We are currently using Crash Analytics Android SDK 18.4.0 on our Android App. During our security scan with Veracode, we have got the following warning.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
This database query contains a SQL injection flaw. The function call constructs a dynamic SQL query using a variable derived from untrusted input. An attacker could exploit this flaw to execute arbitrary SQL queries against the database.
Avoid dynamically constructing SQL queries. Instead, use parameterized prepared statements to prevent the database from interpreting the contents of bind variables as part of the query. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
com.ca.mdo.j#a(java.lang.String, int) line 450
com.ca.android.app.CaMDONormalWebViewClient#onPageFinished line 61
Release : 1.0
Component : APM Agents
New Code Fix released. the original flagged error is gone in both 20.9.4 and 20.12.3 alpha versions of the SDK.