On 3/23/15, Saurav Sarkar <saurav.sarkar1 at gmail.com> wrote: > Hi All, > > We use SQLite in our application. Ours is an windows store application > internally uses SQlite to store data (embedded). I use SQLitePCL library > which is a C# .NET based library > > I was asked to perform Fortify scans on the SQLite code of 3.8.8.3 > [...] > > Anyone has come across with any security vulnerability with SQLIte ? > > Any help/input here will be hugely appreciated. >
The Fortify identified errors are all false-positives. Fortify and other static analyzers excel at generating false-positives in SQLite. See https://www.sqlite.org/testing.html and especially section 11 for additional information. -- D. Richard Hipp drh at sqlite.org
