search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Unchecked_CString_Convertion @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Internal/YapDatabaseString.h [master] #37

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Unchecked_CString_Convertion issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/YapDatabase/Internal/YapDatabaseString.h in branch master

The element str at line 75 of iGoat-Swift\iGoat-Swift\ThirdParty\YapDatabase\Internal\YapDatabaseString.h contains a C-String that was converted from a CFString object. The length of str was not checked after conversion.

Severity: Low

CWE:252

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 95

Code (Line #95):

        [nsStr getCString:dbStr->str maxLength:(dbStr->length + 1) encoding:NSUTF8StringEncoding];
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 1 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)