search

Custodela / iGoat-Swift

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
https://igoatapp.com/
GNU General Public License v3.0
0 stars 0 forks source link

CX Unchecked_CString_Convertion @ iGoat-Swift/iGoat-Swift/ThirdParty/CocoaLumberjack/DDTTYLogger.m [master] #38

Open tsunez opened 4 years ago

tsunez commented 4 years ago

Unchecked_CString_Convertion issue exists @ iGoat-Swift/iGoat-Swift/ThirdParty/CocoaLumberjack/DDTTYLogger.m in branch master

The element app at line 810 of iGoat-Swift\iGoat-Swift\ThirdParty\CocoaLumberjack\DDTTYLogger.m contains a C-String that was converted from a CFString object. The length of app was not checked after conversion.

Severity: Low

CWE:252

Vulnerability details and guidance

Checkmarx

Recommended Fix

Lines: 851 1427 1462 840 1224

Code (Line #851):

        BOOL processedID = [processID getCString:pid maxLength:(pidLen+1) encoding:NSUTF8StringEncoding];

Code (Line #1427):

            BOOL fgCodeRawEsc = [fgCodeRaw getCString:(fgCode+len1) maxLength:(len2+1) encoding:NSUTF8StringEncoding];

Code (Line #1462):

            BOOL bgCodeRawEsc = [bgCodeRaw getCString:(bgCode+len1) maxLength:(len2+1) encoding:NSUTF8StringEncoding];

Code (Line #840):

        BOOL processedAppName = [appName getCString:app maxLength:(appLen+1) encoding:NSUTF8StringEncoding];

Code (Line #1224):

        BOOL logMsgEnc = [logMsg getCString:msg maxLength:(msgLen + 1) encoding:NSUTF8StringEncoding];
tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)

tsunez commented 4 years ago

Issue still exists.

SUMMARY

Issue has 5 vulnerability/vulnerabilities left to be fixed (Please scroll to the top for more information)