One of our static security code analysis tool is flagging following iOS code for “Path Manipulation” vulnerability.
-
/cordova-plugin-ionic-webview/IONAssetHandler.m
Code : 40. NSData * data = [[NSData alloc] initWithContentsOfFile:startPath]; -
/CordovaLib/Classes/Public/CDVViewController.m
Code : 168. self.configParser = [[NSXMLParser alloc] initWithContentsOfURL:url]; -
/CordovaLib/Classes/Private/Plugins/CDVLocalStorage/CDVLocalStorage.m
nCode : 291. BOOL ok = [appPlistDict writeToFile:appPlistPathatomically:YES]; -
/CordovaLib/Classes/Private/Plugins/CDVLocalStorage/CDVLocalStorage.m
Code : 285. NSMutableDictionary* appPlistDict = [NSMutableDictionary dictionaryWithContentsOfFile:appPlistPath];
…
Code : 291. BOOL ok = [appPlistDict writeToFile:appPlistPath atomically:YES];
PLEASE HELP TO MITIGATE THIS important issue.