On Mar 6, 2014, at 10:21 AM, William Squires wrote: > Also, when I do this (using a literal NSString constant for myClassName > above), Xcode marks the line with NSLog with a yellow triangle, and > disclosing it says something about passing an NSString instance as being > "unsecure". Can this warning be turned off? It seems silly to do: > NSLog(@"%@", fooText); > just to avoid this warning.
No, this is a very important warning. The format string in a printf-type call should _always_ be a constant. Otherwise the code can be vulnerable to a format string attack*. In your specific case, the string you pass as the format isn’t going to be unsafe, but the compiler doesn’t know that. The really bad scenarios happen when the value of the format string can be controlled by user or network input; then an attacker can craft special strings containing % characters that can crash the app or possibly even make it run malicious code. I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007, where they published a new app or OS security vulnerability every day for month. A lot of them were caused by format-string vulnerabilities. Soon thereafter the compiler team at Apple added that format-string security warning :) —Jens * http://en.wikipedia.org/wiki/Format_string_attack ** http://projects.info-pull.com/moab/ _______________________________________________ Cocoa-dev mailing list ([email protected]) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [email protected]
