0

目前我们正在使用未加密的应用程序,但在新版本中,我们正在使用此查询加密我们的数据库

  existing_db.rawExecSQL("ATTACH DATABASE '" + newFile.path + "' AS encrypted KEY '" + passphrase + "';")
  existing_db.rawExecSQL("SELECT sqlcipher_export('encrypted');")

它工作正常,但是当我们运行渗透测试时,我们遇到了这个高风险问题

There is 'execSQL()' found in file 'defpackage/SQLCipherUtils.java':
[line 50:         stringBuilder2.append("';");]

[line 51:         openOrCreateDatabase.rawexecSQL(stringBuilder2.toString());]

[line 52:         openOrCreateDatabase.rawexecSQL("SELECT sqlcipher_export('encrypted');");]

[line 53:         openOrCreateDatabase.rawexecSQL("DETACH DATABASE encrypted;");]

[line 54:         int version = openOrCreateDatabase.getVersion();]

但现在我正在尝试这个来保护查询

 val attachDB = "ATTACH DATABASE '" + newFile.path + "' AS encrypted KEY '" + passphrase + "';"
        sqLiteStatement = existing_db.compileStatement(attachDB);
        sqLiteStatement.execute();

        val exportDB = "SELECT sqlcipher_export('encrypted');"
        sqLiteStatement = existing_db.compileStatement(exportDB);
        sqLiteStatement.execute();

但我遇到了这个问题 net.sqlcipher.database.SQLiteException: error code 100: another row available

我也关注了这张票,但无法理解为什么我不能使用这些查询的真正问题 net.sqlcipher.database.SQLiteException:错误代码 100:另一行可用

4

0 回答 0