Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various Firebase types does not conform to NSSecureCoding #3686

Open
clausjoergensen opened this issue Aug 26, 2019 · 1 comment · Fixed by #7831
Open

Various Firebase types does not conform to NSSecureCoding #3686

clausjoergensen opened this issue Aug 26, 2019 · 1 comment · Fixed by #7831
Assignees
@ncooke3
Labels
api: messaging

Comments

@clausjoergensen
Copy link

[READ] Step 1: Are you in the right place?

Yes

[REQUIRED] Step 2: Describe your environment

  • Xcode version: 10.3
  • Firebase SDK version: 5.16
  • Firebase Component: Core, Messaging
  • Component version: 5.16

[REQUIRED] Step 3: Describe the problem

Our security team scanned our code and dependencies for vulnerabilities and found that the following classes did not conform to NSSecureCoding making them vulnerable to object substitution attacks:

FIRMessagingTopicBatch, FIRInstanceIDAPNSInfo, FIRInstanceIDTokenInfo and FIRMessagingPendingTopicsList

Steps to reproduce:

Open up the header files, note that they conform to NSCoding, and not NSSecureCoding.

Relevant Code:
@maksymmalyhin maksymmalyhin mentioned this issue Aug 27, 2019
Merged
@charlotteliang charlotteliang mentioned this issue Feb 5, 2020
Merged
@charlotteliang charlotteliang mentioned this issue Apr 2, 2021
Merged
@charlotteliang charlotteliang reopened this Apr 5, 2021
@charlotteliang
Copy link
Contributor

We removed NSCoding from Messaging but not InstanceID yet. InstanceID is deprecated and will be removed from Messaging soon. We will keep this open for now.

@ncooke3 ncooke3 assigned ncooke3 and unassigned maksymmalyhin Dec 12, 2021
@charlotteliang charlotteliang removed their assignment Mar 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ncooke3 ncooke3

Labels
api: messaging
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace NSCoding with NSSecureCoding firebase/firebase-ios-sdk
7 participants
@paulb777 @clausjoergensen @maksymmalyhin @morganchen12 @google-oss-bot @charlotteliang @ncooke3