Closed julianrex closed 3 years ago
After a bit more investigation, I've identified the root cause of this issue…
In loadPendingTelemetryMetricsEvent
which @julianrex identified above, MMEEvent
encodes its _attributesStorage
NSDictionary. This dictionary contains numbers, strings, and possibly other types, so in the corresponding decode invocation, we need to allow whichever types could potentially be nested within that dictionary:
When I was testing this locally, I only saw NSNumber and NSString in this dictionary, but someone more familiar with MMEEvent
should audit the list of types that could potentially be included:
_attributesStorage = [aDecoder decodeObjectOfClasses:[NSSet setWithObjects:NSDictionary.class, NSNumber.class, NSString.class, nil] forKey:MMEEventAttributesKey];
The documentation comments indicate that attributes must be "a dictionary for which [NSJSONSerialization isValidJSONObject:]
returns YES
".
NSJSONSerialization's docs indicate that the list of allowed types are:
NSArray
, NSDictionary
, NSString
, NSNumber
, NSNull
Based on that, we should update the decode invocation to:
_attributesStorage = [aDecoder decodeObjectOfClasses:[NSSet setWithObjects:NSArray.class, NSDictionary.class, NSString.class, NSNumber.class, NSNull.class, nil] forKey:MMEEventAttributesKey];
Configuration
Steps to Reproduce Any app/example (on device) should trigger this, but I've been running the
Show 3D Terrain
example:When
[unarchiver decodeObjectOfClass:MMEEvent.class forKey:NSKeyedArchiveRootObjectKey];
is called in inloadPendingTelemetryMetricsEvent.
We see a lot of the following warnings:Changing this call to
[unarchiver decodeObjectOfClasses:classes forKey:NSKeyedArchiveRootObjectKey];
(where classes include the types in the warning log), made no difference. I'm not sure where we need to specify the "allowed classes".Note that other calls that use secure coding (archive and unarchive) do not trigger the warnings, but I think that's just luck, and we should address each call site.
NSCoder
has anallowedClasses
property (and similarlyNSSecureUnarchiveFromDataTransformer
hasallowedTopLevelClasses
), but this is read-only;Subclassing
NSKeyedUnarchiver
and setting theallowedClasses
does appear to fix this issue.References: