Xcode Static Analyzer

RSS for tag

The Xcode Clang Static Analyzer finds bugs in Objective-C, C, and C++ code. It finds hard-to-produce, edge-case bugs without the need to run code and shows the sequence of steps along which the bug occurs.

Posts under Xcode Static Analyzer tag

8 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

How do I locate and this Bundle Error
❌ Could not find email_ai.py in the app bundle. Available files: [] The error above is what I’m encountering. I’ve placed the referenced file both in the project directory and inside the app. However, every time I remove and reinsert the file into the folder within the app, it prompts me to designate the targets—I select all, but this doesn’t resolve the issue. I’m unsure how to properly reference the file so that it is recognised and included in the bundle. Any guidance would be greatly appreciated. this is my build phase: #!/bin/sh set -x # Prints each command before running it (for debugging) pwd # Shows the current working directory echo "$SRCROOT" # Shows what Xcode thinks is the project root ls -l "$SRCROOT/EmailAssistant/EmailAssistant/PythonScripts" # Lists files in the script folder export PYTHONPATH="/Users/caesar/.pyenv/versions/3.11.6/bin" /Users/caesar/.pyenv/versions/3.11.6/bin/python3 "$SRCROOT/EmailAssistant/EmailAssistant/PythonScripts/email_ai.py" echo "Script completed."
1
0
185
1w
How to retrieve overall memory peak in C++
I'm trying to retrieve the overall memory peak of a process. I've looked into retrieving it through task_vm_info struct defined in task_info.h By logging the members of the struct, it seems neither resident_size_peak, internal_peak or ledger_phys_footprint_peak is matching what the peak memory value that's being detected by xcode instrument. Can anyone point me to the correct way to retrieve that peak value? Is it the summation of some of the fields in task_vm_info` or is there a more complicated algorithm involved in deriving that value?
0
0
213
Nov ’24
The customer requested a pen-test for this app, and they reported some issues related to buffer overflow and weak randomness functions
The customer requested a pen-test for this app, and they reported some issues related to buffer overflow and weak randomness functions. I reviewed the identified methods, but I couldn't find them in the code or third-party SDKs. We would like to know if you can review these methods to see if there is a possible solution or if you can guarantee that these functions are safe. They say that they applied a reverse engineering tool and it delivered our app compiled using this c/c++ functions that are considered unsafe. The tool used is: Ghidra (https://ghidra-sre.org/) These are methods reported by Ciber security team: Related to buffer overflow: Related to weak randomness functions:
2
0
696
Jul ’24
Suppressing C++ static analyzer in external C++ code?
I am including the glm library in my Xcode project and want to suppress this warning: /opt/extlibs/macosx/include/glm/./ext/../gtc/bitfield.inl:343:15: warning: Although the value stored to 'x' is used in the enclosing expression, the value is never actually read from 'x' [deadcode.DeadStores] uint16 REG2(x >>= 1); ^ ~ Is there a way to do that via a #pragma or a #define or something else in the Build Settings?
0
0
571
Apr ’24
How to fix: IPA BINARY CODE ANALYSIS in iOS swift
I received the MOBSF security check result PDF, where I found some "High" severity issues. 1.Binary makes use of insecure API(s) with high CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may contain the following insecure API(s): _sscanf, _memcpy, _fopen. 2.Binary makes use of the malloc function with high CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may use the _malloc function instead of calloc. I have utilized a static analyzer, but I am unable to identify the APIs such as _sscanf and others in my codebase. This issue is not being shown in Xcode IDE either. I have attempted static analysis in Xcode using the approach: Product -> Analyze, but I am still unable to identify the mentioned issues. Can anyone please help me overcome this scenario and successfully pass the MOBSF test? Thanks in Advance
1
0
2.7k
Jul ’24