Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App security test reports Insecure API for React Native iOS App - Binary Analysis (IPA) #114

Open
kamalyzl opened this issue Jul 1, 2019 · 1 comment
Open

App security test reports Insecure API for React Native iOS App - Binary Analysis (IPA) #114

kamalyzl opened this issue Jul 1, 2019 · 1 comment

Comments

@kamalyzl
Copy link

kamalyzl commented Jul 1, 2019

Currently the project contains variables not recommended by apple, which generates vulnerabilities when compiling an ipa.
for example:

https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/TP40002577-SW1

Don’t use these functions Use these instead
strcat strlcat
strcpy strlcpy
strncat strlcat
strncpy strlcpy
sprintf snprintf (see note) or asprintf
vsprintf vsnprintf (see note) or vasprintf
gets fgets (see note) or use Core Foundation or Foundation API

I would like to know if it is possible to correct them since it is giving problems in the projects created with native react
@floitsch
Copy link
Collaborator

floitsch commented Jul 2, 2019

I grepped for these functions in the code-base but couldn't find any.
If you can point me to the offending calls, I can have a look and try to use the more secure versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@floitsch @kamalyzl