You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using “NSData+CommonCrypto”. We are facing security issue raised By Veracode Scanning Report. Please check the following details for issue provided by Veracode.
Description:
Error handling problems occur when an application does not properly handle errors that occur during processing. If a function does not generate the correct return/status codes, or if the product does not handle all possible return/status codes that could be generated by a function, then security issues may result. Similarly, failing to catch an exception thrown by a function can potentially cause the program to crash or to behave in an unexpected manner.
This type of problem is most often found in edge conditions that are rarely encountered during normal application use. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger these edge conditions.
Recommendations:
Never ignore return codes, assuming that a function will always succeed. Check for and handle all possible return codes to ensure that all scenarios are covered, including boundary or edge conditions. Subject the application to extensive testing to discover some of the possible instances of where and how errors or return values are not handled.
Use a standard exception handling mechanism to be sure that the application properly handles all types of processing errors. Do not allow the application to throw errors up to the application container, generally the web application server.
Associated Flaws by CWE ID:
Unchecked Error Condition (CWE ID 391)(1 flaw)
Description : The result of this call are not captured. Failing to check the return code can result in unexpected behavior.
Recommendations : Check the function return code for success
Class - NSData+CommonCrypto.m : Location line number 346
`void * buf = malloc( bufsize );`
The text was updated successfully, but these errors were encountered:
We are using “NSData+CommonCrypto”. We are facing security issue raised By Veracode Scanning Report. Please check the following details for issue provided by Veracode.
Description:
Error handling problems occur when an application does not properly handle errors that occur during processing. If a function does not generate the correct return/status codes, or if the product does not handle all possible return/status codes that could be generated by a function, then security issues may result. Similarly, failing to catch an exception thrown by a function can potentially cause the program to crash or to behave in an unexpected manner.
This type of problem is most often found in edge conditions that are rarely encountered during normal application use. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger these edge conditions.
Recommendations:
Never ignore return codes, assuming that a function will always succeed. Check for and handle all possible return codes to ensure that all scenarios are covered, including boundary or edge conditions. Subject the application to extensive testing to discover some of the possible instances of where and how errors or return values are not handled.
Use a standard exception handling mechanism to be sure that the application properly handles all types of processing errors. Do not allow the application to throw errors up to the application container, generally the web application server.
Associated Flaws by CWE ID:
The text was updated successfully, but these errors were encountered: