Xcode Runtime warning about NSKeyedArchiver secure coding
eshiehz opened this issue · 7 comments
While running in Xcode debugger, in Flurry 11.2.0, Xcode 12.3 reports a warning while running in simulator on iOS 14.3, iPhone 12 Pro Max:
*** -[NSKeyedUnarchiver _warnAboutNSObjectInAllowedClasses]: NSSecureCoding allowed classes list contains [NSObject class], which bypasses security by allowing any Objective-C class to be implicitly decoded. Consider reducing the scope of allowed classes during decoding by listing only the classes you expect to decode, or a more specific base class than NSObject. This will be disallowed in the future.
Placing a breakpoint at the symbol, here's the stack trace pointing to Flurry as the source:
- frame #0: 0x00007fff20741019 Foundation
-[NSCoder _warnAboutNSObjectInAllowedClasses] frame #1: 0x00007fff207cdcfd Foundation-[NSKeyedUnarchiver _validateAllowedClassesContainsClass:forKey:] + 92
frame #2: 0x00007fff20741828 Foundation-[NSCoder _validateAllowedClass:forKey:allowingInvocations:] + 32 frame #3: 0x00007fff207cf007 Foundation_decodeObjectBinary + 2325
frame #4: 0x00007fff207ce0ab Foundation_decodeObject + 152 frame #5: 0x00007fff207cdf96 Foundation-[NSKeyedUnarchiver decodeObjectForKey:] + 162
frame #6: 0x00007fff207ce334 Foundation-[NSKeyedUnarchiver decodeObjectOfClasses:forKey:] + 379 frame #7: 0x00007fff2073fd57 Foundation-[NSCoder __tryDecodeObjectForKey:error:decodeBlock:] + 88
frame #8: 0x00007fff20740bf9 Foundation-[NSCoder decodeTopLevelObjectOfClasses:forKey:error:] + 93 frame #9: 0x00007fff207cc766 Foundation+[NSKeyedUnarchiver unarchivedObjectOfClasses:fromData:error:] + 124
frame #10: 0x00007fff207cc47f Foundation+[NSKeyedUnarchiver unarchivedObjectOfClass:fromData:error:] + 112 frame #11: 0x000000010f8e13f9 Flurry_iOS_SDK-[FlurryKeychainWrapper objectForKey:] + 113
frame #12: 0x000000010f90bea6 Flurry_iOS_SDK+[FlurryReportingSource initialTimestampWithApiKey:withStartUpTime:] + 195 frame #13: 0x000000010f90bd9c Flurry_iOS_SDK-[FlurryReportingSource onqueue_createInitialTimestampIfNeededWithApiKey:startUpTime:] + 85
frame #14: 0x000000010f90af57 Flurry_iOS_SDK__50-[FlurryReportingSource startReportingWithApiKey:]_block_invoke + 39 frame #15: 0x000000010f8f4620 Flurry_iOS_SDK__30-[FlurryActor wrapAsyncBlock:]_block_invoke + 220
This Bug is About
Please choose the closest item by replacing [ ] with [x].
- [x ] Integration
- Analytics
- Ads
- Messaging/Push
- IAP
- Remote Configuration
- Flurry Website/Dashboard
- Other
Platform
Please choose the platform(s) that you are having the issue by replacing [ ] with [x].
- [ x] iOS
- tvOS
- WatchOS
Environment
Please tell us the versions of Flurry SDK, XCode, and iOS you are using.
- Flurry SDK: 11.2.0
- XCode:12.3
- iOS: 14.3
To Reproduce
Steps to reproduce the behavior:
- Integrate Flurry as normal
- Run under Xcode debugger on iOS simulator
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Are you using Flurry Push/Messaging? Yes / No
(iOS) Are you using CocoaPods or manual binary integration? Yes / No
Add any other context about the problem here.
@eshiehz Thank you for using Flurry Analytics. We will be providing a fix for this issue in our next GA release.
Still not fixed. Was this supposed to be included in 11.2?
Still not fixed. Apparently not dangerous, but still annoying
@davewhipps @224XS the fix is in v11.2.1, and please update your sdk version.
@hantao-flurrydev Thanks! I'm using swift package manager, so I guess it'll be a little while before they deploy the fix? I tried updating and 11.2.0 still seems to be the latest.
@dwhipps - We are planning a release of 11.2.1 as a Swift Package and it has been delayed while we test the new xcframeworks on the M1 Mac platform. This should be completed by next week. I can provide you the new xcframeworks directly. If you are interested please reach out to me at hhays @ verizonmedia.com