Re: Class name as NSString and problem with NSLog?
Re: Class name as NSString and problem with NSLog?
- Subject: Re: Class name as NSString and problem with NSLog?
- From: Jens Alfke <email@hidden>
- Date: Thu, 06 Mar 2014 15:15:49 -0800
On Mar 6, 2014, at 10:21 AM, William Squires wrote:
> Also, when I do this (using a literal NSString constant for myClassName above), Xcode marks the line with NSLog with a yellow triangle, and disclosing it says something about passing an NSString instance as being "unsecure". Can this warning be turned off? It seems silly to do:
> NSLog(@"%@", fooText);
> just to avoid this warning.
No, this is a very important warning. The format string in a printf-type call should _always_ be a constant. Otherwise the code can be vulnerable to a format string attack*. In your specific case, the string you pass as the format isn’t going to be unsafe, but the compiler doesn’t know that. The really bad scenarios happen when the value of the format string can be controlled by user or network input; then an attacker can craft special strings containing % characters that can crash the app or possibly even make it run malicious code.
I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007, where they published a new app or OS security vulnerability every day for month. A lot of them were caused by format-string vulnerabilities. Soon thereafter the compiler team at Apple added that format-string security warning :)
—Jens
* http://en.wikipedia.org/wiki/Format_string_attack
** http://projects.info-pull.com/moab/
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden