2

Why is my NSMutableString potentially insecure? I searched for this but couldn't find anything.

int hour = [number intValue] / 3600; 

NSMutableString *time = [[NSMutableString alloc] initWithString:@""];

if (hour < 9) {
    [time appendFormat:@"0"];
    [time appendFormat:[NSMutableString stringWithFormat:@"%d:", hour]];
}

What's wrong with it? This is the first time I've seen this.

jscs
  • 63,694
  • 13
  • 151
  • 195
Tomasz Szulc
  • 4,217
  • 4
  • 43
  • 79
  • 1
    I'm not sure what you're asking here. It would help if you explained why you think this string is "potentially insecure". – Jonah Sep 11 '12 at 17:18
  • 1
    possible duplicate of [Why is my string potentially unsecure in my iOS application?](http://stackoverflow.com/questions/9961363/why-is-my-string-potentially-unsecure-in-my-ios-application) – jscs Sep 11 '12 at 17:19
  • Also similar to: http://stackoverflow.com/questions/5428325/issue-with-code-format-string-is-not-a-string-literal – woz Sep 11 '12 at 17:20
  • You searched for this? Really? [Googling "objective-c potentially insecure"](http://www.google.com/search?ie=utf8&oe=utf8&q=objective-c+potentially+insecure&nfpr=1) brings up a first page full of helpful-looking links for me. Can you elaborate on the warning you're getting and why previous questions didn't help you? – jscs Sep 11 '12 at 17:21

2 Answers2

10

Change this:

[time appendFormat:[NSMutableString stringWithFormat:@"%d:", hour]];

To this:

[time appendFormat:@"%d:", hour];

The appendFormat method is expecting you to pass a string with format, not an NSMutableString. This screenshot shows it:

enter image description here

woz
  • 10,888
  • 3
  • 34
  • 64
0

This doesn't answer the question asked here but it looks like the provided code is attempting to reinvent existing format string options.

[NSMutableString stringWithFormat:@"%02d:", hour] will print a two digit integer value with leading zeros.

Jonah
  • 17,918
  • 1
  • 43
  • 70
  • True, but I think this should be a comment, seeing that it doesn't answer the question. – woz Sep 11 '12 at 17:23