Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
434 views
in Technique[技术] by (71.8m points)

objective c - Why is my string potentially unsecure in my iOS application?

I am initializing a mutable string and then logging it as follows.

NSMutableString* mStr = [[NSMutableString alloc] init];
mStr = (NSMutableString*) someTextFieldIbOutlet.text;
NSLog((NSString *) mStr);

The code works and runs, but I am getting a strange warning (in yellow):

Format string is not a string literal (potentially insecure).

Why?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Well, there are a few problems here.

The first one (and not the one that you asked about) is that you are allocating a new NSMutableString and then simply throwing it away in the second line when you set it to someTextFieldIbOutlet.text. Also, you are casting a non-mutable string to a mutable one which won't actually work. Instead, combine the first two lines like this:

NSMutableString* mStr = [NSMutableString stringWithString:someTextFieldIbOutlet.text];

The actual error that you are getting is caused because the first argument to NSLog is supposed to be the "format" string which tells NSLog how you want to format the data that follows in later arguments. This should be a literal string (created like @"this is a literal string") so that it can not be used to exploit your program by making changes to it.

Instead, use this:

NSLog(@"%@", mStr );

In this case, the format string is @"%@" which means "Create a NSString object set to %@". %@ means that the next argument is an object, and to replace %@ with the object's description (which in this case is the value of the string).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...