We have a app inside which we have the mac executable. When we try to execute strings app_executable | grep User we get a particular file name with the full path as the output.
This should not happen as it is vulnerable and also it tells the developer's name and the folder structure details.
Kindly let me know how to avoid this.
The front end code is written in objective c.
The reason for this is that we use NSAssert() in our code which will lead to having the strings present in your executable which might disclose unwanted information about the project. To avoid this we can have NS_BLOCK_ASSERTIONS in the Project settings under preprocessoor macros for Release mode which will fix this or else we need to make sure the NSAssert is absolutely required if not, we can remove it.
Preprocessor Macros
Release - NS_BLOCK_ASSERTIONS
Related
This question already has answers here:
AFNetworking.h file not found
(5 answers)
Closed 1 year ago.
#import <AFNetworking/AFNetworking.h>
I imported AFNetworking.h file to .m file but an error occurred like this:
'AFNetworking/AFNetworking.h' file not found
I deleted pods folder and Podfile.lock, and reinstalled Podfile but didn't solved. What should I do? (I opened the workspace file.)
Linking !== Copying.
there is C style #include ... and Objective-C style #import ...
both work almost the same..
where #import reads the header but does not include again if done once. As this can and does fail sometime (usually because mixing C,C++,Objc,Objc++ in different dialects) we often use #define rules to make sure the enclosed code is read once for sure and not again, which in turn works also when code is included and declared with #include. It would be included but not compiled twice.
#ifndef SOME_HumanReadableFlag_h
#define SOME_HumanReadableFlag_h
// ... your header code here..
#interface XyzObject : FromInheritedClass
#end
#endif
Now why does it matter?
It might happen that a #define rule enclosing the header files content hides the header from the viewpoint of other classes.. This can & does happen often when classes are not properly written with the end developers structure in mind. It might work on the workbench of the developer but not for everyone else implementing it.
Your error clearly tells "File not found .."
So first see what both import/include rules differentiate in general
#import <LibFrameworkName/LibFrameworkName.h>
means you have to link the framework or library, even if you developed one on your own in that project. The rule is relative to your project, LibFrameworkName is a Framework/Lib. Where if found somewhere #include <LibFrameworkName/LibFrameworkName.h> is not correct unless you want to c-style include this framework header into your binarys header, 2) tells you a bit about why..
#import "LibFrameworkName/LibFrameworkName.h"
means you have to copy/offer this header into your project with a subfolder with name LibFrameworkName. Once somewhere declared properly Xcode might find and apply the headers even if declared with the wrong rule later on in that specific class, you should also get a warning in the IDE then. In case of AFNetworking you dont want to copy System SDK Frameworks into your project, also not into third party frameworks unless you know what you do. This rule is relative to the files place in project structure, meaning here it would try to look out for some folder with name LibFrameworkName below the file that carries this rule.
what it says: because the Framework is not linked, the compiler tries to find it with the given name ignoring < & > so as if it where like 2) a file with that folder name, then will not find it and throws the error or warning.
To force the precompiler to parse thru some specific folders we use sometime the header search path to explicit tell where to find it. Widely used and mostly troublesome because it also hides wrongly defined rules to the developer as Xcode skips the still existing wrong import rules in code assuming it knows this headers already. Or it throws warnings while everything is actually fine. Other developers experience trouble then, the file structure and header list don't match at all. So keep in mind, when you can avoid making use of header search path lists, go for it. It also will and should not fix your issue.
'<AFNetworking/AFNetworking.h>' File not found means a Framework module is not known to your project. This header is part of a Framework.
Solution: You have to go to your Projects Settings and scroll down to Frameworks and Libraries, hit [+] below this list. It should open the dialog presenting all SDK from your choosen Project Target and all known Pods or known frameworks of your own project when you developed some. Search for the Framework or Lib by name, click it, hit "Add".. done..
From there - there are some options to get used to it..
Because Linking does not mean Copying into your Resources at compile time by default. Usually Xcode knows it does not have to copy System SDK into a projects Framework Folder, all macUsers have those Frameworks preinstalled on their system of course in the right version.. Linking against some specific folder like ${SOMEFLAGWHEREEVERTHISPOINTSTO}/AFNetworking/AFNetworking.framework/Headers is actually wrong unless someone wanted to overrule the systems framework header and maybe also binary.
So AFNetworking should not appear under Build Phases > Copy Bundle Ressources list but after the process above is done it will appear under Link Binary with Libraries, it might also be placed in Dependencies when Xcode needs to know for some Library/Framework it must have this to compile. Last mentioned option is because you could have a framework that adapts at runtime when some framework is missing or not available. So this Entry helps Xcode to figure out in which sorting it has to compile your stuff.
finding ${PODS_CONFIGURATION_BUILD_DIR}/AFNetworking/AFNetworking.framework/Headers in Header Search Paths there must be something wrong i guess.. because the framework is very likely not copied into the Pods folder. It should be relative to your SDKs folder that come with Xcode. The Linking process told above should fix that and you can erase that entry from your header search path then.
I'm converting a project from Autotools to CMake.
We have a configure.ac file, with the statement:
AC_CHECK_LIB([gsuffix], [gsuffix_create], [], AC_MSG_ERROR([Can not find gsuffix library]))
I want to replace it to cmake, and not sure how (it doesn't have pkg-config)
What I need is:
check libgsuffix exists and find path.
Check gsuffix_create exists in libgsuffix
Add -lgsuffix to compilation - this I think I know how to do.
Can anyone point me to the right direction?
There is no one to one translation. In general, with CMake you don't check whether every header and every library actually works. If you find the file, you assume it will do the trick.
Maybe find_package is right for you, depending someone already wrote such a test or your library provides an according config file.
Find_library is meant to find libraries, but by name.
If you really have to check that your library works, use CheckLibraryExists.
As mentioned, did not find anyway to do this with one command.
I didn't have enough time to understand how to do something completely generic, so I can give my skeleton for a FindGSUFFIX.cmake:
FIND_LIBRARY(GSUFFIX_LIBRARY NAMES gsuffix)
INCLUDE(CheckLibraryExists)
CHECK_LIBRARY_EXISTS(gsuffix gsuffix_create ${GSUFFIX_LIBRARY} GSUFFIX_VERIFIED)
# Handle the QUIETLY and REQUIRED arguments and set PCRE_FOUND to TRUE if all listed variables are TRUE.
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(GSUFFIX DEFAULT_MSG GSUFFIX_LIBRARY GSUFFIX_VERIFIED)
MARK_AS_ADVANCED(GSUFFIX_LIBRARY)
I have a Config.h file which includes various preprocessor conditionals based on the environment. The project has 2 targets. Via the preprocessor arguments, if the environment is the first target we may have BASE_URL = #"https://firsttarget.com/", whereas if the environment is the second target we may have BASE_URL = #"https://secondtarget.com/".
For legal purposes, if someone were to recompile the assembly, and go hunting to strings etc... we cannot have somebody finding the string #"https://firsttarget.com/" if they were looking into the binary for the second target app.
So my question is... are strings behind preprocessor conditionals removed during Archive if they are not relevant?
Sections in code between #ifdef and #endif (or #else) are not seen by the compiler unless the symbol given on the ifdef line is defined. You can easily show this by writing something that won't compile in such a section. And since the compiler doesn't see that code there is no way the value of that define can end up in the binary.
To see exactly what the compiler will work with you can select an implementation file in Xcode and chose "Product > Perform Action > Preprocess" from the menu. This will show you exactly what the compiler will work with. Of course there will also be the content from all the system .h files that are imported, so your code most likely is at the very end. Your #define lines will be stripped too, so to really check which strings will be used you need to chose a file that actually uses those macros.
And finally you can do the same thing an attacker might do - use the strings utility on the compiled binary and see what's in there. In Xcode build your app and select the "Show in Finder" option for your app bundle from the products group. There select "Show package contents" to open app your actual app bundle. The actual binary is in there with the same name as your bundle but no file extension. Then open a terminal window, type "strings " (that is the word strings followed by a space) and drag the binary on top of this. Then confirm with return. You will get a long list of every readable string from the binary (including every selector).
As the title stated, I want my compiler to fail when I include some header files; for example, <cmath>
Is that possible with just compiler flags? Or do I have to actually delete those headers?
#include <cmath> has nothing to do with any library, and everything to do with a header file. Assuming that you really do mean that you want compilation to fail if you include a particular header file, you should be able to leverage GCC's support for specifying include directories through environment variables.
To do so, create or edit an appropriate environment file. If you are using GNU bash on Debian, for example, you can create a file /etc/profile.d/gcc-include-dirs. Everything readable in /etc/profile.d is sourced when a shell is launched, so it will apply to all shells started after that point. (To be absolutely certain, you may want to log out and back in once, then issue env | grep INCLUDE to confirm.) Create such a file with your favorite editor and add the following to it:
export C_INCLUDE_PATH=/usr/local/include/fail:${C_INCLUDE_PATH}
export CPLUS_INCLUDE_PATH=/usr/local/include/fail:${CPLUS_INCLUDE_PATH}
Make sure the file is readable by everyone (chmod 644 /etc/profile/gcc-include-dirs) and that it is owned by root (chown root:root /etc/profile/gcc-include-dirs).
You can also put the file elsewhere and simply source it when needed, if you only need this behavior at specific times. In that case, logging out from the shell in question and logging back in will restore GCC's normal behavior (you don't need to log out from the entire session, just that particular shell instance). Starting a subshell and sourcing the file from within that subshell will also work nicely in that case; just exit when you are done.
Then create a file /usr/local/include/fail/cmath with the following content:
#error "Failing because you included 'cmath'"
Make sure that file too is readable by everyone and owned by root. #error and its evil twin #warning emit a fatal error and a compilation warning, respectively, so whenever this file gets included, GCC will encounter a #error preprocessor directive resulting in the emission of a fatal error which causes the compilation to fail.
If you want to override this behavior for a single compilation, simply use gcc's -I parameter to specify the path to the directory where the real math.h lives. Since -I takes precedence over $C_INCLUDE_PATH and $CPLUS_INCLUDE_PATH this means that you then include the C library's version. For example, cc -o mathprogram -I/usr/include mathprogram.c will use the math.h in /usr/include when you #include <math.h> regardless of what might be in /usr/local/include/fail, because it looks first in /usr/include.
Since this only affects compilation (and only compilation started through a shell), everything that is already on your system will be completely unaffected (unless they have some weird dependencies to those two environment variables).
For c* headers, you may need to also create the corresponding *.h header with content identical to the c* header. This is because e.g. cmath might simply map to math.h (the name of the same header in C). Simply make another file just like the one above, but complain about math.h instead. (GCC doesn't care, but it makes diagnostics easier.) You may also need to put files in other places (I'm not sure exactly what include directory structure GCC wants for C++ headers); in that case, find / -name cmath (or something similar) will give you an idea of the structure you need to replicate under /usr/local/include/fail.
Do note that this will not stop people simply copying the relevant parts of the header file into their own source code; there is nothing magical about the header files from the compiler's point of view. Depending on exactly what you are trying to protect against, this may be an issue.
What about simply using a pre-processor symbol to omit the library header(s)?
Compiling with the gcc option -DDONT_WANT_LIBS will fail due to the missing library declarations in the library header file.
#ifndef DONT_WANT_LIBS
#include<specific_library_header.h>
#endif
...
...
Could you advise me what is the difference between Debug and Release folders?
Thanks
Furqan
The debug folder usually contains your program compiled for debugging, that is there is additional information included, such as variable names, that help you find errors in the program.
The release folder contains your program without any of that. Just what is necessary for the program to run.
Just to be clear, the name of the folders in your question are virtually unlimited (not simply limited to debug and release). Right click on your solution and select Configuration Manager and you can add as many configurations as you would like. The name of the configuration is the name of the folder.
As Joshua wrote, usually, people use their debug config to include things like the .pdb file (which includes debugging symbols needed to get line numbers from errors, etc.). Release is normally cleaner. However, you can easily setup folders for x86 vs. x64 vs. any cpu.
If you have a solution with 10 different projects (not uncommon if you work on something of decent size) you might want to build certain projects together and others together. In this case, you should create additional configurations to support this so you can build a group simply by changing your active configuration.
In the end, the folders you mentioned contain whatever you specify in the configuration manager that they should contain.