Closed batkov closed 2 years ago
Hi @batkov Can you share the false positive result produced by mobsfscan?
I have a few of these:
RULE ID | ios_banned_api CWE | CWE-676: Use of Potentially Dangerous Function MASVS | MSTG-CODE-8 OWASP-MOBILE | M7: Client Code Quality REFERENCE | https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/TP40002577-SW1 DESCRIPTION | The App may contain banned API(s). These API(s) are insecure and must not be used. SEVERITY | WARNING FILES | File Modules/Simulation/Simulation/Unit Tests/Source/Widgets/Tutorials/Swipe Tutorial Widget/View Model/TutorialStateTests.swift Match Position519 - 524 Line Number(s)21 Match String gets(File Modules/Simulation/Simulation/Source/Widgets/Tutorials/Base/TutorialWidgetViewModelFactory.swift Match Position565 - 570 Line Number(s)20 Match String gets( | File | Modules/Simulation/Simulation/Unit Tests/Source/Widgets/Tutorials/Swipe Tutorial Widget/View Model/TutorialStateTests.swift | Match Position | 519 - 524 | Line Number(s) | 21 | Match String | gets( | File | Modules/Simulation/Simulation/Source/Widgets/Tutorials/Base/TutorialWidgetViewModelFactory.swift | Match Position | 565 - 570 | Line Number(s) | 20 | Match String | gets( File | Modules/Simulation/Simulation/Unit Tests/Source/Widgets/Tutorials/Swipe Tutorial Widget/View Model/TutorialStateTests.swift Match Position | 519 - 524 Line Number(s) | 21 Match String | gets( File | Modules/Simulation/Simulation/Source/Widgets/Tutorials/Base/TutorialWidgetViewModelFactory.swift Match Position | 565 - 570 Line Number(s) | 20 Match String | gets(
However we have a lot of widgets, so any method named widgets
gets flagged e.g. testShouldNotShowObjectiveTutorialForNonTextWidgets
Hi,
I have an entity in the application which is called
Budget
. The plural form is used for different variants of functions like,getBudgets()
,enum Endpoint { case budgets }
, etc. I'm receiving logs that it is somehow banned API.I believe the tool is mixing the ending of function with c func
char *gets(char *str)
Please take a look.
Regards, Kharyton