CX Jailbrake_File_Referenced_By_Name @ iGoat-Swift/iGoat-Swift/ThirdParty/CocoaLumberjack/DDFileLogger.m [master]

tsunez commented 4 years ago

Jailbrake_File_Referenced_By_Name issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/CocoaLumberjack/DDFileLogger.m in branch master

A method createFileAtPath:contents:attributes: at line 455 of iGoat-Swift\iGoat-Swift\ThirdParty\CocoaLumberjack\DDFileLogger.m accessing a file by filename.

Severity: Low

CWE:668

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 496 1264 1265 1270 200 235 1132 477

Code (Line #496):

            [[NSFileManager defaultManager] createFileAtPath:filePath contents:nil attributes:attributes];

Code (Line #1264):

        if ([[NSFileManager defaultManager] fileExistsAtPath:newFilePath] &&

Code (Line #1265):

           ![[NSFileManager defaultManager] removeItemAtPath:newFilePath error:&error])

Code (Line #1270):

        if (![[NSFileManager defaultManager] moveItemAtPath:filePath toPath:newFilePath error:&error])

Code (Line #200):

        [[NSFileManager defaultManager] removeItemAtPath:logFileInfo.filePath error:nil];

Code (Line #235):

    if (![[NSFileManager defaultManager] fileExistsAtPath:_logsDirectory])

Code (Line #1132):

        fileAttributes = [[NSFileManager defaultManager] attributesOfItemAtPath:filePath error:nil];

Code (Line #477):

        if (![[NSFileManager defaultManager] fileExistsAtPath:filePath])

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 8 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 8 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

Custodela / iGoat-Swift

CX Jailbrake_File_Referenced_By_Name @ iGoat-Swift/iGoat-Swift/ThirdParty/CocoaLumberjack/DDFileLogger.m [master] #33

SUMMARY

SUMMARY