在不推荐使用的NSURLConnectionDelegate上报告了MITM攻击 [英] MITM attack reported on deprecated NSURLConnectionDelegate

问题描述

我有一个Objective-C项目，其.ipa已通过此工具在线进行了测试: https://www. immuniweb.com/mobile

I have an Objective-C project whose .ipa was tested with this tool online: https://www.immuniweb.com/mobile

它报告我的应用程序存在高风险安全问题，指向NSURLConnectionDelegate协议中的canAuthenticateAgainstProtectionSpace.

It reports that my app has a high risk security issue, pointing to the canAuthenticateAgainstProtectionSpace in the NSURLConnectionDelegate protocol.

iOS 8.0版本以后已不推荐使用此方法.我的应用程序没有在任何地方直接使用它，我想苹果甚至不间接使用它，因为它已被弃用.

This method has been deprecated by iOS after 8.0 version. My app is not using it directly anywhere and I suppose this is not used by apple also even indirectly, since it is deprecated.

我在Objective-C项目中尝试了一个示例ipa(没有任何内容的新项目)，同样也遇到了同样的问题.但是对于支持Swift的示例ipa来说并没有出现.即使只是警告，除了仅支持Swift语言之外，还有其他方法可以解决吗?

I tried a sample ipa (new project with nothing in it) with Objective-C project and the same issue came for that as well. But it did not come for a sample ipa which supported Swift. Even if this is just a warning, is there a way to fix other than just supporting Swift language only?

推荐答案

该工具检测到定义NSURLConnectionDelegate协议的.h文件声明了canAuthenticateAgainstProtectionSpace函数.当然，这是可以预期的.

The tool has detected that the .h file that defines the NSURLConnectionDelegate protocol declares the canAuthenticateAgainstProtectionSpace function. This is, of course, to be expected.

对于该工具来说，报告该方法的实现而不是对它的声明

It would make more sense for the tool to report implementations of the method, not simply declarations of it

由于您尚未实施此方法，因此无需担心实施中的缺陷.

Since you haven’t implemented this method you don’t need to worry about flaws in your implementation.

至于解决这个问题...不使用该工具吗?基于此看来，它似乎不太好.

As for getting rid of the issue...Don’t use the tool? It doesn’t seem very good based on this.

是否可以选择不扫描.h文件?

Is there an option to tell it not to scan .h files?

这篇关于在不推荐使用的NSURLConnectionDelegate上报告了MITM攻击的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！