Security vulnerability flagging

#1

One of our static security code analysis tool is flagging following iOS code for “Path Manipulation” vulnerability.

  1. /cordova-plugin-ionic-webview/IONAssetHandler.m
    Code : 40. NSData * data = [[NSData alloc] initWithContentsOfFile:startPath];

  2. /CordovaLib/Classes/Public/CDVViewController.m
    Code : 168. self.configParser = [[NSXMLParser alloc] initWithContentsOfURL:url];

  3. /CordovaLib/Classes/Private/Plugins/CDVLocalStorage/CDVLocalStorage.m
    nCode : 291. BOOL ok = [appPlistDict writeToFile:appPlistPathatomically:YES];

  4. /CordovaLib/Classes/Private/Plugins/CDVLocalStorage/CDVLocalStorage.m
    Code : 285. NSMutableDictionary* appPlistDict = [NSMutableDictionary dictionaryWithContentsOfFile:appPlistPath];

    Code : 291. BOOL ok = [appPlistDict writeToFile:appPlistPath atomically:YES];

PLEASE HELP TO MITIGATE THIS important issue.