如何检测&避免在第三方库中使用私有API [英] How to detect & avoid the use of private APIs in third party libraries
问题描述
既然Apple正在运行某种静态分析来自动检查私有API的使用,那么很多人都因为Three20库而被捕。我使用另一个第三方库(我自己从代码编译),我想在提交给Apple之前自动审核它以供私有API使用,所以我可以删除/重写那些部分。
Now that Apple is running some kind of static analysis to automatically check for private API use, a number of people have been caught because of the Three20 library. I use another third-party library (which I compile myself from code) and I would like to automatically audit it for private API use before I submit to Apple, so I can eliminate/re-write those parts.
如果我在我的应用程序可执行文件上运行 nm
,我会得到一个符号列表,我看到那里的符号我没有使用。例如,我看到_AudioServicesPlaySystemSound,如果我在XCode中搜索AudioServicesPlaySystemSound,我得不到任何结果。有没有办法自动区分对私有API的调用,例如我注意到Apple习惯用初始下划线命名它们。
If I run nm
on my application executable, I get a list of symbols, and I am seeing symbols in there that I don't use. For example I see _AudioServicesPlaySystemSound, and if I search for "AudioServicesPlaySystemSound" in XCode I get no results. Is there any way to automatically discriminate calls to private APIs, for example I notice that Apple has a habit of naming them with an initial underscore.
但是:如果我故意包括调用私有API,它没有显示在 nm
的输出中,但如果我运行字符串$ c它会显示$ c>关于二进制文件。基于此,我的一个想法是将所有私有API调用的巨大列表编译成一个巨大的表,并在字符串输出中自动搜索它们。我还没有这样做。
However: if I deliberately include a call to a private API it doesn't show up in the output of nm
, but it does show up if I run strings
on the binary. Based on this, one idea I had was to compile a huge list of all private API calls into a huge table, and automatically search for them in the strings output. I haven't done that yet.
有没有人有关于如何自动捕捉这些内容的任何提示,所以我只会进行一次审核过程?
Does anyone have any tips on how to automatically catch this stuff so I'm only going through the review process once?
推荐答案
您可以尝试在目标文件上运行nm而不是链接的可执行文件:
You could try running nm on the object files instead of the linked executable:
nm -g -j *.o | sort | uniq
对象应该在 build /< app> .build中/ * /< app> .build / Objects-normal
子目录。
您看到对<$ c $的引用c> AudioServicesPlaySystemSound 因为您调用的其中一个函数依次调用 AudioServicesPlaySystemSound
。
You're seeing a reference to AudioServicesPlaySystemSound
because one of the functions you did call in turn calls AudioServicesPlaySystemSound
.
目标C调用通常不会出现在 nm
转储中,您需要使用 otool
:
Objective C calls won't generally show up in nm
dumps, you'll need to use otool
for that:
otool -ov <object file>
这篇关于如何检测&避免在第三方库中使用私有API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!