Comments (1)
thomasvl
commented on July 4, 2024
The stat seems to be the tool not realizing an import of a header isn't the same an actual call to the function the the same name.
Four of the strlen flaggings are in the unittests for this library, not within the library itself.
The strlen within GTMSessionFetcher.m is some code wrapped in an #if DEBUG, and is on a c-string, so it is correct/valid, and there is no other way to do that (short of hand writing the strlen, which isn't any safer).
The strlen within GTMSessionFetcherLogging.m is some logging code, so it has to be enabled to be active. This maybe could be tweaks to use some other Foundation apis to get the length along with the UTF-8 conversion, but the call itself is safe as is. If someone wants to submit a patch for that change in approach, that would be fine.
from gtm-session-fetcher.
Related Issues (20)
- If allow insecure request we don't need check security HOT 1
- Fetch
- _GTMBridgeAssertValidSelector build failure (GTMSessionFetcher 1.6.0) HOT 8
- [GTMSessionFetcherService] Allow decorating HTTP headers per request HOT 4
- Static Analysis nullability warning from Xcode 13.1
- `GTMFetcherAuthorizationProtocol` cannot be implemented in Swift
- Improve async/await support HOT 2
- Critical Severity Risk - Insecure Transport: Weak SSL Protocol HOT 1
- Critical Severity Risk - Privacy Violation HOT 1
- High Severity Risk - Insecure Storage: HTTP Response Cache Leak HOT 1
- GTMFetcherStandardUserAgentString() is slow
- -[GTMSessionFetcherServiceTest testThreadingStress] is flaky HOT 1
- Concurrency issue in GTMFetcherCleanedUserAgentString()
- iOS 17 New required reason API HOT 9
- ios17 incompatibility with Pod (flutter) HOT 19
- Funtouch 14 Version HOT 1
- -[GTMSessionFetcherServiceTest testMultipleDecoratorsSynchronous] fails when run alone
- -[GTMSessionFetcherFetchingTest testFetcherRedirectURLHandling] fails on macOS 14.2.1
- Warning - Signing requires a development team HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gtm-session-fetcher.