This repository has been archived by the owner on Dec 14, 2023. It is now read-only.
Security threat in LogFile #42
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
I am getting security threat in below code for LogFile.m class
{
NSString* markString = [NSString stringWithFormat:@"%ld", (long)position];
NSString* markPath = [self markPath];
NSError* error = nil;
BOOL r = [markString writeToFile:markPath atomically:YES encoding:NSASCIIStringEncoding error:&error];
if (!r) {
LE_DEBUG(@"Error marking read position to file '%@'", error);
}
self.bytesProcessed = position;
}
Below is the issue description and some suggestions from security tool.
Issue : The call to writeToFile:atomically:encoding:error:() at LogFile.m line 229 uses methods which write to temporary files before writing to the targeted file.
Recommendations- To avoid this problem, work with file descriptors instead of file paths. Initialize an NSFileHandle object with the file descriptor and use NSFileHandle methods to write to the file.
Thanks and Regards,
Usman Ansari
The text was updated successfully, but these errors were encountered: