如何检测&避免在第三方库中使用私有API [英] How to detect & avoid the use of private APIs in third party libraries

问题描述

既然Apple正在运行某种静态分析来自动检查私有API的使用，那么很多人都因为Three20库而被捕。我使用另一个第三方库（我自己从代码编译），我想在提交给Apple之前自动审核它以供私有API使用，所以我可以删除/重写那些部分。

Now that Apple is running some kind of static analysis to automatically check for private API use, a number of people have been caught because of the Three20 library. I use another third-party library (which I compile myself from code) and I would like to automatically audit it for private API use before I submit to Apple, so I can eliminate/re-write those parts.

如果我在我的应用程序可执行文件上运行 nm ，我会得到一个符号列表，我看到那里的符号我没有使用。例如，我看到_AudioServicesPlaySystemSound，如果我在XCode中搜索AudioServicesPlaySystemSound，我得不到任何结果。有没有办法自动区分对私有API的调用，例如我注意到Apple习惯用初始下划线命名它们。

If I run nm on my application executable, I get a list of symbols, and I am seeing symbols in there that I don't use. For example I see _AudioServicesPlaySystemSound, and if I search for "AudioServicesPlaySystemSound" in XCode I get no results. Is there any way to automatically discriminate calls to private APIs, for example I notice that Apple has a habit of naming them with an initial underscore.

但是：如果我故意包括调用私有API，它没有显示在 nm 的输出中，但如果我运行字符串关于二进制文件。基于此，我的一个想法是将所有私有API调用的巨大列表编译成一个巨大的表，并在字符串输出中自动搜索它们。我还没有这样做。

However: if I deliberately include a call to a private API it doesn't show up in the output of nm, but it does show up if I run strings on the binary. Based on this, one idea I had was to compile a huge list of all private API calls into a huge table, and automatically search for them in the strings output. I haven't done that yet.

有没有人有关于如何自动捕捉这些内容的任何提示，所以我只会进行一次审核过程？

Does anyone have any tips on how to automatically catch this stuff so I'm only going through the review process once?

推荐答案

您可以尝试在目标文件上运行nm而不是链接的可执行文件：

You could try running nm on the object files instead of the linked executable:

nm -g -j *.o  | sort | uniq

对象应该在 build /< app> .build中/ * /< app> .build / Objects-normal 子目录。

您看到对<$ c $的引用c> AudioServicesPlaySystemSound 因为您调用的其中一个函数依次调用 AudioServicesPlaySystemSound 。

You're seeing a reference to AudioServicesPlaySystemSound because one of the functions you did call in turn calls AudioServicesPlaySystemSound.

目标C调用通常不会出现在 nm 转储中，您需要使用 otool ：

Objective C calls won't generally show up in nm dumps, you'll need to use otool for that:

otool -ov <object file>

这篇关于如何检测&避免在第三方库中使用私有API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！