Sounds like we need to see WorldClockContentProvider and a proceed() method. Presumably you have some code ignoring SSL errors. Doesn't seem to have anything to do with SQL injection errors. Perhaps see https://stackoverflow.com/questions/35720753/android-google-play-warning-ssl-error-handler-vulnerability
-bri On Fri, Sep 21, 2018 at 3:58 PM Biswajit Das <biswajitbangal...@gmail.com> wrote: > am not able to publish my apk to Google playstore. Getting SQL Injection > error. Your app(s) are using a content provider that contains a SQL > Injection vulnerability. Below is the response I have got from *Google > Play support* > > I understand you have some questions about the SslErrorHandler security > vulnerability. > I took a look at your app, and has the following class, which contains a > vulnerable version of SslErrorHandler: > xxxxxx/xxxxxxxx/provider/WorldClockContentProvider;->query > Here’s how you can resolve this issue:1. To properly handle SSL certificate > validation, change your code to invoke SslErrorHandler.proceed() whenever the > certificate presented by the server meets your expectations, and invoke > SslErrorHandler.cancel() otherwise.2. If you are using a 3rd party library > that’s responsible for this, please notify the 3rd party and work with them > to address the issue. > > Here is my complete code snippit > <https://gitlab.com/bisasda/worldclockwidget/snippets/1755782> and given > below. query method. Any help appriciated. > > > > public Cursor query(Uri uri, String[] projection, String selection, > String[] selectionArgs, String sortOrder) { > String table; > SQLiteOpenHelper helper; > int match = URI_MATCHER.match(uri); > > switch (match) { > case CLOCKS: > case CLOCKS_ITEM: > table = Clocks.TABLE_NAME; > helper = getClockDbHelper(); > break; > case CITIES: > case CITIES_ITEM: > table = Cities.TABLE_NAME; > helper = getCityDbHelper(); > break; > default: > throw invalidUri(uri); > } > > switch (match) { > case CLOCKS: > case CITIES: > if (TextUtils.isEmpty(sortOrder)) { > sortOrder = "_ID ASC"; > } > break; > case CITIES_ITEM: > case CLOCKS_ITEM: > selection = "_ID = " + uri.getLastPathSegment(); > break; > default: > throw invalidUri(uri); > } > > SQLiteDatabase db = helper.getReadableDatabase(); > > Cursor c = db.query(table, projection, selection, selectionArgs, null, > null, sortOrder); > c.setNotificationUri(getContext().getContentResolver(), uri); > return c; > } > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to android-security-discuss+unsubscr...@googlegroups.com. > Visit this group at > https://groups.google.com/group/android-security-discuss. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
