You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've been running CodeQL scans regularly on our code base and have encountered an issue that I believe needs attention from the maintainers.
Problem
During our latest scan, CodeQL flagged an issue in file Vault/Pods/Iterable-iOS-SDK/swift-sdk/Internal/DeepLinkManager.swift at line number 96 with the following reason & description :
CodeQL
Vault/Pods/Iterable-iOS-SDK/swift-sdk/Internal/DeepLinkManager.swift:96 String length conflation
This String length is used in an NSString, but it may not be equivalent.
Using a length value from an NSString in a String, or a count from a String in an NSString, may cause unexpected behavior including (in some cases) buffer overwrites. This is because certain unicode sequences are represented as one character in a String but as a sequence of multiple characters in an NSString. For example, a 'thumbs up' emoji with a skin tone modifier (👍🏿) is represented as U+1F44D (👍) then the modifier U+1F3FF.
This issue can also arise from using the values of String.utf8.count, String.utf16.count or String.unicodeScalars.count in an unsuitable place.
Recommendation
Use String.count when working with a String. Use NSString.length when working with an NSString. Do not mix values for lengths and offsets between the two types as they are not compatible measures.
If you need to convert between Range and NSRange, do so directly using the appropriate initializer. Do not attempt to use incompatible length and offset values to accomplish conversion.
Example
In the following example, a String is converted to NSString, but a range is created from the String to do some processing on it.
func myFunction(s: String) {
let ns = NSString(string: s)
let nsrange = NSMakeRange(0, s.count) // BAD: String length used in NSMakeRange
// ... use nsrange to process ns
}
This is dangerous because, if the input contains certain characters, the range computed on the String will be wrong for the NSString. This will lead to incorrect behaviour in the string processing that follows. To fix the problem, we can use NSString.length to create the NSRange instead, as follows:
func myFunction(s: String) {
let ns = NSString(string: s)
let nsrange = NSMakeRange(0, ns.length) // Fixed: NSString length used in NSMakeRange
// ... use nsrange to process ns
}
This issue needs to be addressed to prevent it from being flagged in future scans.
Request:
Could the maintainers please review this issue. Our goal is to ensure that this particular CodeQL scan issue is resolved in upcoming scans to provide more security on the codebase.
Additional Information
We are using the cocoapod dependency manager for using Iterable with version-> 'Iterable-iOS-SDK', '6.5.4'
Thank you for your attention to this matter.
The text was updated successfully, but these errors were encountered:
Hi Team,
We've been running CodeQL scans regularly on our code base and have encountered an issue that I believe needs attention from the maintainers.
Problem
During our latest scan, CodeQL flagged an issue in file
Vault/Pods/Iterable-iOS-SDK/swift-sdk/Internal/DeepLinkManager.swiftat line number96with the following reason & description :This issue needs to be addressed to prevent it from being flagged in future scans.
Request:
Could the maintainers please review this issue. Our goal is to ensure that this particular CodeQL scan issue is resolved in upcoming scans to provide more security on the codebase.
Additional Information
We are using the cocoapod dependency manager for using Iterable with version->
'Iterable-iOS-SDK', '6.5.4'Thank you for your attention to this matter.
The text was updated successfully, but these errors were encountered: