Giters

firebase / quickstart-ios

Firebase Quickstart Samples for iOS

Home Page:https://firebase.google.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Insecure IPC: Missing URL Validation

Sneha0523 opened this issue · comments

commented

Summary
The application fails to validate the calling URL in a URL-based Inter-Procedure Communication (IPC) call.

Explanation
When a third party application or webview uses a URL to communicate with your application, the receiving application should validate the calling URL before proceeding with further actions. The receiving application has the option to verify that it wants to open the calling URL using the UIApplicationDelegate application:didFinishLaunchingWithOptions: or UIApplicationDelegate application:willFinishLaunchingWithOptions: delegate methods.
The following implementation of the UIApplicationDelegate application:didFinishLaunchingWithOptions: delegate method fails to validate the calling URL and always processes the untrusted URL:

  • (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NS Dictionary *)launchOptions {
    return YES;
    }
    Best practices dictate that we should always validate the calling URL and verify it conforms to what your application expects, which may vary depending on the URL components and purpose.
Screenshot 2024-05-28 at 4 33 03 PM Screenshot 2024-05-28 at 2 55 17 PM Screenshot 2024-05-28 at 4 29 13 PM