6

Possible Duplicate:
Why is my string potentially unsecure in my iOS application?

New compiler warning since upgrading XCode to 4.6:

Format string is not a string literal (potentially insecure)

Smallest example demonstrating the warning on both of the final lines:

  for (NSUInteger i = 0; i < 10; i++) {
    NSString *res = [testInstance generate:i];
    NSString *desc = [NSString stringWithFormat:@"TestData: %d", i];
    STAssertNotNil(res, desc);
    STAssertNotEquals(@"", res, desc);
  }

I looked at other questions which concern this warning but they stem from programmers unnecessarily using stringWithFormat: - here I want a dynamic assert description which changes per iteration but not per check.

I can pass the format string and data into the Asserts but then I have to maintain the descriptions independently.

How can I avoid this warning if I require the formatting of a description is prior to using it in a log message or assert call?

Community
  • 1
  • 1
gav
  • 29,022
  • 23
  • 65
  • 90
  • It should be noted that the `stringWithFormat` will be evaluated every iteration, whereas if you placed the format string inside the asserts it would be evaluated only if the assertion fails. – Hot Licks Feb 04 '13 at 18:46

1 Answers1

4

The problem are the non-literal format strings in the assertions. Change them to:

STAssertNotNil(res, @"%@", desc);
STAssertNotEquals(@"", res, @"%@", desc);

Format strings are a common security issue. When they are not visible to the compiler it cannot check them. In your case they've been hidden in desc.

Nikolai Ruhe
  • 81,520
  • 17
  • 180
  • 200
  • Could you elaborate on this? How is it a security issue if the compiler can't check them? – ArtOfWarfare May 07 '13 at 16:58
  • 1
    @ArtOfWarfare Printf style format strings are a common security exploit. When the format string argument is not constant an attacker can inject a forged format string that writes arbitrary data to memory locations outside of the buffer used for printing. See http://en.wikipedia.org/wiki/Uncontrolled_format_string – Nikolai Ruhe May 07 '13 at 17:11