Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Veracode, Debug Symbols, and XCode

I'm attempting to have an iOS application scanned by Veracode: an application security platform. In order for them to scan an .IPA, the .IPA needs to contain debug symbols.

For the Archive build-configuration and project/target being used, I've specified:

  • Generate Debug Symbols : YES
  • Strip Debug Symbols During Copy : NO
  • Dead Code Stripping : NO
  • Symbols Hidden By Default : NO
  • Strip Linked Product : NO

Yet, Veracode still gives me the following error when submitting the .IPA:

Primary Files Compiled without Debug Symbols - 1 File

Is there another step I need to take to create debug symbols, perhaps wrt archiving?

like image 694
paiego Avatar asked Aug 06 '14 18:08

paiego


People also ask

Can veracode scan .WAR file?

Veracode SCA upload and scan only analyzes JAR, WAR, and EAR files. It ignores Java build files, such as pom.

Does C++ support veracode?

Veracode supports analyzing Windows C/C++ code compiled for the Intel IA32 and X86_64 architectures.

Does veracode support C#?

Veracode Static Analysis supports all widely used languages for desktop, web and mobile applications. This makes Veracode a great choice of static analysis tool for C/C++, Java, C#, . NET, and many other languages.


1 Answers

I had the same issue. I was able to resolve it by following the veracode instructions below. It basically tells you to manually create archive package, move the .app and .app.sym folders to a new location and then rename the zip file to an ipa.

From Veracode Help Center:

"Because Xcode does not create .IPA packages that contain DSYM information, you must create the package yourself. Xcode dynamically creates a folder to contain the .app and .app.dsym files. There is no definite path to this folder, but you can search the folder after you build your application. To do this, open Xcode and click Products on the left side of the window. Right-click the .app file, and select Reveal in Finder, which takes you to the folder where the .app and .app.dsym files are located. Once you have located the DSYM information, you can package your compiled iOS application as follows:

  1. Select the .app and .app.dSYM folders for your application.
  2. Copy both folders into a folder called Payload. Note: the folder name must be capitalized.
  3. Create a zip archive containing the Payload folder. You can do this on a Mac by selecting the Payload folder and choosing Compress from the context menu, or by using the zip-compatible archiving utility of your choice.
  4. Change the extension of the resulting archive to .ipa.
  5. Upload this archive to the Veracode application profile. "
like image 162
skmathu Avatar answered Oct 04 '22 04:10

skmathu