You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR addressed most of the requirements to support NSSecureCoding. In order to take advantage of this, all instances of [ decodeObjectForKey:] should be replaced with [ decodeObjectOfClass: forKey:] or its cohorts, and - requiresSecureCoding should be implemented and respond with YES (Apple documentation).
FIRMessagingAPNSInfo.m and FIRMessagingTokenInfo.m both are currently using [ decodeObjectForKey:] with subsequent checks to make sure they got what they were expecting. While this is a start at preventing object substitution attacks, potentially bad objects are still decoded, and any security code scan still spots the insecure [ decodeObjectForKey:] statements.
Firebase SDK Version
10.21
Xcode Version
15.1
Installation Method
CocoaPods
Firebase Product(s)
Messaging
Targeted Platforms
iOS
The text was updated successfully, but these errors were encountered:
Description
This PR addressed most of the requirements to support NSSecureCoding. In order to take advantage of this, all instances of
[ decodeObjectForKey:]
should be replaced with[ decodeObjectOfClass: forKey:]
or its cohorts, and- requiresSecureCoding
should be implemented and respond with YES (Apple documentation).FIRMessagingAPNSInfo.m and FIRMessagingTokenInfo.m both are currently using
[ decodeObjectForKey:]
with subsequent checks to make sure they got what they were expecting. While this is a start at preventing object substitution attacks, potentially bad objects are still decoded, and any security code scan still spots the insecure[ decodeObjectForKey:]
statements.Firebase SDK Version
10.21
Xcode Version
15.1
Installation Method
CocoaPods
Firebase Product(s)
Messaging
Targeted Platforms
iOS
The text was updated successfully, but these errors were encountered: