Menu
Possible Duplicate:
Why is my string potentially unsecure in my iOS application?
New compiler warning since upgrading XCode to 4.6:
Smallest example demonstrating the warning on both of the final lines:
for (NSUInteger i = 0; i < 10; i++) {
NSString *res = [testInstance generate:i];
NSString *desc = [NSString stringWithFormat:@"TestData: %d", i];
STAssertNotNil(res, desc);
STAssertNotEquals(@"", res, desc);
}
I looked at other questions which concern this warning but they stem from programmers unnecessarily using stringWithFormat: - here I want a dynamic assert description which changes per iteration but not per check.
I can pass the format string and data into the Asserts but then I have to maintain the descriptions independently.
How can I avoid this warning if I require the formatting of a description is prior to using it in a log message or assert call?
375
The problem are the non-literal format strings in the assertions. Change them to:
STAssertNotNil(res, @"%@", desc);
STAssertNotEquals(@"", res, @"%@", desc);
Format strings are a common security issue. When they are not visible to the compiler it cannot check them. In your case they've been hidden in desc.
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
