Permalink
Browse files

Fix security issues where sensitive data is logged

- sql errors/profiling resulted in verbose, info, or error level log messages containing the db values, which is intended to be secure & encrypted
  • Loading branch information...
zackjp committed Feb 1, 2014
1 parent c4486c8 commit 701fc6e02f97fe7b98860c330330689063468136
Showing with 10 additions and 11 deletions.
  1. +10 −11 src/net/sqlcipher/database/SQLiteDatabase.java
@@ -1433,10 +1433,8 @@ public Cursor rawQueryWithFactory(
if (Config.LOGV || duration >= mSlowQueryThreshold) {
Log.v(TAG,
"query (" + duration + " ms): " + driver.toString() + ", args are "
+ (selectionArgs != null
? TextUtils.join(",", selectionArgs)
: "<null>") + ", count is " + count);
"query (" + duration + " ms): " + driver.toString() +
", args are <redacted>, count is " + count);
}
}
}
@@ -1486,7 +1484,7 @@ public long insert(String table, String nullColumnHack, ContentValues values) {
try {
return insertWithOnConflict(table, nullColumnHack, values, CONFLICT_NONE);
} catch (SQLException e) {
Log.e(TAG, "Error inserting " + values, e);
Log.e(TAG, "Error inserting <redacted values> into" + table, e);
return -1;
}
}
@@ -1525,7 +1523,7 @@ public long replace(String table, String nullColumnHack, ContentValues initialVa
return insertWithOnConflict(table, nullColumnHack, initialValues,
CONFLICT_REPLACE);
} catch (SQLException e) {
Log.e(TAG, "Error inserting " + initialValues, e);
Log.e(TAG, "Error inserting <redacted values> into" + table, e);
return -1;
}
}
@@ -1628,11 +1626,11 @@ public long insertWithOnConflict(String table, String nullColumnHack,
long insertedRowId = lastInsertRow();
if (insertedRowId == -1) {
Log.e(TAG, "Error inserting " + initialValues + " using " + sql);
Log.e(TAG, "Error inserting <redacted values> using <redacted sql> into " + table);
} else {
if (Config.LOGD && Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "Inserting row " + insertedRowId + " from "
+ initialValues + " using " + sql);
Log.v(TAG, "Inserting row " + insertedRowId +
" from <redacted values> using <redacted sql> into " + table);
}
}
return insertedRowId;
@@ -1770,14 +1768,15 @@ public int updateWithOnConflict(String table, ContentValues values,
statement.execute();
int numChangedRows = lastChangeCount();
if (Config.LOGD && Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "Updated " + numChangedRows + " using " + values + " and " + sql);
Log.v(TAG, "Updated " + numChangedRows +
" rows using <redacted values> and <redacted sql> for " + table);
}
return numChangedRows;
} catch (SQLiteDatabaseCorruptException e) {
onCorruption();
throw e;
} catch (SQLException e) {
Log.e(TAG, "Error updating " + values + " using " + sql);
Log.e(TAG, "Error updating <redacted values> using <redacted sql> for " + table);
throw e;
} finally {
if (statement != null) {

0 comments on commit 701fc6e

Please sign in to comment.