New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Persistent Dictionary: Secure Coding Support #604
Conversation
- (BOOL)canStoreObject:(id)anObject { | ||
for (Class supportedClass in self.supportedObjectTypes) { | ||
if ([anObject isKindOfClass:supportedClass]) { | ||
return YES; | ||
} | ||
} | ||
|
||
return NO; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to check recursively in case of NSArray / NSDictionary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reasoning behind that assertion is: ObjC doesn't really have Generics, but "Lightweight Generics".
You can set a __covariant
type in the header file, but it's only for Swift bridging. So I tried to do something that, at least, would give you a warning.
In our specific use case, all of the dictionaries contain either Strings or Numbers (everything is generated by a single API), so no need to validate further).
Plus the serialization invocation itself would blow up, if you pass along a non NSSecureCoding compliant class.
Thank you for bringing that up!!
/// Indicates if the stored `Supported Object Types` should be required to conform to NSCoding. Defaults to YES | ||
/// | ||
@property (nonatomic, assign, readwrite) BOOL requiringSecureCoding; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is requiringSecureCoding
only used for unit tests? Maybe it's good to mention it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
YES! Only for testing purposes, good call!!
Thank you @eshurakov !! |
Details:
In this PR we're patching up SPPersistentMutableDictionary so that it supports the new Secure Coding API.
@eshurakov May I bug you with this one as well?
Thank you!!
Closes #603
Note:
The flag
requiresSecureCoding
(NSKeyedArchiver / NSKeyedUnarchiver), as per the documentation, will enforce that persisted / restored classes conform to NSSecureCoding.However, it does not allow us to turn On / Off encryption. For such reason, a migration is not necessary.
Plus: A new Unit Test has been added to verify that "Unsecure Archives" can be opened when this flag is On.
Testing: