Xcode Static Analyzer

RSS for tag

The Xcode Clang Static Analyzer finds bugs in Objective-C, C, and C++ code. It finds hard-to-produce, edge-case bugs without the need to run code and shows the sequence of steps along which the bug occurs.

Posts under Xcode Static Analyzer tag

7 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

The customer requested a pen-test for this app, and they reported some issues related to buffer overflow and weak randomness functions
The customer requested a pen-test for this app, and they reported some issues related to buffer overflow and weak randomness functions. I reviewed the identified methods, but I couldn't find them in the code or third-party SDKs. We would like to know if you can review these methods to see if there is a possible solution or if you can guarantee that these functions are safe. They say that they applied a reverse engineering tool and it delivered our app compiled using this c/c++ functions that are considered unsafe. The tool used is: Ghidra (https://ghidra-sre.org/) These are methods reported by Ciber security team: Related to buffer overflow: Related to weak randomness functions:
2
0
504
Jul ’24
Suppressing C++ static analyzer in external C++ code?
I am including the glm library in my Xcode project and want to suppress this warning: /opt/extlibs/macosx/include/glm/./ext/../gtc/bitfield.inl:343:15: warning: Although the value stored to 'x' is used in the enclosing expression, the value is never actually read from 'x' [deadcode.DeadStores] uint16 REG2(x >>= 1); ^ ~ Is there a way to do that via a #pragma or a #define or something else in the Build Settings?
0
0
430
Apr ’24
App Icon Images issue in the Vision OS APP Stimulator for the last one
Dear Apple Developer Forum Community, I hope this message finds you well. I am writing to seek assistance regarding an error I encountered while attempting to create a "Swift Basics " application using Xcode. Upon launching Xcode and starting a new project, I followed the standard procedure "/Users/zipzygames/Desktop/Swift Basics/Swift Basics/Assets.xcassets:./AppIcon.solidimagestack The last visionOS App Icon Layer with content, "Back", must exactly fill the image stack. Its current frame is {{0, 0}, {515.5, 640}} while the visionOS App Icon's size is {512, 512}. " I have attempted to troubleshoot the issue by adding the 32 pixels and less 512 * 512 , but unfortunately, I have been unsuccessful in resolving it. I am reaching out to the community in the hope that someone might have encountered a similar issue or have expertise in troubleshooting Xcode errors. Any guidance, suggestions, or solutions would be greatly appreciated. Thank you very much for your time and assistance. Sincerely, Zipzy games
2
0
1.1k
Feb ’24
How to fix: IPA BINARY CODE ANALYSIS in iOS swift
I received the MOBSF security check result PDF, where I found some "High" severity issues. 1.Binary makes use of insecure API(s) with high CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may contain the following insecure API(s): _sscanf, _memcpy, _fopen. 2.Binary makes use of the malloc function with high CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may use the _malloc function instead of calloc. I have utilized a static analyzer, but I am unable to identify the APIs such as _sscanf and others in my codebase. This issue is not being shown in Xcode IDE either. I have attempted static analysis in Xcode using the approach: Product -> Analyze, but I am still unable to identify the mentioned issues. Can anyone please help me overcome this scenario and successfully pass the MOBSF test? Thanks in Advance
1
0
2.2k
Jul ’24