stmt, sql: localString, arguments: StatementArguments()) // GOOD
databaseValueConvertible.fetchCursor(stmt, sql: localString, adapter: nil) // GOOD
databaseValueConvertible.fetchCursor(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
databaseValueConvertible.fetchAll(stmt, sql: remoteString) // BAD
databaseValueConvertible.fetchAll(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
databaseValueConvertible.fetchAll(stmt, sql: remoteString, adapter: nil) // BAD
databaseValueConvertible.fetchAll(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
databaseValueConvertible.fetchAll(stmt, sql: localString) // GOOD
databaseValueConvertible.fetchAll(stmt, sql: localString, arguments: StatementArguments()) // GOOD
databaseValueConvertible.fetchAll(stmt, sql: localString, adapter: nil) // GOOD
databaseValueConvertible.fetchAll(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
databaseValueConvertible.fetchOne(stmt, sql: remoteString) // BAD
databaseValueConvertible.fetchOne(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
databaseValueConvertible.fetchOne(stmt, sql: remoteString, adapter: nil) // BAD
databaseValueConvertible.fetchOne(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
databaseValueConvertible.fetchOne(stmt, sql: localString) // GOOD
databaseValueConvertible.fetchOne(stmt, sql: localString, arguments: StatementArguments()) // GOOD
databaseValueConvertible.fetchOne(stmt, sql: localString, adapter: nil) // GOOD
databaseValueConvertible.fetchOne(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
databaseValueConvertible.fetchSet(stmt, sql: remoteString) // BAD
databaseValueConvertible.fetchSet(stmt, sql: remoteString, arguments: StatementArguments()) // BAD
databaseValueConvertible.fetchSet(stmt, sql: remoteString, adapter: nil) // BAD
databaseValueConvertible.fetchSet(stmt, sql: remoteString, arguments: StatementArguments(), adapter: nil) // BAD
databaseValueConvertible.fetchSet(stmt, sql: localString) // GOOD
databaseValueConvertible.fetchSet(stmt, sql: localString, arguments: StatementArguments()) // GOOD
databaseValueConvertible.fetchSet(stmt, sql: localString, adapter: nil) // GOOD
databaseValueConvertible.fetchSet(stmt, sql: localString, arguments: StatementArguments(), adapter: nil) // GOOD
}
func testSqlStatementCursor(database: Database) throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = SQLStatementCursor(database: database, sql: remoteString, arguments: StatementArguments()) // BAD
let _ = SQLStatementCursor(database: database, sql: remoteString, arguments: StatementArguments(), prepFlags: 0) // BAD
let _ = SQLStatementCursor(database: database, sql: localString, arguments: StatementArguments()) // GOOD
let _ = SQLStatementCursor(database: database, sql: localString, arguments: StatementArguments(), prepFlags: 0) // GOOD
}
func testCommonTableExpression() throws {
let localString = "user"
let remoteString = try String(contentsOf: URL(string: "http://example.com/")!)
let _ = CommonTableExpression(named: "", sql: remoteString) // BAD
let _ = CommonTableExpression(named: "", sql: remoteString, arguments: StatementArguments()) // BAD
let _ = CommonTableExpression(named: "", columns: [""], sql: remoteString) // BAD
let _ = CommonTableExpression(named: "", columns: [""], sql: remoteString, arguments: StatementArguments()) // BAD
let _ = CommonTableExpression(recursive: false, named: "", sql: remoteString) // BAD
let _ = CommonTableExpression(recursive: false, named: "", columns: [""], sql: remoteString) // BAD
let _ = CommonTableExpression(recursive: false, named: "", sql: remoteString, arguments: StatementArguments()) // BAD
let _ = CommonTableExpression(recursive: false, named: "", columns: [""], sql: remoteString, arguments: StatementArguments()) // BAD
let _ = CommonTableExpression(named: "", sql: localString) // GOOD
let _ = CommonTableExpression(named: "", sql: localString, arguments: StatementArguments()) // GOOD
let _ = CommonTableExpression(named: "", columns: [""], sql: localString) // GOOD
let _ = CommonTableExpression(named: "", columns: [""], sql: localString, arguments: StatementArguments()) // GOOD
let _ = CommonTableExpression(recursive: false, named: "", sql: localString) // GOOD
let _ = CommonTableExpression(recursive: false, named: "", columns: [""], sql: localString) // GOOD
let _ = CommonTableExpression(recursive: false, named: "", sql: localString, arguments: StatementArguments()) // GOOD
let _ = CommonTableExpression(recursive: false, named: "", columns: [""], sql: localString, arguments: StatementArguments()) // GOOD
}

242
swift/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -1,4 +1,81 @@
edges
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:106:41:106:41 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:108:41:108:41 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:111:43:111:43 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:114:51:114:51 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:117:27:117:27 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:119:27:119:27 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:122:41:122:41 | remoteString |
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:124:41:124:41 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:132:39:132:39 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:135:46:135:46 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:138:56:138:56 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:141:45:141:45 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:144:29:144:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:145:29:145:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:146:29:146:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:147:29:147:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:148:29:148:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:149:29:149:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:150:29:150:29 | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:151:29:151:29 | remoteString |
| GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | GRDB.swift:166:33:166:33 | remoteString |
| GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | GRDB.swift:169:32:169:32 | remoteString |
| GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | GRDB.swift:172:37:172:37 | remoteString |
| GRDB.swift:178:26:178:80 | call to String.init(contentsOf:) : | GRDB.swift:180:36:180:36 | remoteString |
| GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:188:41:188:41 | remoteString |
| GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:189:44:189:44 | remoteString |
| GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:190:47:190:47 | remoteString |
| GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:191:47:191:47 | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:203:37:203:37 | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:204:37:204:37 | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:208:37:208:37 | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:209:37:209:37 | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:213:36:213:36 | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:214:36:214:36 | remoteString |
| GRDB.swift:221:26:221:80 | call to String.init(contentsOf:) : | GRDB.swift:223:38:223:38 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:231:32:231:32 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:232:32:232:32 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:233:32:233:32 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:234:32:234:32 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:240:29:240:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:241:29:241:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:242:29:242:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:243:29:243:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:249:29:249:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:250:29:250:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:251:29:251:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:252:29:252:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:258:29:258:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:259:29:259:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:260:29:260:29 | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:261:29:261:29 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:272:53:272:53 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:273:53:273:53 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:274:53:274:53 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:275:53:275:53 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:281:50:281:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:282:50:282:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:283:50:283:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:284:50:284:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:290:50:290:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:291:50:291:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:292:50:292:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:293:50:293:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:299:50:299:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:300:50:300:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:301:50:301:50 | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:302:50:302:50 | remoteString |
| GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) : | GRDB.swift:313:57:313:57 | remoteString |
| GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) : | GRDB.swift:314:57:314:57 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:323:51:323:51 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:324:51:324:51 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:325:66:325:66 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:326:66:326:66 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:327:69:327:69 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:328:84:328:84 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:329:69:329:69 | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:330:84:330:84 | remoteString |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | SQLite.swift:73:17:73:17 | unsafeQuery1 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | SQLite.swift:74:17:74:17 | unsafeQuery2 |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | SQLite.swift:75:17:75:17 | unsafeQuery3 |
@@ -21,6 +98,94 @@ edges
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) : | sqlite3_c_api.swift:175:29:175:29 | unsafeQuery3 |
| sqlite3_c_api.swift:122:26:122:80 | call to String.init(contentsOf:) : | sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 |
nodes
| GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:106:41:106:41 | remoteString | semmle.label | remoteString |
| GRDB.swift:108:41:108:41 | remoteString | semmle.label | remoteString |
| GRDB.swift:111:43:111:43 | remoteString | semmle.label | remoteString |
| GRDB.swift:114:51:114:51 | remoteString | semmle.label | remoteString |
| GRDB.swift:117:27:117:27 | remoteString | semmle.label | remoteString |
| GRDB.swift:119:27:119:27 | remoteString | semmle.label | remoteString |
| GRDB.swift:122:41:122:41 | remoteString | semmle.label | remoteString |
| GRDB.swift:124:41:124:41 | remoteString | semmle.label | remoteString |
| GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:132:39:132:39 | remoteString | semmle.label | remoteString |
| GRDB.swift:135:46:135:46 | remoteString | semmle.label | remoteString |
| GRDB.swift:138:56:138:56 | remoteString | semmle.label | remoteString |
| GRDB.swift:141:45:141:45 | remoteString | semmle.label | remoteString |
| GRDB.swift:144:29:144:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:145:29:145:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:146:29:146:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:147:29:147:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:148:29:148:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:149:29:149:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:150:29:150:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:151:29:151:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:166:33:166:33 | remoteString | semmle.label | remoteString |
| GRDB.swift:169:32:169:32 | remoteString | semmle.label | remoteString |
| GRDB.swift:172:37:172:37 | remoteString | semmle.label | remoteString |
| GRDB.swift:178:26:178:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:180:36:180:36 | remoteString | semmle.label | remoteString |
| GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:188:41:188:41 | remoteString | semmle.label | remoteString |
| GRDB.swift:189:44:189:44 | remoteString | semmle.label | remoteString |
| GRDB.swift:190:47:190:47 | remoteString | semmle.label | remoteString |
| GRDB.swift:191:47:191:47 | remoteString | semmle.label | remoteString |
| GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:203:37:203:37 | remoteString | semmle.label | remoteString |
| GRDB.swift:204:37:204:37 | remoteString | semmle.label | remoteString |
| GRDB.swift:208:37:208:37 | remoteString | semmle.label | remoteString |
| GRDB.swift:209:37:209:37 | remoteString | semmle.label | remoteString |
| GRDB.swift:213:36:213:36 | remoteString | semmle.label | remoteString |
| GRDB.swift:214:36:214:36 | remoteString | semmle.label | remoteString |
| GRDB.swift:221:26:221:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:223:38:223:38 | remoteString | semmle.label | remoteString |
| GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:231:32:231:32 | remoteString | semmle.label | remoteString |
| GRDB.swift:232:32:232:32 | remoteString | semmle.label | remoteString |
| GRDB.swift:233:32:233:32 | remoteString | semmle.label | remoteString |
| GRDB.swift:234:32:234:32 | remoteString | semmle.label | remoteString |
| GRDB.swift:240:29:240:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:241:29:241:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:242:29:242:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:243:29:243:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:249:29:249:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:250:29:250:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:251:29:251:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:252:29:252:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:258:29:258:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:259:29:259:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:260:29:260:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:261:29:261:29 | remoteString | semmle.label | remoteString |
| GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:272:53:272:53 | remoteString | semmle.label | remoteString |
| GRDB.swift:273:53:273:53 | remoteString | semmle.label | remoteString |
| GRDB.swift:274:53:274:53 | remoteString | semmle.label | remoteString |
| GRDB.swift:275:53:275:53 | remoteString | semmle.label | remoteString |
| GRDB.swift:281:50:281:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:282:50:282:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:283:50:283:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:284:50:284:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:290:50:290:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:291:50:291:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:292:50:292:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:293:50:293:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:299:50:299:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:300:50:300:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:301:50:301:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:302:50:302:50 | remoteString | semmle.label | remoteString |
| GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:313:57:313:57 | remoteString | semmle.label | remoteString |
| GRDB.swift:314:57:314:57 | remoteString | semmle.label | remoteString |
| GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| GRDB.swift:323:51:323:51 | remoteString | semmle.label | remoteString |
| GRDB.swift:324:51:324:51 | remoteString | semmle.label | remoteString |
| GRDB.swift:325:66:325:66 | remoteString | semmle.label | remoteString |
| GRDB.swift:326:66:326:66 | remoteString | semmle.label | remoteString |
| GRDB.swift:327:69:327:69 | remoteString | semmle.label | remoteString |
| GRDB.swift:328:84:328:84 | remoteString | semmle.label | remoteString |
| GRDB.swift:329:69:329:69 | remoteString | semmle.label | remoteString |
| GRDB.swift:330:84:330:84 | remoteString | semmle.label | remoteString |
| SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | semmle.label | call to String.init(contentsOf:) : |
| SQLite.swift:73:17:73:17 | unsafeQuery1 | semmle.label | unsafeQuery1 |
| SQLite.swift:74:17:74:17 | unsafeQuery2 | semmle.label | unsafeQuery2 |
@@ -46,6 +211,83 @@ nodes
| sqlite3_c_api.swift:183:29:183:29 | unsafeQuery3 | semmle.label | unsafeQuery3 |
subpaths
#select
| GRDB.swift:106:41:106:41 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:106:41:106:41 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:108:41:108:41 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:108:41:108:41 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:111:43:111:43 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:111:43:111:43 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:114:51:114:51 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:114:51:114:51 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:117:27:117:27 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:117:27:117:27 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:119:27:119:27 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:119:27:119:27 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:122:41:122:41 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:122:41:122:41 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:124:41:124:41 | remoteString | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) : | GRDB.swift:124:41:124:41 | remoteString | This query depends on a $@. | GRDB.swift:104:25:104:79 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:132:39:132:39 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:132:39:132:39 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:135:46:135:46 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:135:46:135:46 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:138:56:138:56 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:138:56:138:56 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:141:45:141:45 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:141:45:141:45 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:144:29:144:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:144:29:144:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:145:29:145:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:145:29:145:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:146:29:146:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:146:29:146:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:147:29:147:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:147:29:147:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:148:29:148:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:148:29:148:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:149:29:149:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:149:29:149:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:150:29:150:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:150:29:150:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:151:29:151:29 | remoteString | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) : | GRDB.swift:151:29:151:29 | remoteString | This query depends on a $@. | GRDB.swift:130:26:130:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:166:33:166:33 | remoteString | GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | GRDB.swift:166:33:166:33 | remoteString | This query depends on a $@. | GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:169:32:169:32 | remoteString | GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | GRDB.swift:169:32:169:32 | remoteString | This query depends on a $@. | GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:172:37:172:37 | remoteString | GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) : | GRDB.swift:172:37:172:37 | remoteString | This query depends on a $@. | GRDB.swift:164:26:164:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:180:36:180:36 | remoteString | GRDB.swift:178:26:178:80 | call to String.init(contentsOf:) : | GRDB.swift:180:36:180:36 | remoteString | This query depends on a $@. | GRDB.swift:178:26:178:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:188:41:188:41 | remoteString | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:188:41:188:41 | remoteString | This query depends on a $@. | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:189:44:189:44 | remoteString | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:189:44:189:44 | remoteString | This query depends on a $@. | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:190:47:190:47 | remoteString | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:190:47:190:47 | remoteString | This query depends on a $@. | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:191:47:191:47 | remoteString | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) : | GRDB.swift:191:47:191:47 | remoteString | This query depends on a $@. | GRDB.swift:186:26:186:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:203:37:203:37 | remoteString | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:203:37:203:37 | remoteString | This query depends on a $@. | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:204:37:204:37 | remoteString | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:204:37:204:37 | remoteString | This query depends on a $@. | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:208:37:208:37 | remoteString | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:208:37:208:37 | remoteString | This query depends on a $@. | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:209:37:209:37 | remoteString | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:209:37:209:37 | remoteString | This query depends on a $@. | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:213:36:213:36 | remoteString | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:213:36:213:36 | remoteString | This query depends on a $@. | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:214:36:214:36 | remoteString | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) : | GRDB.swift:214:36:214:36 | remoteString | This query depends on a $@. | GRDB.swift:201:26:201:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:223:38:223:38 | remoteString | GRDB.swift:221:26:221:80 | call to String.init(contentsOf:) : | GRDB.swift:223:38:223:38 | remoteString | This query depends on a $@. | GRDB.swift:221:26:221:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:231:32:231:32 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:231:32:231:32 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:232:32:232:32 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:232:32:232:32 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:233:32:233:32 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:233:32:233:32 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:234:32:234:32 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:234:32:234:32 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:240:29:240:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:240:29:240:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:241:29:241:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:241:29:241:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:242:29:242:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:242:29:242:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:243:29:243:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:243:29:243:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:249:29:249:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:249:29:249:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:250:29:250:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:250:29:250:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:251:29:251:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:251:29:251:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:252:29:252:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:252:29:252:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:258:29:258:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:258:29:258:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:259:29:259:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:259:29:259:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:260:29:260:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:260:29:260:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:261:29:261:29 | remoteString | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) : | GRDB.swift:261:29:261:29 | remoteString | This query depends on a $@. | GRDB.swift:229:26:229:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:272:53:272:53 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:272:53:272:53 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:273:53:273:53 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:273:53:273:53 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:274:53:274:53 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:274:53:274:53 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:275:53:275:53 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:275:53:275:53 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:281:50:281:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:281:50:281:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:282:50:282:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:282:50:282:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:283:50:283:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:283:50:283:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:284:50:284:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:284:50:284:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:290:50:290:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:290:50:290:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:291:50:291:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:291:50:291:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:292:50:292:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:292:50:292:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:293:50:293:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:293:50:293:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:299:50:299:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:299:50:299:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:300:50:300:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:300:50:300:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:301:50:301:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:301:50:301:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:302:50:302:50 | remoteString | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) : | GRDB.swift:302:50:302:50 | remoteString | This query depends on a $@. | GRDB.swift:270:26:270:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:313:57:313:57 | remoteString | GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) : | GRDB.swift:313:57:313:57 | remoteString | This query depends on a $@. | GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:314:57:314:57 | remoteString | GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) : | GRDB.swift:314:57:314:57 | remoteString | This query depends on a $@. | GRDB.swift:311:26:311:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:323:51:323:51 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:323:51:323:51 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:324:51:324:51 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:324:51:324:51 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:325:66:325:66 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:325:66:325:66 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:326:66:326:66 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:326:66:326:66 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:327:69:327:69 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:327:69:327:69 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:328:84:328:84 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:328:84:328:84 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:329:69:329:69 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:329:69:329:69 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| GRDB.swift:330:84:330:84 | remoteString | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) : | GRDB.swift:330:84:330:84 | remoteString | This query depends on a $@. | GRDB.swift:321:26:321:80 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:73:17:73:17 | unsafeQuery1 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | SQLite.swift:73:17:73:17 | unsafeQuery1 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:74:17:74:17 | unsafeQuery2 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | SQLite.swift:74:17:74:17 | unsafeQuery2 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |
| SQLite.swift:75:17:75:17 | unsafeQuery3 | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) : | SQLite.swift:75:17:75:17 | unsafeQuery3 | This query depends on a $@. | SQLite.swift:62:25:62:79 | call to String.init(contentsOf:) | user-provided value |