MITM attack reported on deprecated NSURLConnectionDelegate - ios

I have an Objective-C project whose .ipa was tested with this tool online: https://www.immuniweb.com/mobile
It reports that my app has a high risk security issue, pointing to the canAuthenticateAgainstProtectionSpace in the NSURLConnectionDelegate protocol.
This method has been deprecated by iOS after 8.0 version. My app is not using it directly anywhere and I suppose this is not used by apple also even indirectly, since it is deprecated.
I tried a sample ipa (new project with nothing in it) with Objective-C project and the same issue came for that as well. But it did not come for a sample ipa which supported Swift. Even if this is just a warning, is there a way to fix other than just supporting Swift language only?

The tool has detected that the .h file that defines the NSURLConnectionDelegate protocol declares the canAuthenticateAgainstProtectionSpace function. This is, of course, to be expected.
It would make more sense for the tool to report implementations of the method, not simply declarations of it
Since you haven’t implemented this method you don’t need to worry about flaws in your implementation.
As for getting rid of the issue...Don’t use the tool? It doesn’t seem very good based on this.
Is there an option to tell it not to scan .h files?

TBH it seems like a bug in the tool if not any of your Libraries or Frameworks internally uses that.
In your test for the sample Objective C project it's reported as bug however for a sample swift project it's not reported Hence I guess it's more of bug from the tool side.
I would suggest you to report this issue to them.Hopefully they will get you back with some suggestions.
or
you can try some other pen-testing tools as well.

Related

How to wrap existing iOS code in a new Appcelerator module?

This seems like a basic request, but I can't find the answer to it anywhere. I want to wrap some existing iOS code that I wrote, in a Appcelerator module. That's it. Important points:
I am NOT wrapping a pre-existing 3rd party iOS SDK.
I wrote the iOS code being wrapped.
Code is verified as working within xcode.
There are no .a files. There are 2x .h files and 2x .m files though.
There are no UI elements in the iOS code as it is only designed to connect the native bluetooth hardware to the app.
I have created a generic appcelerator iOS module project, built it, and successfully called the generic ID function within my app.
I cannot figure out how to successfully edit the generic module so that it utilizes my code. Every attempt results in it refusing to compile, and it's maddening.
I do not have access to Hyperloop.
Once I can successfully build the wrapped module, I would call an initialization function which triggers a native bluetooth hardware search. Once connected, there are functions within the module to send commands to the hardware and receive data back. This is the official documentation I've followed so far:
http://docs.appcelerator.com/platform/latest/#!/guide/iOS_Module_Quick_Start
That helped me build the blank module, include it in the app, and ensure that it worked by calling the built in test property. From there it stops short of actually telling me what I need to know. These are the closest things I've found so far, while still not being what I need:
http://docs.appcelerator.com/platform/latest/#!/guide/iOS_Module_Project-section-43288810_iOSModuleProject-AddaThird-PartyFramework
appcelerator module for existing ios project sdk
Heck, I still don't even know if I can do this within studio or if I have to edit the generic module in Xcode. Help! :) Many thanks in advance.
so first of all, this is not best practice and will cause possible problems in the future when the SDK changes and your module still relies on outdated core API's.
Regarding your question, you could either create a new component that subclasses the existing class, e.g.
class TiMyModuleListViewProxy : TiUiListViewProxy {
}
and call it with
var myList = MyModule.createListView();
or you write a category to extend the existing API with your own logic, e.g.
#interface TiUIListViewProxy (MyListView)
- (void)setSomethingElse:(id)value;
#end
#implementation TiUIListViewProxy (MyListView)
- (void)setSomethingElse:(id)value
{
// Set the value of "somethingElse" now
}
#end
I would prefer the second option since it matches a better Objective-C code-style, but please still be aware of the possible core-changes that might effect your implementation in the feature. Thanks!

Generic implementation of 3rd party Libraries and Frameworks in Swift

I see there’s many libraries, open source, like Cocos2d, ShareKit, FormatterKit, etc. that seems up to date. (Check GitHub).
But still, implementation, snippets, samples and manual are intended to be written in Objective-C.
But, a method is a method… I think… If I get an instance of any framework/library of these and I call the method in a full Swift enviroment, would I be affected behind the scenes?
After June WWDC Swift gonna get serious, Apple is pushing hard, I’m just getting ready for the move and I don’t want my Apps to implement a soon-to-be deprecated library implementation in Objective-C.
I do not understand your question so much that I will regard your question as "Is it possible to use the Objective-C&Swiftin the same project?"
Yes, Apple claimed that developers can use Bridging-Header to implement double languages development, whatever your main developing language is ObjC or Swift. The specific details and theories about it you shall check from there.
Next I want to tell you some errors occurred in my project when I used Bridging-Header.
I always meet this kind of problem like import 'file not found'. I think you can try to check your file&folder hierarchy. Such as you have a root folder named Project, as is often the case, there is another Project in your previous Project, the root folder.
And Checking the Objective-C Bridging Header in the Build Setting. Sometime error can occurred for Project/Project/Bridging-Header.h. And the error can be corrected by changing the definition as Project/Bridging-Header.h.
If the location of Bridging-Header.h is not matching with the definition in the Build Setting, the error like import file not found will occur.
I just tell your my solution for Bridging issue I already met, I hope it can help you.

AppCode + swift - no code completion and no quick documentation

Do anyone know how to enable code completion and quick documentation in AppCode(3.1.1) for swift?
I have updated Xcode I've downloaded documentation in Xcode preferences.
I set correct path to Xcode in my AppCode but still I got no support in AppCode regarding to completion and quick documentation.
This support is in XCode but I am java dev so for me better thing is to use Jetbrains tool instead of using Apple one.
Project that I've opened in AppCode was created in XCode.
I've downloaded this documentation in XCode.
I've searched a lot in the net but there are only slogans about features of AppCode
can do that this, is doing this and that
Only one thing related to path to XCode I found in this property
but none of those I can see... I believe that I haven't enabled it yet.
For me AppCode is more user friently tool because like I said I am used to Intellij for Java development and I am trying to use this tool because it is quicker for me to work with sth that I've used to than sth that is completly new for me(conceptually - XCode).
Do you have any advices about that?
I asked my quesetion to AppCode support. They responded:
Rafal, Your configuration seems correct. Please see comments
below: 1) regarding code completion in Swift - we have part of work
done in that area, and part of tasks still in progress. Can you share
a code snippet where you experience issues with completion? 2)
regarding quick documentation - this feature is not yet ready for
Swift. You can track its progress here.
This mean that I can not expect from AppCode features that was advertised in terms of swift language.

How can frameworks used by a static library be automatically imported on iOS?

My company makes a static library for iOS apps. One annoying step for developers is that they have to manually link against all the required frameworks that the library uses, and failing to do so leads to somewhat confusing compiler errors.
I would have previously thought this wasn't possible, but the company Chartboost claims to automatically link against non-default frameworks like AdSupport and StoreKit. Based on my testing in their sample app (available from the linked page), so far this appears to be the case (Even when disabling "Enable Modules" and "Link Frameworks Automatically" in the app that links against the static library).
Is there some way to enable this feature when creating a static library? I've tried enabling modules and the "Link Frameworks Automatically" LLVM options in Xcode, but so far haven't been able to get it working.
There's a piece of code called CBDynamicallyLoadedDependencies that calls dlopen() on the appropriate system library before making the function or method call.
My original answer wasn't correct. the dlopen() call is just in the x86 code. On the device, it's something different, but my ARM assembly isn't strong enough to figure it out. All I can say is that there's a piece of code that's acting as a trampoline to the desired functions and that references the system library files (like /System/Library/Frameworks/AdSupport.framework/AdSupport).
But the point is that it's not a simple project trick that makes it work normally. There's internal code involved.
They might use modules you mentioned and #import instead of #import, which should make the libraries link automatically.
For reference, check this question.
This might not be what you're looking for, but if you don't yet support Cocoapods, I would strongly advise taking a look:
http://cocoapods.org/
(Edit: Cocoapods is essentially linked to Xcode. Other IDEs will need another solution.)
You can advertise Cocoapods to developers as the "easy" way to work with your library, and the manual method as...well, the manual method. ;)
I'm not aware of any industry resistance to Cocoapods, so I don't see a downside to supporting it, and it does solve the problem you're talking about (albeit in a roundabout sort of way).
Also I've found Chartboost VERY developer-friendly. You might even reach out to them and ask.

Theos preference loader + tweak error

I am making a cydia tweak with a preference bundle using theos in my iPhone
But I'm getting this error!
This is the code I have in:
PSListController
(I have no idea where is the error in my code. The code is too long to paste here. I made a link to my codes)
http://pastebin.com/gQvYvB89
How do I solve this problem?
This isn't an answer but it won't allow me to comment.
A good alternative to IOSOpenDev is Theos, this is more like you are used to as it works the same as on your iphone. You use the make command and have templates.
Installation is fairly involved but here is a good guide.
http://brandontreb.com/beginning-jailbroken-ios-development-getting-the-tools
You should add #import <UIKit/UIKit.h> at the beginning of the header file (this is a common thing: if you encounter a system defined class or protocol - basically every class that starts with NS or UI and some others - you should remove the header generated by class-dump and import the system header, this will save you a lot of headaches).
By the way, you should really NOT compile stuff on device because the GCC that there's on Cydia is very outdated (I think it's from the iOS 3.x days) and using Theos is a pain in the ass anyway: there is another framework that'll help you building preference bundles (and tweaks, siri extensions, toggles for SBSettings, ...), it's called iOSOpenDev and it lets you use Xcode for these projects, which is a MAJOR improvement over compiling on device from the command line (so without code completion, syntax highlighting and all those great improvements Xcode can give you).
PS: if you choose to move to iOSOpenDev feel free to ask for explanations, I have some experience with it ;)

Resources