bmxav
commented
2 months ago Thanks for the report @kjcjohnson! I have recently been looking into how we can restructure the IR directory to better reflect the archive layout and this is a great example. I'll take a look to see what can be done here.
If an archive has two frameworks with the same name but different platform (e.g., iOS vs. watchOS), these end up in the same IR folder, despite being separate frameworks and fully supported by Xcode.
Example (based on a true story) An iOS app (MyApp) has an embedded watchOS app. Both need functionality provided by
Foo.framework, but some iOS-specific APIs are called in Foo, so we have two targets:FooandFoo_watchOS, both of which are configured to build to aFoo.framework. Since these are separate platforms, Xcode keeps everything separate (e.g., in Debug-iphoneos and Debug-watchos derived data folders), and they end up in separate folders in the xcarchive like:Note that these are not the same framework! They're based on the same code, but have slight differences based on the SDK and any conditional compilation needed to support the different platforms.
However, after running
gen-ir, only a singleIR/Foo.frameworkfolder exists. From the logs, it looks likegen-iris properly picking up the separate targets and running the compiler commands, but bitcode from both are being dumped into the same output directory!Impact We don't get both platform versions to scan. The "Review Modules" page in Veracode shows most frameworks as iOS, but a few as watchOS:
So it looks like whether or not a framework ends up being watchOS or iOS is "random". Furthermore, it doesn't show the other platform version as "missing".
Suggested Fix Unclear. It seems like the
IRfolder structure doesn't account for two distinct frameworks with the same name, which are otherwise valid in the xcarchive and project due to having different platforms.