The App may contain banned API(s). These API(s) are insecure and must not be used.

objectivec.code.ios_banned_api

Severity

high

Resource

Code

Language

Objective-C

Description

The App may contain banned API(s). These API(s) are insecure and must not be used.

Rationale

The App may contain banned API(s). These API(s) are insecure and must not be used.

The following code illustrates a vulnerable pattern detected by this rule:

void badStrcpy() {
    char dest[50];
    char src[] = "Hello";
    // VULNERABLE: The App may contain banned API(s). These API(s) are insecure and must not be used.
    strcpy(dest, src);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-676
OWASP Top 10 2021 - A06 : Vulnerable and Outdated Components.
https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/doc/uid/TP40002577-SW1